Skip to main content

This is the second article of a risk management series and covers 10 steps for successful risk management. The first article Eight Steps to Establish a Firm Risk Management Program highlighted the benefits and steps of establishing risk management program and the third will focus on business continuity planning and risk mitigation strategies. The articles are a result of discussions at recent IFAC SMP Committee meetings, which involves practitioners from around the world sharing their perspectives and insights and material included in the Guide to Practice Management for Small- and Medium-Sized Practices, which includes a whole module on risk management, including professionalism and ethics, client engagement, quality control and business continuity planning and disaster recovery.

Ten key steps include:

1.     Start with a Quality Recruitment Process

The firm recruitment process should attract high-caliber employees who are trustworthy and honest and  have the technical abilities required. Attention should also be focused on “soft skills” including good communication skills and the capability to work in a team, which supports high-performing practices. The references of short-listed applicants should be screened and checked, with any job offer conditional upon satisfactory validation of academic, professional, and reference records.

2.     Ensure that Employees are Properly Trained

Good training programs provides employees with the adequate technical, communication and other initial important skills. It should show them how to deliver high-quality work, describe essential communication skills and reinforce the need for a professional approach in their dealings with clients and team members. The PM Guide includes a whole module ‘People Power: Developing a People Strategy’, which covers leadership, managing and retaining employees, recognition, training and development.

3.     Do not Delegate Tasks beyond Capability Levels

Delegation is essential to allow for the continued growth of the firm. Good delegation will see that tasks are only delegated to employees capable of handling them. Effective delegation will stretch each employee’s professional skills slightly; the partner or manager must guide the employee through the new or unfamiliar aspects of that work.

4.     Ensure that Employees are Aware of Systems and Standard Procedures

Without proper systems in place, the team might not have clear and concise guidelines to work within. In turn, this could lead to the firm risking its professional reputation and losing the confidence of clients. The systems and procedures are an integral part the firm’s approach to quality management.

5.     Have a Procedure to Identify Weaknesses or Problems with Systems

Each member of the team should look for any deficiencies in systems. Once a deficiency, weakness or problem is identified, it should be reported to the firm manager or the relevant partner to be addressed and resolved.

6.     Employ Proper Review Processes

There should be an established process to review all completed tasks. This is just as essential for senior employees and partners as it is for intermediate and graduate employees. Everyone makes mistakes, and the best way of avoiding any problems which may arise is to have a review system in place. This allows for a second pair of eyes to go over all the work, identify mistakes and correct them prior to incorrect material leaving the office.

7.     Maintain an Adequate Spread in the Fee Base

Identify the firm’s “ideal client.” They might be one who uses a broad range of the firm’s services, is not fee resistant and is enjoyable to work for. The firm should be built around these clients.

Every firm will have its larger clients. It should, however, be careful to resist letting a single client or a small group of clients dominate the fee base because if they leave for any reason the firm may be exposed. Where a single client dominates the client base, there is also the risk that the employees might be unreasonably influenced by the demands of that client.

8.     Have Adequate Insurance

The principles outlined above are all forms of insurance against accidents. However, the firm will also need to have formal commercial insurance policies in place for protection. The risks are many, for example, an office fire or a professional indemnity claim against the firm. The premiums offer some protection, but they do not cover the firm against all possible losses. While it is simple to say that the best form of protection is to avoid the problem in the first place, it is still prudent to have insurance policies in place.

9.     Back up Technology and Records

The need for proper technology and records back-up procedures is critical. For example, consider a complete back-up server for the main files, or cloud back-up options. Frequent back-ups of data must be made and a copy kept off-site. Periodically, run a recovery test to see what happens and check what would happen if the firm needed to restore or replace a file server or key piece of equipment. For further details see ‘Developing A Technology Strategy’.

10.   Be Fully Aware of Privacy and Client Confidentiality Guidelines

Finally, professional training puts great store in the need to maintain confidentiality about business information. Complying with both the spirit and the letter of the various requirements (ethical and/or legal) for client confidentiality and security of private information is now a fact of business life. Make sure the team is aware of the high duty of care that is required.

Monica Foerster


Partner at Confidor, Chair of IFAC's SMP Advisory Group

Monica Foerster became Chair of the IFAC SMP Advisory Group (SMPAG) in 2017, after serving as its Deputy Chair. A SMPAG member since 2014, she was nominated by Conselho Federal de Contabilidade (CFC) and Instituto dos Auditores Independentes do Brasil (IBRACON). With 20 years of experience in the accountancy profession, Ms. Foerster is a partner at Confidor, an accounting, tax, and law firm with offices in Porto Alegre and São Paulo, Brazil.

Monica is currently a member of the Board of Directors of Ibracon Brazil (where she was the SMP Director and coordinator of the SMP Working Group for 6 years), and a board member at the Accounting Council (where she was also the coordinator of the Committee of Audit Studies (CRCRS) for 4 years. 

Monica holds an MBA in financial management, controllership and audit from the FGV – Fundação Getúlio Vargas, Brazil, and a degree in accounting from the Universidade Federal do Rio Grande do Sul – UFRGS, Brazil. 

Christopher Arnold


Christopher Arnold is a Director at the International Federation of Accountants (IFAC). He leads activities on contributing to and promoting the development, adoption and implementation of high-quality international standards, including the Member Compliance Program, Intellectual Property and Translations. Christopher is also responsible for IFAC’s SME (small- and medium-sized entities), SMP (small- and medium-sized practices) and research initiatives, which include developing thought leadership, public policy and advocacy. He was previously an Audit Manager for Deloitte and qualified as a professional accountant in a mid-tier accountancy practice in London (now called PKF-Littlejohn LLP). Christopher started his career as a Small Business Policy Adviser at the Association of Chartered Certified Accountants (ACCA).