Enterprise Risk Management - marQ Consult

Enterprise Risk Management

Private and mixed-economy companies

In both public and private organizations, risk management is fundamental to business success and prosperity, as well as to shareholder returns.

It is a strategic matter, defined by regulations and best practices advocated by specialized institutions, as well as by guidelines set forth in specific legislation.

To strengthen governance and compliance within their organizations, partners and senior management must treat Enterprise Risk Management as a cornerstone of the management structure. This involves seeking expert guidance to develop the process and train managers and staff, thereby deepening their understanding of legal requirements, technical standards, and management best practices.

Organizations aim to achieve tangible results by updating institutional policies, leveraging insights from other companies’ experiences, establishing appropriate procedures, and disseminating the risk management process among executives, managers, and staff through courses and lectures designed to raise awareness and provide training on relevant concepts, best practices, and tools.

Broadly speaking, organizations seek to implement risk management processes across the entire enterprise to strengthen governance and compliance, serving as an essential tool for risk-based decision-making.

Who is interested in risk management?

Business vision

• Board of Directors
• Audit Committee
• Fiscal Council
• Internal Controls
• Executive Board
• Audit (External and Internal)

Market Outlook

Risk intelligence:

• Rating agencies
• Banks
• Investors
• Regulators

Governance ensures strategic management of the company for the owner-partners and monitors the executive management team.

Expected benefits of risk management:

Objectives of the Advisory Guidance Proposed by marQ

Development of the “Corporate Risk Management” process in accordance with generally accepted concepts and market best practices, and in compliance with legal requirements.

A proposal for risk management from a business perspective, focusing on management in a broad sense—not limited to the requirements of government bodies responsible for internal or external oversight.

Direct participation by managers from the Planning, Governance, Compliance, Internal Audit, and Internal Control areas, as well as the organization’s operational directorates, to be implemented using methodologies suitable for establishing risk management processes in private and mixed-capital public organizations.

Contribution to the development of compliance management.

Enterprise Risk Management Process

Objectives of the Advisory Guidance Proposed by marQ

Corporate Governance
Compliance
Integrity
Corporate Risk Management

Relevant legislation
Internal and external standards

Governance
Compliance
Internal Control
Internal Audit
Strategic Planning
Core operational and administrative support units

Compliance
Internal Audit
Internal Control
Strategic Planning
Company operational and support units

Enterprise Risk Management Components
Perspectives and Maturity Levels

“Tone at the top”
Risk management policy
Risk management committee
Process modeling
Roles of governance, management, core business, and support units

Expected results
Awareness-raising sessions will be developed, formatted, and delivered by MarQ consultants and instructors for in-person delivery or via distance learning (extending access to employees in regional units).

Governance
Compliance
Risk Management – ​​Concepts
Risk Management – ​​Processes
Methodologies – COSO II-ERM and ISO 31000
Macro-process mapping
Risk map
Risk profile/data sheet
Inherent and residual risks
Mitigation action plans
Practical exercises

The courses will be developed, formatted, and delivered by MarQ consultants and instructors for either in-person delivery or distance learning (extending access to employees at regional units).

Governance Processes
Management Processes
Final Processes
Support Processes

Strategic risks
Process risks
Priority risk portfolios

Strategic
Processes
Sustainability
Operational
Financial
Information Technology
Integrity
Image

Strategic Risks
Process Risks
Risk Map
Management Tools
Mitigation Action Plans

Definition
Causes
Consequences
Inherent risk rating – Probability and impact
Internal controls
Residual risk rating – Probability and impact
Mitigation action plans

Management Dashboard – Critical Risks
Management and monitoring tool – risks, internal controls, and action plans

Strategic risks
Process risks
Administration and management

Definition
Manager sensitization
Training
Regional dashboard
Monitoring

IT Infrastructure
Business procedure

Consultancy Deliverables

• Risk Management Policy – Definition/Review
• Risk Management Committee – Definition/Review
• Analysis of risk management maturity – definition of growth goals
• Definition of the roles of corporate units – Creation/Review
• Risk Management Policy – Definition/Review
• Risk Management Committee – Definition/Review
• Definition of steps and goals to boost GRC maturity
• Business procedure – Corporate Risk Management
• Awareness raising through a structured face-to-face meeting with the organization’s advisors, directors and managers, in the format of an institutional lecture
• In-person course or E.A.D. version, to be extended to managers and employees of decentralized units, with the application of handouts and teaching material produced by MarQ
• Survey of risk management models
• Model evaluation and definition of the process map
• Definition of priority processes – Types of risks, priorities and impacts
• Definition of “business risks” and process risks (Operational, Financial, IT, Integrity, ESG – Environmental, Social, Governance, Image)
• Consultative guidance for the consultative organization to develop, with its own or contracted resources, the construction or acquisition of a Risk Management System and a “dashboard” type platform, applicable to the control, management and monitoring of corporate risks
• Dashboard Modeling – Strategic risks and process risks
• Modeling the action plan monitoring process

Work dynamics

The work is conducted based on technical materials and through group discussions—organized as workshops—aimed at embedding concepts and best practices within the organization; this fosters an understanding of corporate risk management and clarifies the specifications that will form the basis of governance and compliance policies.

Lectures and training courses designed to raise awareness and build the capabilities of executives and managers are developed and formatted for delivery either in person or via e-learning, and are conducted by marQ consultants.

Methodological references

Notebooks and publications from IBGC – Brazilian Institute of Corporate Governance:

• Corporate Risk Management Guidance
• Evolution in Governance and Strategy
• Compliance in the Light of Corporate Governance

Framework “The Three Lines” – IIA – The Institute of Internal Auditors
Integrity benchmarks of external control bodies (TCU – Federal Court of Accounts, CGU – Comptroller General of the Union and others)

Expertise of marQ consultants

Paulo Endo

paulo.endo@marqconsult.com
11 99622-4723

Mechanical engineer specializing in quality, environmental management, and business management. Lead auditor for ISO 9001, 14001, OHSAS 18001, and other standards.

João Arcoverde

joao.arcoverde@marqconsult.com
13 99151-8828

Business Administrator (registered with CRA/MS, No. 09686), holding a postgraduate degree in Marketing Administration.

Francine Carvalho

francine.carvalho@marqconsult.com
11 98211-1155

Law graduate; corporate lawyer (1999–2020) with specialized training in Environmental Law. Internal Auditor. Certified Environmental Lead Auditor (Bureau Veritas). Certified Integrated Management System Lead Auditor (ISO 9001:2015, ISO 14001:2015, and OHSAS 18001:2007) (Bureau Veritas).

English
gdpr-image
This website uses cookies to improve your experience. By using this website, you agree to our Data Protection Policy.
Learn More