With the news that the fine handed out to Credit Suisse (£5.6 million) for its deliberate mispricing of asset backed securities was more than the total fines issued by the FSA during 2007 (£5.3 million), the issues of risk and internal controls once again have come to the forefront of the business agenda.

Why is it so important to have internal controls in place?

Organisations are coming under increasing scrutiny from regulators, financial investors and other stakeholders to prove they have appropriate frameworks for managing risks in their business, especially in the financial services sector.

The effective management of business risk is increasingly becoming a measure that distinguishes an organisation’s performance from that of its competitors and is a key element in helping it achieve its business objectives.

Besides helping protect your organisation’s reputation, it will also help reduce the likelihood that your business will be subject to fraud, tighten up processes to improve financial and operational performance and safeguard your organisation against unforeseen problems.

Despite the stresses and strains of market pressures, it is still essential that the business understands its key risks and the strategies they have in place for managing them.

Undertaking a risk assessment is not rocket science; but does require a systematic approach. We would recommend the following approach:

It is important that this is not a one-off exercise, but one that should be reviewed on an ongoing basis. For most businesses this should be at least annually.

While internal controls can’t guarantee that something won’t happen to your business, they can reduce the likelihood of an incident occurring.

They can also minimise any damage caused to the organisation and its clients.

George Quigley is a partner and risk adviser within BDO Stoy Hayward’s financial services group