THE TRANSFORMATION PROCESS
Once the acquisition had been completed, the risk management team followed the stepwise process in Exhibit 29.1 to transform the approach to risk management at Akawini.
The starting point was a structured analysis of Akawini's current approach to managing risks, to identify where changes had to be made and then to assign a priority to particular tasks. This was conducted in two parts:
1. A full desk-based review of Akawini's risk management documentation
2. A complementary set of interviews with Akawini management
The second activity was particularly important because it was the experience of the United Mineral risk management team that it was vital to observe and review
Exhibit 29.1 Risk Management Transformation Process Steps
how risk management takes place in practice. This was particularly true if there might be any discontinuity of practice across Akawini or inconsistent processes and systems. It was also important to test out Akawini management's perceptions of the current approach to risk management to see if it was currently viewed as effective and if managers perceived it as likely to satisfy their future needs.
The risk management team conducted a series of structured interviews with senior management from Akawini so that the team could draw objective conclusions on:
• The drivers of that attitude, based on what were recognized as the key success factors and growth objectives for the organization
• The perceived usefulness of the current risk management process and its degree of integration into key decision-making processes
• The strengths and limitations of the other risk-type specific approaches to risk management that coexisted in the company – specifically, whether the tools and methods currently being used were capable of providing Akawini with a current, correct, and comprehensive understanding of its risks and informing it whether the risks were within its risk criteria
• The level of understanding of senior management about aspects of the risk management culture
• An outline of the perceived risk profile of Akawini and whether this varied from that reported to the board in the past
Questions asked included:
• What is your definition of risk? How, in your view, do risk and its management relate to the company's objectives?
• What is the purpose of risk assessment? How often should risk assessment take place? What triggers it in your area?
• As a practical matter, how do you gain assurance that the critical controls that your part of the company relies on are in place, are effective, and work when required?
The risk management team members consolidated their findings and compared them with the elements of the existing United Minerals risk management framework and the requirements of ISO 31000. They particularly mapped what they found by comparing it with the principles for effective risk management in Clause 3 and the attributes in Annex A of the Standard.
-  A risk profile is a description of a set of risks. In this case, it is that which represents the major risks the company faces.
-  The term risk attitude (defined as the organization's approach to assess and eventually pursue, retain, take, or turn away from risk) is used in ISO 31000 rather than the term risk appetite for two reasons – it is a wider term (risk appetite is defined in ISO Guide 73 as the amount and type of risk that an organization is willing to pursue or retain) and also translates better into some other languages, a necessary consideration in the drafting of ISO 31000.
-  These are the outcome tests for effective risk management given in Annex A of ISO 31000.
-  Risk criteria provide both the means to determine and express the magnitude of risk, and to judge its significance against predetermined levels of concern. They comprise internal procedural rules selected by the organization for analyzing and then evaluating the significance of risk, and are also used when selecting between potential risk treatments.