Enterprise risk management plan

Enterprise risk management plan

Students will revisit the same fact based scenario that was the basis of Coursework 2 and are asked to develop an enterprise risk management plan that draws upon project management skill sets examined in this course to offer a practical solution to the problem at hand. This Coursework 3 will emphasize the ability to offer sound practical solutions to enterprise threatening issues in legal governance, risk management and compliance. The work to be produced is to be of 2000 words in length and requires an element of independent study and critical analysis.

Recall that as in Coursework 2, you are the in-house lawyer for a UK based telecommunications company with branch offices all over the EU.

For Coursework 3, assume the following:

• You continue to be the in-house lawyer for a UK based telecommunications company, Cyphus1. PLC, with EU branch offices. You are now dual-hatted and have taken on the role of an enterprise risk manager.
• Cyphus has 200 employees in the UK and Europe.
• Cyphus has no US employees, but is growing and plans to expand into the US market in the immediate future. Cyphus will likely be publicly traded in the US and you should assimilate this into your plan.
• The Cyphus directors are based in the UK, EU and US. The senior management are primarily in the UK, but travel regularly to the EU. The sales teams travel globally and look for new business opportunities all over the world, including in Asia, North America and South America.
• Your existing and potential customers are individuals, businesses and government entities.

Currently, there are no major legal, compliance or risk issues pending for Cyphus. As the new enterprise risk manager, your first key project will be to develop an enterprise risk management plan to ensure Cyphus has a robust risk and compliance approach, taking into account legal governance best practice. Recall that the enterprise risk management plan is one component of the overall corporate governance structure.

To assist with the development of the enterprise risk management plan, the following outline can be used. Note: The headings and text provided will not form part of the 2000 required words.

1. Effectiveness

[You are drafting the plan, but how does it become effective?]

2. Business & Operating Model
[The facts given above are taken as read.]

3. Governance Structure
[The course has covered corporate governance structure at length. What does your company’s governance structure comprise? Is there accountability by directors and senior management? How is this demonstrated?]

4. Risk Assessment / Key Risks
Considering the facts that have been presented, what are the key risk areas for your business? This should be a high level identification of the most significant business risks.

A. Sarbanes Oxley and Dodd-Frank. [This was a key topic in the course. Assume that Cyphus will be fully compliant with these US rules (and mirror rules in the UK and EU). Consider fully the implications for Cyphus.]
B. FCPA and the Bribery Act. [Again, this was a key topic in the course. There will be risks to Cyphus given the business activities in the facts.]
C. Business Risks
D. Operational Risks
E. Financial Risks
F. Legal & Regulatory Risks.

[Hint: you should not drill down to detailed risk scenarios, of which there will be dozens. This is the framework and you should think of the high level risks to the business.]

5. Risk Appetite & Mitigation of Risk

[The risk appetite of the firm defines the acceptable level and nature of risks to which the firm is exposed. Thinking about the risks identified above, how will the risks be mitigated? How will the acceptable level of risk be measured? What type of assessment will you carry out? How will the company score risks?]

6. Application of Risk to the Company within the Risk Universe

What conclusions do you draw once the potential risks are identified and mitigated as much as possible? Are there unacceptable risks remaining? What do you state about this in the plan?

7. Manner / Evidence of Risk Assessment
How will the company ensure the risk framework is followed?

8. Policy and Plan Review

[A company’s enterprise risk plan is a live document, not static. What is your position on future reviews to ensure the plan remains relevant and current?]