Suzanne Walraven recently started as Risk & Compliance expert in the role of consultant at one of our clients. She wrote a blog about her work and about the main themes and biggest opportunities within risk and compliance.
"Good risk management is not just about identifying risks and avoiding all risks, but rather identifying opportunities such as digitization and robotization."
After completing my Master's degree in Law at Utrecht University, I started working as a corporate lawyer. I was soon asked - in addition to my role as a corporate lawyer - to assist in setting up and testing internal control measures related to financial reporting in order to demonstrate that the figures in the financial statements give a true and fair view of reality (SOx compliant, or in-control statement). My interest in risk management and internal control then arose and I started to specialize further in this field by fulfilling different roles (including SOx specialist, internal operational auditor, risk & compliance consultant).
Having spent the last 17 years in many different roles at large companies within the fields of audit, risk and compliance, the choice for ARC People was an easy one. As a consultant at ARC People, I get the opportunity to share my knowledge and experience by working for different clients and at the same time further develop the company in the field of risk and compliance. My first assignment was immediately ready and I started immediately at my first client, a major player in the field of area development, where I will support the Compliance team.
Since I started working in 2003, and the Dutch Corporate Governance Code and the Sarbanes-Oxley Act were introduced, companies (including non-listed ones) have been working hard to implement good corporate governance and risk management.
As a company, you must constantly look ahead and ensure that you remain sufficiently in-control with the right balance between managing risks and identifying or implementing control measures. Risk management is not only about identifying risks, but also about identifying opportunities (e.g. digitalization, robotization).
The challenges I encounter include lack of adequate risk & control frameworks, risk management tool, risk aware culture, dashboard, not being able to demonstrate the operation of control measures, unclear roles and responsibilities, risk management not integrated into work processes.
Good risk management is not just about identifying risks and avoiding all risks, but rather identifying opportunities (e.g., digitization, robotization). It is a continuous management process: what risks is the organization willing to take and how can we control and mitigate those risks? In doing so, management is responsible for achieving and monitoring the objectives at realistic costs and that they are realized with a high degree of probability.
Implementing or professionalizing a risk management process. The starting point is an integrated approach to risks to which an organization is or may be exposed in the future. Risks come in all shapes and sizes: strategic risks, operational risks, financial risks and risks of non-compliance with laws and regulations. Common risk themes include: cyber security and data privacy, changes in laws and regulations, market developments, climate change, business continuity, attracting and retaining the right people, reputational damage.
In the Three Lines model, the domains of audit, risk and compliance are strongly linked. Sometimes they depend on each other, but they can certainly reinforce each other. The common denominators are in the areas of knowledge and risk thinking. Within the financial sector, audit, risk and compliance should be strictly separated, but outside I see a lot of the functions being combined for efficiency reasons. I see more and more risk and compliance committees in which all three domains are represented. In my work I have to deal with both audit and risk and compliance; because of my experience I can think along at all levels. That is a great advantage, because in organizations where the three domains have developed strongly, the challenge has arisen precisely how the various functions can best be aligned.
The team of ARC People consists of nice enthusiastic colleagues with a lot of professional knowledge. Because everyone has their own expertise, we can help and strengthen each other. And because of ARC People's impressive network, they can offer me interesting assignments. I also get to help build the company, which I really enjoy!
Wondering what Suzanne or one of her colleagues can do for your organization? Take a look at the overview of our services >