RISK ASSESSMENT ON BUSINESS ETHICS AND ANTI-CORRUPTION
Best practice governance guidelines suggest that an organization's governing body should ensure that ethics risks and opportunities are incorporated into the enterprise risk management process. However, to date most organizations have applied risk management and ethics risk management separately and as only somewhat complementary interventions. Since ethics risk is a dimension of risk that is on an equal footing with any other type of risk, it cannot be divorced from organizational risk. In fact, risk management and ethics risk management may be viewed as converging interventions that can be designed and implemented in an integrated manner.
Risk assessment consists of three steps:
Risk Identification
Risk Analysis
(including consideration of the sources and causes of a specific risk event occurring, consequences/impact of the risk event occurring, the likelihood that the risk event will occur, and the impact thereof on the organisation's objectives)
Risk Assessment
ANALYSIS & EVALUATION OF RISK
In analyzing the risk in terms of determining risk impact, the following impact- and likelihood risk scales are used by Lakshmi Green Ship Recyclers LLP as part of their risk grading methodology:
Impact assessment
| Score | Level | Score |
|---|---|---|
| 5 | Catastrophic | Will result in the company closing down |
| 4 | Serious | Will result in loss of one year's revenue, loss of employee life, or serious reputational damage to the company (international news coverage) |
| 3 | Significant | Will result in loss of 6 months' revenue, serious injury to employees, or significant reputational damage (national news coverage) |
| 2 | Minor | Will result in loss of 3 months' revenue, minor injury to employees,or minor reputational damage (local news coverage) |
| 1 | None | No effect on the company |
Likelihood
| Score | Level | Score |
|---|---|---|
| 5 | Very likely | May occur every day |
| 4 | Likely | May occur several times a month |
| 3 | Possible | May occur several times a year |
| 2 | Rare | May occur once every 2 years |
| 1 | Unlikely | May occur once in 5 years or more |
The table below represents the Risk Rating Heat Map (risk classification table), per the above methodology. The scoring is calculated as a mathematical multiplication of the impact and likelihood axes. For example, a risk-rated as Significant (3) in relation to impact and Likely in relation to likelihood, would be scored 12 (3 x 4). The heat map is calculated based on the premise that the organization has a three-level risk rating scale (High, Moderate, and Low), and that each risk category is equally distributed across the organization. Thus, the risk classification grading scale is based on the maximum risk score of 25 (per the table below), divided by 3, representing the three risk classification grading scales.
| Impact | ||||||
| 5 | Catastrophic | 5 | 10 | 15 | 20 | 25 |
| 4 | Serious | 4 | 8 | 12 | 16 | 20 |
| 3 | Significant | 3 | 6 | 9 | 12 | 15 |
| 2 | Minor | 2 | 4 | 6 | 8 | 10 |
| 1 | None | 1 | 2 | 3 | 4 | 5 |
| Like hood | Unlikely | Rare | Possible | Likely | Very Likely | |
| 1 | 2 | 3 | 4 | 5 |
| Risk rating | High | Moderate | Score |
|---|---|---|---|
| Classification | 16.34 - 25 | 8.34 - 16.33 | 0 - 8.33 |
Using the above matrixes, the inherent risk of the identified perceived ethics risks that reflects the aggregate of the risk rating, the perceived impact, and the likelihood of occurrence.
| # | Ethics risk | Risk rating (perceived) | Impact | Likelihood | Inherent risk | Current controls |
|---|---|---|---|---|---|---|
| 1 | Use of child labour | High | Serious | Likely | High | • Labour Policy • Vendor screening |
| 2 | Negative environmental impact of operations | High | Catastrophic | Very likely | High | • Internal environmental impact assessments |
| 3 | Operations threatening community safety | High | Significant | Possible | Moderate | • Health and Safety Forum |
| 4 | Theft of company property | High | Significant | Possible | Moderate | • CCTV surveillance • Body frisks at high-risk areas • Security guards at entry and exit points |
| 5 | Irregular procurement | High | Significant | Rare | Low | • Formal procurement process • Tender process for high-values pending • 3 quotations for lower-level spend |
| 6 | Favouritism in Minor Rare promotions | High | High | Minor | Rare | • Recruitment process • Panel interviews |
| 7 | Bullying of employees in the workplace | High | Significant | Rare | Low | None |
| 8 | Bribery of public officials by employees | High | Serious | Likely | High | • Anti-bribery and corruption policy |
| 9 | Employees committing fraud against the company | Moderate | Significant | Possible | Moderate | • Fraud policy • Whistle-blowing policy |
| 10 | Intentionally misleading stakeholders | Moderate | Serious | Unlikely | Low | • Corporate Communication • Liaison officer |
| 11 | Leaking of confidential information | Moderate | Serious | Rare | Low | • Document classification • Data leakage software controls |
| 12 | Sexual harassment | Moderate | Serious | Very likely | High | None noted |
| 13 | Illegal substance use | Moderate | Minor | Very likely | Moderate | • Employee Wellness Programme • Random illicit substance screening of employees |
| 14 | Inappropriate gifts and hospitality accepted by employees or given by the company to external stakeholders |
Low | Minor | Very likely | Moderate | • Gifts Policy |
| 15 | Nepotism | Low | Minor | Rare | Low | • Recruitment process • Panel interviews |
| 16 | Extra-marital affairs amongst employees | Low | Minor | Likely | Low | None |
| 17 | Confiicts of interests | Low | Significant | Likely | Moderate | • Contractor screening |