Objective: Our client is a leading Global consulting firm. Their Enterprise Risk Management (ERM) team seeks external expertise to enhance and refine various risk management processes and standards within their end client organization. This support will involve critiquing and improving existing procedures, creating documentation, and aiding in the implementation of these processes across different departments and international offices.
This is a 6 month extendable project based in Abu Dhabi ( UAE).
Detailed Scope of Services:
A. Risk & Control Self-Assessment (RCSA)
- Timeline: On-site, September to January
- Activities:
- Review and propose enhancements to the current RCSA process.
- Assist in updating RCSA documentation.
- Identify relevant internal and external risk data sources.
- Support the year-end risk assessment activities.
B. Risk Management Maturity Assessment (RMMA)
- Timeline: Hybrid -August
- Activities:
- Evaluate and improve the RMMA questionnaire.
- Develop RMMA documentation.
C. Key Risk Indicators
- Timeline: Onsite
- Activities:
- Review and refine existing KPIs, KRIs, and KCIs.
- Define calibration approaches for KRIs and KCIs.
- Document the KRI and KCI process.
D. Incident Management
- Timeline: On-site, August to December
- Activities:
- Engage with business units to understand incident collection processes.
- Design and socialize the incident management process.
- Develop and document the implementation plan.
E. Emerging Risk Management
- Timeline: Onsite, August to September
- Activities:
- Develop and document the emerging risk process.
- Create and implement the emerging risk process linkage to RAS and RCSA.
- Compile a list of risk data sources.
F. Integration of Risk Management into Policies and Standards
- Timeline: Onsite, August to September
- Activities:
- Review and assess the integration of risk management within 26 existing policies and procedures.
- Provide recommendations for alignment and enhancement.
G. Project Risk Management
- Timeline: Onsite, August to December
- Activities:
- Develop and document a standardized project risk management process.
H. Third-Party Risk Assessment
- Timeline: Onsite, August to December
- Activities:
- Develop and document a third-party risk management process.
I. Fraud Risk Management Coordination and Reporting
- Timeline: Onsite, August to September
- Activities:
- Conduct an independent review of the Fraud Risk Management (FRM) framework.
- Interview stakeholders and review documents to provide improvement recommendations.
- Prepare a comprehensive report for the Audit and Risk Committee.
J. Operational Risk Training
- Timeline: Onsite, August to January
- Activities:
- Assist in designing and developing training programs covering various risk areas.
- Advise on the delivery method of training (face-to-face, eLearning, etc.).
Deliverables:
- Comprehensive reports detailing findings and recommendations for each risk management area.
- Updated and new documentation for all revised processes and standards.
- Implementation plans for integrating and embedding risk management processes.
Consultant Requirements:
- The consultant will be expected to provide expertise across all listed areas, coordinate closely with the ERM team, and deliver all outcomes within the specified timelines.