RM is one of the tasks of the board of directors that cannot be delegated, according to the law (see legal basis).
It is essentially a question of:

• The identification of the relevant risks that jeopardise the existence of the company.
• The assessment of the risks.
• The management of the risks.
• The monitoring of the risks.

As it is a strategic task of the company, RM deals with a future-oriented approach to the risks of a company. This means that the risk analysis deals not only with the aspect of an existing risk (loss), but also with promising business opportunities for the future.

One of the biggest dangers for a company is to miss out on a market development / innovation because of fear of the risks that a new business area entails. This leads to a loss of competitiveness and the company is driven out of the market.
Thus, RM is both risk and opportunity management at the same time!

The two tasks are complementary. Whilst the ICS deals with everyday activities (operations / finances) and guarantees quality, security and compliance with the law here, RM is forward-looking at a strategic level. To a certain extent, the findings and decisions of RM are integrated in the ICS during implementation (management of risks). Continuous monitoring of the risks by RM forms a perfect bridge to the ICS.

The complementary character of the two systems is reflected in the fact that the auditors’ report in accordance with the Swiss Code of Obligations, annexed to the Annual Report, has to comment on the performance of a risk assessment (risk management) and the configuration of the ICS, as a potential consequence of the risk assessment.

During the consultations on the revision of the Swiss Code of Obligations in the Councils, the Member of the Federal Council Mr. Blocher was asked about this at the session of the Council of States on 1st December 2005 by the Member of the Council of States Mr Inderkum.

Reply of Mr Blocher:

Quotation:

“A date for the meeting and the statement that the risks were discussed is, of course, not sufficient as information on the performance of a risk assessment: that is too little. The law expects a content-related analysis of the company’s risks; it is possible to check whether that is available.”

If there is no RM, the auditors must mention this in their report. This may lead to a reduction in the company’s credit rating (insurance companies / banks). In the event of a claim (insolvency, heavy losses, damage to the environment etc.), there may also be increased liability claims against the company by shareholders, employees and other stakeholders. There may also be penal consequences for the company and its management bodies (fines).

Legal basis:

Art. 663b 12. of the Swiss Code of Obligations governs the obligation to compile a risk report. The auditors must formally check this and comment on it in the appendix of the Annual Report.

• 50 employees (full time positions on average)
• 20 million turnover
• 10 million balance sheet total

The assessment of the risks is one of the Board of Directors’ tasks that cannot be delegated.
As of 1st January 2008, the implementation of RM is compulsory for companies that are subject to the obligation of regular auditing (e.g. in the event of a stock exchange listing or if regulated by statute) and which satisfy the aforementioned requirements.
The auditors must formally check the presence of RM (not the contents) (documentation, measures). The Board of Directors is responsible for the accuracy and the quality of the RM.

Assuming that the professional requirements are met, there is still the question of the necessary independence. To outsiders, the credibility of a report / an assessment is always viewed with scepticism if it is audited by practically the same body. This lacks credibility and considerably diminishes the effect on outsiders.

Here too the question of independence arises, quite justifiably. Professional risk management incorporates the business relationships and the associated risks to services / products of banks and insurance companies. Unfavourable findings could lead to not insignificant conflicts of interest.

The objective of risk management is to determine all the potential situations which may prevent the achievement of the strategic objectives and to manage the risks cost-effectively with targeted action plans (avoid – transfer – finance).
We offer RM in cooperation with independent partners. This has important advantages:

• No conflicts of interest with the broker mandate (potential loss of broker’s commission).
• Tried-and-tested methods and system of our RM product.
• Many years of experience in the implementation and support of RM systems at companies from a wide variety of industries and of different sizes.
• Widespread network of experts (freelancers) with specific industry know-how.
• Relief of the board of directors and the management board from responsibility in the performance of this compulsory task.
• We accompany the risk management process with our risk management specialists. This enables us to gain an in-depth and solid insight into the risk landscape of your company. We also find out, on a sound basis, how ready the company management is to take risks. This gives us decisive information for the risk financing solution or the correctly proportioned insurance solutions.
• We guarantee you the fulfilment of the standard required by law for RM. In the near future, this may be defined by the new ISO standard 31000 (in the pipeline).

Companies that have undergone the elaborate processes of an ISO certification, in order to be recognised nationally or internationally as business partners, are increasingly being confronted by questions about the availability of a professional ICS / RM.

The assessment of the stability and reliability of the business partner is often based on this.
The “International Organisation for Standardization” (ISO) recognised the importance of RM years ago and has been working on the corresponding standard for some time – ISO 31000.

Characteristics of ISO 31000. The forthcoming ISO standard on risk management – an approach

• that includes both risk and opportunity management.
• that can be applied to all types of risk.
• that can be applied to all the (corporate) forms of organisation, irrespective of their type, their size, their activities and their local environment.
• that is also stakeholder-oriented through the parallel process “Communicate and Consult”.
• that provides an important interface to the ICS through the parallel process “Monitor and Review”.
• that honours the requirements of an integrated risk management concept.
• that is forward-looking.

The publication of the new ISO standard 31000 is expected in the next 12 – 24 months.
Our RM programme already meets all the requirements of the planned ISO standard 31000. Thus, our RM programme can continue to be integrated into companies’ certification concepts in the future without any problems.