What are your risks as a commodity organisation in a constantly changing digital world?
Here are some key points you should consider when developing an internal assurance plan for the transformative age.
Companies with commodity production, merchandising and marketing, trading or hedging operations routinely operate in financial and physical commodities markets to manage commodity risk and to drive financial performance.
Various strategies can be employed to accomplish this, depending on the needs of the company. Commodity market risks, however, are embedded throughout the transaction life cycle and can result in significant economic, financial, regulatory, and reputational consequences if they are not properly controlled.
Assurance functions are also increasingly focused on addressing a number of related high-profile risks.
Business transformation risk
Business transformations driven by the dynamic economic environment can create process and control gaps and introduce risk in otherwise well-controlled organizations.
Model risk
Complex spreadsheet models are widely used as operational tools within the system landscapes of commodities market participants; inadequate controls may lead to the use of incorrect data when transacting in markets and monitoring the related risks.
Commodity trading and risk management (CTRM) system implementation risk
The implementation of a CTRM system may introduce significant risks through the inadequate implementation of system-based or system-enabled controls.
Cybersecurity risk
Critical and proprietary financial and operational data is maintained in CTRM systems; inadequate cybersecurity controls may lead to financial and operational risks.
Market price risk
Given the historic level of commodity price fluctuation, inadequate market risk management controls may lead to unacceptable market price risk.
Credit and liquidity risk
The challenging economic environment in commodities markets has impacted the credit and liquidity standing of companies and their counterparties; inadequate controls may lead to unacceptable credit and liquidity risk.
Assurance that has an impact
Business transformation risk
Objective: Assess current state and future state processes and controls
Key Questions You Should Be Asking:
- How have policies and controls been adapted to manage the risks of new business activities — are more robust policies and controls required to keep up with more complex activities?
- How have organizational changes impacted the segregation of duties across key front, middle, and back-office processes?
Commodity trading and risk management (CTRM) system implementation risk
Objective: Assess the risks in the future state of business processes and the use of a CTRM package’s native functionality to support the design of future state controls
Key Questions You Should Be Asking:
- Has the CTRM’s full suite of native control functionality been assessed for applicability to future state processes and controls?
- Have future state processes been reviewed, both system- and non-system-based, for risk and control implications?
Full-scope front-to-back-office review
Objective: Assess design or operational effectiveness of the processes and controls across the transaction life cycle
Key Questions You Should Be Asking:
- Do the front, middle and back-office controls reflect industry practices?
- Are policies being complied with and are the related controls designed and functioning as management expects?
Cybersecurity risk
Objective: Assess the process and technology controls to protect data in the CTRM and related technology ecosystem
Key Questions You Should Be Asking:
- Have the CTRM, key spreadsheets and other sensitive transaction data been secured from both internal and external threats?
- Have the risks of a cybersecurity incident been considered for both the ability to transact competitively in markets and the ability to operationally manage transactions across the transaction life cycle?
How can we help?
Talk to us about how we can help your organisation reduce risk and apply the right levels of quality assurance. Making it real is what we do.
How can you connect with us?
We’d love to hear about your journey. Did reflecting on your risk profile help?
About the Author
Jason Novobranec is Implementary’s Chief Operating Officer.
With over 20 years of Consulting, Program Management & Senior Leadership experience, Jason has delivered initiatives for large multi-national / multi-regional organisations as well as SME’s and is an expert in shaping solutions to fit a customer’s project needs.