Jenga tower to show effect of awkward risks on a business
Without embracing some level of risk, companies actually put themselves at greater risk of failure.

Risk-taking is key to any company’s success. A recent survey found that companies that understood and embraced the risks of the COVID-19 crisis early on fared much better than those that refused to acknowledge the new reality and continued with their pre-COVID plans. Differences in how they perceived risk had dramatic effects on how they coped with change. 

For many companies, taking risks is synonymous with innovating and responding to change. Without embracing some level of risk, companies actually put themselves at greater risk of failure. The challenge is understanding which risks are worth taking, and how to mitigate those which are unavoidable.

This is why it’s so important to have a risk management system in place. Risk management is the process of identifying, assessing and controlling threats to a business. Potential risks facing a company could include, for example, security breaches, internal problems with employees or operating systems, market or regulatory changes, natural disasters, and much more. A good risk management system will consider a wide variety of possible scenarios and prioritise the ones most likely to actually happen. It will also take into account a holistic vision of the company and its goals. Then, it can devise strategies to avoid or minimise the potential risks.

VinciWorks’ new Introduction to Risk Management course explores some of the basic tools that most risk managers use, including designing a risk matrix and composing a risk register. These will help you understand the types of considerations that they use to make decisions and to ensure that a business is prepared for future scenarios.

Try now

Continue reading

Now that the ISQM 1 Standard has been approved, accounting firms need to begin deciding what they need to do to comply with the new quality management standards. While they only go into force in December 2022, preparation will require input from multiple departments and firms are already thinking about the systems they need to implement. 

What is ISQM 1?

ISQM 1 is the new standard that deals with quality management at a firm level. It replaces the ISQC1 which was focused on quality control. A quality management system is necessary to create an environment that enables and supports engagement teams in performing quality engagements. It applies to all firms that perform audits or reviews of financial statements, or other assurance or related services engagement.

Continue reading

Code of Conduct: The Challenge

A strong code of conduct is vital for employees to know what is expected of them. A successful code of conduct that is followed by all employees, from leadership to management to each and every worker is an important part of building an ethical, inclusive culture at work.

But an organisation seeking to formulate a successful code of conduct or update an outdated one may quickly run into difficulties. Off-the-shelf training rarely encapsulates the nuances of each individual organisation’s policies and procedures, and write-your-own solutions are cumbersome and time-consuming.

Continue reading

What’s changing in the world of mandatory corporate compliance?

The EU’s proposed new corporate due diligence and corporate accountability directive will cover companies that sell to the EU, not just those based there. Businesses will be required to identify, address and remedy their impact on human rights and the environment. Crucially, this is likely to go up and down the value chain, which means customers as well as suppliers. Businesses could be sued inside the EU for human rights violations or environmental damage committed by their customers or end-users of their products in third countries. 

Continue reading

Tax Evasion

The Criminal Finances Act has been in force since 2017. While there have been no prosecutions as yet, HMRC are currently investigating thirteen potential violations of the Corporate Criminal Offence of failing to prevent the facilitation of tax evasion.

The Act places responsibility on businesses to make sure none of their employees are involved in helping someone evade their taxes. If they do, and if the business failed to have “reasonable procedures” to prevent or expose it, then the business itself could be found guilty and liable for some pretty steep fines.

This offence is broad-reaching. It can be committed whether or not the company is UK-based or established under the law of another country, or whether the associated person who performs the criminal act of facilitation is in the UK or overseas.

The Six Guiding Principles of The “Reasonable Procedures” Defence

Under this legislation, businesses can be held responsible for the actions of their employees, whether or not the business was aware of an employee’s criminal activities. A business’ only defence is to take “reasonable measures” to ensure that its employees do not facilitate tax evasion. Government guidance recommends the following six “reasonable measure” principles:

  1. Risk assessment
  2. Proportionality of risk-based prevention procedures
  3. Top level commitment
  4. Due diligence
  5. Communication (including training)
  6. Monitoring and review

Continue reading

In a survey carried out by VinciWorks, a staggering 50% of respondents said they weren’t confident their organisation would deal with a report of sexual harassment very seriously. And worse, 10% of respondents said that they had been shown sexually explicit or inappropriate content at work. The results of this survey and others evidence that in an environment where harassment is tolerated and complaints ignored, abuse will thrive. Sadly, a study by the US Equal Employment Opportunity Commission critically shows that 75% of victims don’t report abuse because they fear retaliation, whilst 75% of victims who did report abuse experienced retaliation.

Whistleblowing regulations in the UK

The current legislative framework governing whistleblowing in the UK was introduced by the Public Interest Disclosure Act (PIDA), which has been in force for some 20 years. PIDA amended the Employment Rights Act and its aim was to protect workers who blow the whistle not only for personal gain, but also for public interest.

PIDA clearly states that the dismissal of an employee for whistleblowing is automatically considered to be unfair if the reason, or the main reason, for their dismissal was that they made a “protected disclosure”.

Continue reading

Karla Gahan
Karla Gahan, Deputy Global Head of Risk & Advisory at VinciWorks

On 27 February, VinciWorks hosted its second in a series of risk masterclasses. In the interactive business continuity masterclass, experts Karla Gahan and Dean Hughes shared insights on how to run a tabletop exercise within your own organisation. Delegates were presented with a clear structure on how to prepare for and run a tabletop exercise. They also participated in a mock exercise, enabling them to understand how best to facilitate a session.

Guest speakers provide further insight on business continuity planning

We were delighted to invite business continuity experts to share their insights during the masterclass. Sam Dawson from disaster recovery and restoration provider Belfor discussed the services Belfor offer in the case of an emergency. Former firefighter Russ Timpson from Horizonscan shared his expertise on the role fire safety plays on your company’s business continuity plan.

Continue reading

Karla Gahan
Karla Gahan, Deputy Global Head of Risk & Advisory at VinciWorks

We are all leaders, mentors, influencers or decision-makers at some level and we are all responsible for managing the risks and opportunities that our organisations face. But how does the pace of change impact on our people and their willingness to own risk? How do we contribute to the development of a climate that encourages ownership and individual success? And how do we build a culture where people are empowered and can have the conversations that really make a difference.

Karla Gahan, Deputy Head of Risk and Advisory at VinciWorks, will be speaking at the International Institute of Risk and Safety Management (IIRSM) annual conference on 28 March.

Continue reading

Road closed signs amid flooded water

The unthinkable has happened and you’re busy gathering your business continuity team together to manage the incident. You pop your head around the door to the Head of HR and they say they have no idea that they’re meant to be on the team. The Head of Legal says the same. You’re already in a high-pressure situation as time is against you and now you need to explain to these people how the team works when what you really need is for them to mobilise quickly and perform their role.

Many organisations have detailed business continuity plans sitting on their shelves and the board, the auditors and often the insurers are expecting that the team will be able to respond quickly should an incident occur. However, many business continuity teams have never even met, let alone understand their role or what they will need to do in the heat of an incident. Tabletop exercises are an essential part of the business continuity process. However, many organisations may not have the experience or buy-in to conduct this training. Part of the issue in convincing organisations of the true value of these sessions is a lack of understanding of the benefit these exercises can bring.

Continue reading

As part of our commitment to providing our clients with better and more efficient products, we are pleased to announce that we have upgraded Omnitrack’s workflows. This upgrade improves many aspects of the system and simplifies workflows without changing any of the current functionality. The new version will feel instantly familiar and straightforward to existing users and should not require any new training.

What is Omnitrack?

VinciWorks’ Omnitrack is a fully flexible, fully customisable data collection tool that can be used by businesses to capture, track and manage any type of information, from registers and assessments to self-reporting forms and notifications. The Omnitrack platform has the versatility and power to log data assets, record complaints and breaches, enable whistleblowing, evidence regulatory compliance and manage other business processes internally, throughout the supply chain or on behalf of independent firms subscribing to outsourced business services.

Continue reading