Here are some key points you should consider when developing an internal assurance plan for the transformative age.

Companies with commodity production, merchandising and marketing, trading or hedging operations routinely operate in financial and physical commodities markets to manage commodity risk and to drive financial performance. 

Various strategies can be employed to accomplish this, depending on the needs of the company. Commodity market risks, however, are embedded throughout the transaction life cycle and can result in significant economic, financial, regulatory, and reputational consequences if they are not properly controlled. 

Assurance functions are also increasingly focused on addressing a number of related high-profile risks.

Business transformation risk 

Business transformations driven by the dynamic economic environment can create process and control gaps and introduce risk in otherwise well-controlled organizations. 

Model risk 

Complex spreadsheet models are widely used as operational tools within the system landscapes of commodities market participants; inadequate controls may lead to the use of incorrect data when transacting in markets and monitoring the related risks. 

Commodity trading and risk management (CTRM) system implementation risk 

The implementation of a CTRM system may introduce significant risks through the inadequate implementation of system-based or system-enabled controls. 

Cybersecurity risk

Critical and proprietary financial and operational data is maintained in CTRM systems; inadequate cybersecurity controls may lead to financial and operational risks.

Market price risk 

Given the historic level of commodity price fluctuation, inadequate market risk management controls may lead to unacceptable market price risk. 

Credit and liquidity risk 

The challenging economic environment in commodities markets has impacted the credit and liquidity standing of companies and their counterparties; inadequate controls may lead to unacceptable credit and liquidity risk.

Assurance that has an impact

Business transformation risk 

Objective: Assess current state and future state processes and controls 

Key Questions You Should Be Asking:

• How have policies and controls been adapted to manage the risks of new business activities — are more robust policies and controls required to keep up with more complex activities? 
• How have organizational changes impacted the segregation of duties across key front, middle, and back-office processes?

Commodity trading and risk management (CTRM) system implementation risk 

Objective: Assess the risks in the future state of business processes and the use of a CTRM package’s native functionality to support the design of future state controls

Key Questions You Should Be Asking:

• Has the CTRM’s full suite of native control functionality been assessed for applicability to future state processes and controls?
• Have future state processes been reviewed, both system- and non-system-based, for risk and control implications?

Full-scope front-to-back-office review 

Objective: Assess design or operational effectiveness of the processes and controls across the transaction life cycle

Key Questions You Should Be Asking:

• Do the front, middle and back-office controls reflect industry practices? 
• Are policies being complied with and are the related controls designed and functioning as management expects?

Cybersecurity risk 

Objective: Assess the process and technology controls to protect data in the CTRM and related technology ecosystem

Key Questions You Should Be Asking:

• Have the CTRM, key spreadsheets and other sensitive transaction data been secured from both internal and external threats? 
• Have the risks of a cybersecurity incident been considered for both the ability to transact competitively in markets and the ability to operationally manage transactions across the transaction life cycle? 

How can we help?

Talk to us about how we can help your organisation reduce risk and apply the right levels of quality assurance. Making it real is what we do.

How can you connect with us?

We’d love to hear about your journey. Did reflecting on your risk profile help?

About the Author

Jason Novobranec is Implementary’s Chief Operating Officer.

With over 20 years of Consulting, Program Management & Senior Leadership experience, Jason has delivered initiatives for large multi-national / multi-regional organisations as well as SME’s and is an expert in shaping solutions to fit a customer’s project needs.