This article is aimed at studying the problem of risk management at industrial corporations. It examines the nature of risk and its impact on the way the modern corporations operate. The main types of risks are analyzed on the example of their classification, developed and applied by the leading German insurance company Allianz. It among them are 10 main types of risks, including risks associated with IT systems in enterprises (in particular, cyber-crimes, failures of IT systems, leakage and loss of data), production and supply chain risks, risks of changes in legislation and regulatory policy (in particular, duties, trade wars, sanctions, protectionism), force majeure and natural disasters, changes in markets (increased competition, new competitors, fluctuations, stagnation and fall of markets), fires and explosions, climate changes, reputational risks, risks of new technologies and macroeconomic factors such as monetary policy, government austerity programs, inflation, changes in resource prices, etc. The examples of occurrence of such risks in real enterprises are given. The role and the importance of risk management at industrial corporations is determined. The model of three "lines of defense" in risk management of industrial enterprises is described, where the "first line" includes operational management and internal control mechanisms, the "second line" – the services of enterprises, responsible for management and control of risks on the ground, in particular, financial control, security service, services of quality control, compliance with standards and others, and the "third line" is internal audit. The practical aspects of its application are defined. The role and function of internal audit in risk management of companies is determined. The differences in scope and goals of internal audit as compared to other corporate compliance and governance functions are highlighted.
Read full abstract