Innovative organisations actively react to changes in an external business environment and internal processes taking account of a current situation and probable changes that they aim to assess.
Despite modern business planning models and methods that are applied by a large number of organisations, in the course of planning quite often risk assessment is performed non-systematically and intuitively, and the risk management plan is not prepared at all. As a result, problems are solved once they arise, usually rather too late.
Despite a common perception of risk as a event or condition having a potential negative impact on the organisation’s operational objectives, an integrated risk management system is to assess positive contingencies as well, i.e. opportunities.
This leads to the increase in added value of the risk management system; not only threats, but also change-related growth and development opportunities stand out more clearly.
In view of operational risks faced, organisations develop and implement systems of internal controls, which act as preventive measures. Since systems of internal controls create no direct additional value for a business and usually require extensive costs, excessive systems of internal controls encumber business processes and reduce their efficiency.
Therefore, it is essential to assess whether internal controls in place and the related risks are adequately linked.
Challenges faced by organisations