Ten Steps to Successful Firm Risk Management

Monica Foerster, Christopher Arnold | August 12, 2019

This is the second article of a risk management series and covers 10 steps for successful risk management. The first article Eight Steps to Establish a Firm Risk Management Program highlighted the benefits and steps of establishing risk management program and the third will focus on business continuity planning and risk mitigation strategies. The articles are a result of discussions at recent IFAC SMP Committee meetings, which involves practitioners from around the world sharing their perspectives and insights and material included in the Guide to Practice Management for Small- and Medium-Sized Practices, which includes a whole module on risk management, including professionalism and ethics, client engagement, quality control and business continuity planning and disaster recovery.

Ten key steps include:

1.     Start with a Quality Recruitment Process

The firm recruitment process should attract high-caliber employees who are trustworthy and honest and  have the technical abilities required. Attention should also be focused on “soft skills” including good communication skills and the capability to work in a team, which supports high-performing practices. The references of short-listed applicants should be screened and checked, with any job offer conditional upon satisfactory validation of academic, professional, and reference records.

2.     Ensure that Employees are Properly Trained

Good training programs provides employees with the adequate technical, communication and other initial important skills. It should show them how to deliver high-quality work, describe essential communication skills and reinforce the need for a professional approach in their dealings with clients and team members. The PM Guide includes a whole module ‘People Power: Developing a People Strategy’, which covers leadership, managing and retaining employees, recognition, training and development.

3.     Do not Delegate Tasks beyond Capability Levels

Delegation is essential to allow for the continued growth of the firm. Good delegation will see that tasks are only delegated to employees capable of handling them. Effective delegation will stretch each employee’s professional skills slightly; the partner or manager must guide the employee through the new or unfamiliar aspects of that work.

4.     Ensure that Employees are Aware of Systems and Standard Procedures

Without proper systems in place, the team might not have clear and concise guidelines to work within. In turn, this could lead to the firm risking its professional reputation and losing the confidence of clients. The systems and procedures are an integral part the firm’s approach to quality management.

5.     Have a Procedure to Identify Weaknesses or Problems with Systems

Each member of the team should look for any deficiencies in systems. Once a deficiency, weakness or problem is identified, it should be reported to the firm manager or the relevant partner to be addressed and resolved.

6.     Employ Proper Review Processes

There should be an established process to review all completed tasks. This is just as essential for senior employees and partners as it is for intermediate and graduate employees. Everyone makes mistakes, and the best way of avoiding any problems which may arise is to have a review system in place. This allows for a second pair of eyes to go over all the work, identify mistakes and correct them prior to incorrect material leaving the office.

7.     Maintain an Adequate Spread in the Fee Base

Identify the firm’s “ideal client.” They might be one who uses a broad range of the firm’s services, is not fee resistant and is enjoyable to work for. The firm should be built around these clients.

Every firm will have its larger clients. It should, however, be careful to resist letting a single client or a small group of clients dominate the fee base because if they leave for any reason the firm may be exposed. Where a single client dominates the client base, there is also the risk that the employees might be unreasonably influenced by the demands of that client.

8.     Have Adequate Insurance

The principles outlined above are all forms of insurance against accidents. However, the firm will also need to have formal commercial insurance policies in place for protection. The risks are many, for example, an office fire or a professional indemnity claim against the firm. The premiums offer some protection, but they do not cover the firm against all possible losses. While it is simple to say that the best form of protection is to avoid the problem in the first place, it is still prudent to have insurance policies in place.

9.     Back up Technology and Records

The need for proper technology and records back-up procedures is critical. For example, consider a complete back-up server for the main files, or cloud back-up options. Frequent back-ups of data must be made and a copy kept off-site. Periodically, run a recovery test to see what happens and check what would happen if the firm needed to restore or replace a file server or key piece of equipment. For further details see ‘Developing A Technology Strategy’.

10.   Be Fully Aware of Privacy and Client Confidentiality Guidelines

Finally, professional training puts great store in the need to maintain confidentiality about business information. Complying with both the spirit and the letter of the various requirements (ethical and/or legal) for client confidentiality and security of private information is now a fact of business life. Make sure the team is aware of the high duty of care that is required.


Placeholder image

Monica Foerster

Chair

Monica Foerster became Chair of the IFAC Small and Medium Practices Committee in 2017, after serving as its Deputy Chair. A committee member since 2014, she was nominated by Conselho Federal de Contabilidade (CFC) and Instituto dos Auditores Independentes do Brasil (IBRACON).With 20 years of experience in the accountancy profession, Ms. Foerster is a partner at Confidor, an accounting, tax, and law firm with offices in Porto Alegre and São Paulo, Brazil. She is also the SMP Director of the Brazil Ibracon and coordinator of the SMP Working Group at Ibracon. She is the coordinator of the Committee of Audit Studies (“Comissão de Estudos de Auditoria”) from the Accounting Council (CRCRS).She holds an MBA in financial management, controllership and audit from the FGV – Fundação Getúlio Vargas, Brazil, and a degree in accounting from the Universidade Federal do Rio Grande do Sul – UFRGS, Brazil. See more by Monica Foerster

Christopher Arnold

Head of SME/SMP and Research, IFAC

Christopher Arnold is the head of SME/SMP and Research at IFAC. He was previously an Audit Manager for Deloitte and qualified as an accountant in a mid-tier accountancy practice in London (now called PKF-Littlejohn). Christopher started his career as a Small Business Policy Adviser at the Association of Chartered Certified Accountants (ACCA). See more by Christopher Arnold

Thank you for your interest in our publications. These valuable works are the product of substantial time, effort and resources, which you acknowledge by accepting the following terms of use. You may not reproduce, store, transmit in any form or by any means, with the exception of non-commercial use (e.g., professional and personal reference and research work), translate, modify or create derivative works or adaptations based on such publications, or any part thereof, without the prior written permission of IFAC.

Our reproduction and translation policies, as well as our online permission request and inquiry system, are accessible on the Permissions Information web page.

For additional information, please read our website Terms of Use. ALL RIGHTS RESERVED.