In my earlier post on Enterprise Risk Management (ERM), I highlighted the recommended internal structure that companies should adopt to ensure this practice is most effective.

In this post, I will be using Saudi Arabia as an example, as it has made notable advancements in ERM.

In Saudi Arabia several companies have adopted risk management practices and are considered to be advanced in the application of Enterprise Risk Management (ERM). The Regulators of the Financial Sector in the Kingdom of Saudi Arabia, such as the Saudi Arabian Monetary Agency and Capital Markets Authority, are one step ahead, and are constantly bringing their regulatory regimes up to par with those of the USA, UK, Eurozone, and other jurisdictions.

This has led to the introduction of global regulations, e.g. Basel II, Basel III regulations for banks and prudential regulations for investment banks (Authorised persons) and insurance companies and now introducing Laws to regulate financing companies. Banks have started graduating from basic risk management framework of Standardised Approach to more sophisticated framework such as Internal Ratings Based (IRB) Approach, which requires them to design and build advanced risk management systems to capture key risk management parameters. This has required top management of banks to fully understand their business, associated risks before taking business decisions. Also, another qualitative change we are witness is that many boards and executive management have started developing formal risk appetite statements which demonstrate their risk taking abilities in a clear and transparent manner.

Another dimension that is stimulating the uptake of enterprise risk management within some of the large companies is their alliances with other multi-nationals through Joint Ventures and partnerships. These multi-nationals are bringing about their well-developed risk management practices to their Saudi partners and are helping in that sense expedite the process of evolving these ERM practices.

There is evidence that risk management knowledge is starting to trickle down onto middle and small companies. Whilst this may not take the typical shape of an enterprise risk management program, it is manifesting itself through organizations developing internal audit and compliance capabilities.

Whatever the size of the company, the practice of ERM is gaining momentum across the region. Companies should be taking steps to plan ahead for the unforeseen, especially financial institutions.

By Hani Mounir Khoury
Enterprise risk services partner at Deloitte Middle East