Risk Management
Our risk management policy is still being developed and will be updated during 2019.
PURPOSE
The purpose of the risk management policy is to provide guidance regarding the management of risk, especially with regard to AML/CFT, to support the achievement of corporate objectives, protect staff and business assets and ensure financial sustainability.
SCOPE
This policy applies to all activities of the EpsomTax.com group.* It forms part of EpsomTax.com group's governance framework and is applies to all employees, contractors and volunteers.
RISK GOVERNANCE
What are the roles of each party?
Director
Provides policy, oversight and review of risk management, drives culture of risk management, signs off on annual risk assessment.^
Senior Managers
Practice Manager and Strategist provide feedback and input on all aspects of risk management.
AML/CFT Officer and Assistant
Continuously improving risk management policy, strategy and supporting framework, provides regular feedback to Director.
Practice Manager
Ensures contractors comply with the risk management policy where possible; fosters a culture where risks can be identified and escalated.
Staff and Contractors
Comply with risk management policies and procedures.
Provides policy, oversight and review of risk management, drives culture of risk management, signs off on annual risk assessment.^
Senior Managers
Practice Manager and Strategist provide feedback and input on all aspects of risk management.
AML/CFT Officer and Assistant
Continuously improving risk management policy, strategy and supporting framework, provides regular feedback to Director.
Practice Manager
Ensures contractors comply with the risk management policy where possible; fosters a culture where risks can be identified and escalated.
Staff and Contractors
Comply with risk management policies and procedures.
RISK MANAGEMENT PROCESS
When undertaking a risk management process the following steps must be taken:
Refer to the risk management procedure for details on what to consider for each step in the process. Risks in terms of AML/CFT are outlined in the company AML/CFT policy. This policy is an internal company document i.e. not for release to the public. For details on how to view this, please contact the Compliance Officer (see this page for details).
- establish the context,
- identify the risk,
- analyse the risk,
- evaluate the risk,
- treat the risk and
- monitor and review the risk.
Refer to the risk management procedure for details on what to consider for each step in the process. Risks in terms of AML/CFT are outlined in the company AML/CFT policy. This policy is an internal company document i.e. not for release to the public. For details on how to view this, please contact the Compliance Officer (see this page for details).
RISK MANAGEMENT PROCEDURE
Steps 1-4
What is the risk? Is it electronic or physical or other? How has it originated? Is it due to internal or external factors or causes? How was it identified? Who identified it? If identified by an external source, e.g. a client or supplier, why was this not recognised internally beforehand? Who has immediate responsibility for this area? Who know about this risk? Who else need to know about the risk? What steps had already been taken which had minimised this risk? Is this an easy fix or will it take time? Can the risk be eliminated? If not, can it be minimised?
Step 5
What needs to be done now? Who will be responsible for this? Who will check this? What are the significant progress dates? What is the expected completion date?
Step 6
How will the risk be monitored? How will this be reported on and to whom?
What is the risk? Is it electronic or physical or other? How has it originated? Is it due to internal or external factors or causes? How was it identified? Who identified it? If identified by an external source, e.g. a client or supplier, why was this not recognised internally beforehand? Who has immediate responsibility for this area? Who know about this risk? Who else need to know about the risk? What steps had already been taken which had minimised this risk? Is this an easy fix or will it take time? Can the risk be eliminated? If not, can it be minimised?
Step 5
What needs to be done now? Who will be responsible for this? Who will check this? What are the significant progress dates? What is the expected completion date?
Step 6
How will the risk be monitored? How will this be reported on and to whom?
INTEGRATION WITH OTHER SYSTEMS AND PROCESSES
Risk management is factored into business planning, performance management (KPIs in contracts), business continuity management and project management.
RISK CATEGORIES
Risk categories may include strategic, financial, environmental, safety, people and reputation. In accounting, where a lot of data is available online, security of data is a key area of risk.
More Information
Please contact the director by email with any questions; click here to file a complaint.
^ Undertaken usually during June/July as part of AML review
* EpsomTax.com group is defined as EpsomTax.com Limited, Property Accountants Auckland Limited and Outsourced etc NZ Limited.
^ Undertaken usually during June/July as part of AML review
* EpsomTax.com group is defined as EpsomTax.com Limited, Property Accountants Auckland Limited and Outsourced etc NZ Limited.