Manufacturing

Challenge

One of the leading Manufacturing firms in the United Arab Emirate aimed to improve its Risk Management practices.  Aldar was asked to help in implementing a comprehensive ERM system and conduct a Risk Based Internal Audit methodology. The assignment included conducting risk assessment workshops for all business units and developing/reviewing the Delegation of Authority (DOA) matrices.

Approach

  • CAREweb GRC was implemented and training (formal and on the job) was provided to the team.
  • CRSA workshops were conducted for all business units in order to
    – Identify and assess potential risks that might have negatively impact on the business units’ objectives
    – Evaluate the strength of controls in mitigating these risks
    – Identify weaknesses (uncontrolled risks)
    – Agree on the remedial actions needed to overcome these weaknesses
  • Self-assessment compliance tests were developed for the business unit managers to periodically verify whether controls are working as intended.
  • Worked with Senior Management to build the “Corporate Risk” Profile (risks that can impact on the organization as a whole).
  • Internal Audit visits were conducted to independently verify whether the agreed remedial actions were properly implemented and whether the identified Key controls are working as intended.
  • Reviewed all Delegation of Authority (DOA) Matrices.

Result

  • Several weaknesses in the control environment and opportunities for improving processes were identified and implemented.
  • The risk assessment exercise and our recommended 3 lines of defense methodology lead to significant improvements in the control environment.
  • Periodical reports are now being produced on the status of the control environment.