SELF-ASSESSMENT/SELF-RISK

MANAGEMENT:
APPROACHING ENTERPRISE RISK MANAGEMENT (ERM) FROM A DIFFERENT
ANGLE
IN TODAY’S FINANCIAL CLIMATE, IT IS INEVITABLE THAT PEOPLE, SYSTEMS AND PROCESSES WILL FAIL, AND
EXTERNAL EVENTS WILL OCCUR!
BUT THE FREQUENCY AND IMPACT OF THESE OPERATIONAL RISK ITEMS AND ITS EFFECT ON YOUR BUSINESS CAN
BE CONTROLLED AND KEPT AT APPROPRIATE LEVELS THROUGH A ‘BOTTOM-UP’ FEEDBACK CONCEPT – SELF-
ASSESSMENT/SELF-RISK MANAGEMENT.

INTRODUCTION
The theory of Self-Assessment or Self-Risk Management is not new. In actual fact, it was born
as far back as the early 80’s when many auditors began considering the need to expand
control evaluation beyond the scope of traditional audits. However, it was not until the advent
of Basel I in the late 80’s (seeing the need to enhance and extend the conventional audit
function under a wholly ERM structure) that this approach was re-born. Quite simply, Basel
regulators realized that the conventional audit approach did not adequately address a whole
new range of business risks created by numerous global economic and financial changes.

WHAT IS SELF ASSESSMENT

Self Assessment is a dynamic, interactive process in which self-monitoring teams identify
three things:
a. The ongoing challenges of meeting your business objectives.
b. The adequacy of controls to deal with these challenges
c. The mitigation measures needed to address identified risks.
In so doing, these teams learn, develop, innovate and adapt to meet the needs of their
internal and external stakeholders by integrating risk management, team learning, change
and adaptation to help achieve the organization’s overall business objectives.

BUSINESS UNITS AND SELF-ASSESSMENT

RESPONSIBILITY AND ACCOUNTABILITY COME WITH OWNERSHIP.

In the past, the traditional concept of risk controls created “orphans,” as the ownership of new
or undefined risks was continuously challenged. Thus, the financial group was deemed
responsible for controls, even though it was not accountable and the debate over ownership
naturally became especially intense when things went wrong. Management committees were
burdened in the constant need to know why controls had broken down, whether the
organization had a sound control framework model at the business unit level and whether risk
was being adequately managed.
Self-Assessments (SA) provide a decentralized approach, and are a better way of collecting
the comprehensive information that Management committees need to make informed
decisions. Moreover, SA’s do not create control orphans, as business units become
responsible for addressing their business risks overall, rather than adhere to risk control
mechanisms in an ad hoc fashion.
Organizations that encourage risk identification and ownership of controls at the business-unit
level enable the continuous – not static – monitoring of risk mitigation processes through the
early identification of emerging risk. And by identifying their own unit’s strengths and
weaknesses, the owners can assess the impact of certain risks synonymous with their
functions.

BRINGING IT HOME – ZENITH BANK

Self Assessment is the mainstay of Operational Risk Management. As we implement our ERM
Framework, the major incentive to Self Assessment is the safeguard it provides Risk Owners
to be able to deal with their risk issues and/or gain opportunities before other stakeholders do.
The cost of risks being pointed out or discovered by Internal or External Examiners may be too
enormous and too late!

OTHER STAKEHOLDERS AND SELF-ASSESSMENT

SA benefits different stakeholders:
For Auditors - it improves audit productivity and effectiveness, and provides an early
warning system for detecting breakdowns in control.
For Boards of Directors and Senior Executives - SA provides the timely diagnosis of risk
and control, a reliable feedback system and an early warning system about matters that will
require swift action.
For Operations and Management Teams - SA creates a forum for sharing key issues and
risks, fosters an understanding of accountability and responsibilities, and gives teams a voice
in addressing issues and concerns about risk in their areas.

The most value-driven element of SA’s (which is also its prominent feature) is its ability to
identify potential future risk. Self Assessment adds a further dimension by looking to the
future and anticipating upcoming risks that may arise from growth, the launch of new
products, marketing strategies and even technology. SA looks to the future by forcing the
organization to prepare for contingencies.

MAJOR BENEFITS OF A CONTROL SELF-ASSESSMENT

There are numerous benefits that can be derived by successfully implementing an effective
SA program. The major benefits include the following:

 Empowers employees and increases accountability.

 Acts as a bottom-up feedback mechanism
 Provides employees with a better understanding of business risks.
 Identifies important issues faster.
 Help organizations to be pro-active
 Provides employees with a broader Enterprise-wide perspective
 ARE SELF-ASSESSMENTS WIDELY ADOPTED?
Despite the advantages of SA’s, organizations have been slow to adopt it. There are a
number of reasons why:
• The corporate culture may not be tolerant. An attitude more prevalent in organizations
under stress.
• There may be an unwillingness to share information, or the level of trust required to
deal with sensitive issues may be inadequate.
• Corporate cultures that link internal auditing with compliance or watchdog issues have
greater difficulty in adapting to the new approach compared to organizations that
embrace the knowledge and best-practice approach.
• There is insufficient understanding of how SA facilitates changes in an organization and
creates a common understanding of risks.

For these reasons, it is important that organizations make their expectations clearly
understood and that the Enterprise Risk Management (ERM) structure is well defined. It is
also important to communicate to all stakeholders that this new definition of ERM puts a
greater emphasis on risk management in the hands of Business owners.

CONCLUSION
The role of Self Assessment/Self-Risk Management is significant as organizations continue to
adapt to the realities of the new economy. The need for this approach has not only changed
the profile of Business owners (units), which now see the need to understand the corporation’s
business and risk management issues, but also the need to adopt industry’s best practices.

And as more and more corporations continue to recognize these benefits; choosing to adopt
and implement it would unleash and maximize its ultimate benefit – enlightened Risk
Management.

Culture & Communication Team Risk management department

This publication is strictly for information purposes only. Zenith Bank Plc and its employees make no representation as to the
accuracy and completeness of the information contained in this publication. Therefore we accept no liability for any loss that may
arise from the use of such information.