1. Please outline your proposed alternative(s) and address the following issues:
a. What issue should Ariana discuss first with the CFO.

i. How future risks that are not typically identified are likely to affect future performance of the firm.
Most line managers and management would always rely on internally biased reviews on risk assessment and strategies which might be outdated in logic and facts. There is tendency to focus much on initial risks and less on residual risks. Whilst much focus on initial risks within the firm mitigates the firm against such risks, this however does not mitigate the firm against residual risks since the firm is always a going concern with active activities and programs. Instead, a focus on a combination of initial risk mitigation measures already in place and residual risks would mitigate the firm future performance against these risks. The management should also consider using external third-party consultants for reviews of its risk assessment and mitigation strategies for independent valuations and independent due diligence.
ii. There is usually incomplete risk identification process
Although there is a strong established risk identification process, there should always be known that there is no single known and complete risk identification process that is always complete since risks are always evolving and changing in nature. And to this the line managers and management should time to time assess its risk profile across portfolios, functional lines and geographical boundaries.
iii. Undetectable developments in risk profile
Sometimes it is difficult to detect specific portfolio risk profile since specifics portfolio risks evolve undetectably different from the whole firm’s portfolios.

iv. Mitigation measures has much focus placed on high risk elements.
Whilst this is appreciated, this leads to tendency where the firm ‘s focus and that of its employees and management has been solely on high risk areas leaving the firm exposed to the overlooked low risk areas which evolved from time to time to become high risk undetectably.

b. What are the risk management issues that you must address in order to evaluate staying with its current programs in place or adopting your proposed structure?

i. Third party risk management. Due to the frequency of dealings with third party intermediaries like brokers in interactions with different jurisdictional authorities, third party risks assessments are very important. They have to be vetted, monitored and evaluated from time to time to assess their risk impacts to the firm’s operations (Aon Risk Portal- Risk Map 2019, 2020)
ii. Technology risk management. By establishing strong technology risk management functions to assess, monitor and evaluate risks. Thus, reducing or eliminating technology risks, hence stabilizing the firm and its subsidiaries against business disruptions emanating from such risks.