One of the leading Manufacturing firms in the United Arab Emirate aimed to improve its Risk Management practices. Aldar was asked to help in implementing a comprehensive ERM system and conduct a Risk Based Internal Audit methodology. The assignment included conducting risk assessment workshops for all business units and developing/reviewing the Delegation of Authority (DOA) matrices.
- CAREweb GRC was implemented and training (formal and on the job) was provided to the team.
- CRSA workshops were conducted for all business units in order to
– Identify and assess potential risks that might have negatively impact on the business units’ objectives
– Evaluate the strength of controls in mitigating these risks
– Identify weaknesses (uncontrolled risks)
– Agree on the remedial actions needed to overcome these weaknesses
- Self-assessment compliance tests were developed for the business unit managers to periodically verify whether controls are working as intended.
- Worked with Senior Management to build the “Corporate Risk” Profile (risks that can impact on the organization as a whole).
- Internal Audit visits were conducted to independently verify whether the agreed remedial actions were properly implemented and whether the identified Key controls are working as intended.
- Reviewed all Delegation of Authority (DOA) Matrices.
- Several weaknesses in the control environment and opportunities for improving processes were identified and implemented.
- The risk assessment exercise and our recommended 3 lines of defense methodology lead to significant improvements in the control environment.
- Periodical reports are now being produced on the status of the control environment.