Accountancy & Financial Management

Risk Assessment

Use logic, creativity, and interpersonal skills to help companies understand, prioritise, and manage potential business risks.
Jevitha Muthusamy
Editorial Writer
Risk Assessment

Risk assessment is a crucial process in accounting that helps organisations identify potential risks and vulnerabilities that may affect their operations. By assessing risks, organisations can develop strategies to minimise their impact or prevent them from occurring altogether. 

For example, if a company wants to expand their business, they’ll need to consider the costs of hiring new staff, the available pool of skills, the technology required, competitor responses, and avoiding supply chain disruption. The process of risk assessment involves identifying such potential risks, evaluating the likelihood and impact of these risks, and developing strategies to mitigate them.

Risk assessors work closely with executive boards and senior management at companies to provide advice on all areas of business, from security and fraud to environmental and social impact. Such services are sometimes offered alongside compliance advisory (i.e. helping businesses to comply with new laws and regulations that affect their industry), or governance advisory (i.e. ensuring that a business has an effective set of processes to meet the expectations of management and stakeholders).

In Malaysia, both publicly-traded and public sector organisations are required to conduct regular risk assessments to comply with regulations such as the Malaysian Code on Corporate Governance and the Malaysian Public Sector Accounting Standards. Risk assessment is also a critical component of internal auditing, which is essential for ensuring that organisations operate efficiently and effectively.

Career Pathways

Risk assessment is largely a consultative role, which means career opportunities are typically found with accounting and professional services firms providing risk consulting services for clients.

You may also find opportunities with large corporations which require regular risk assessments often enough to hire a designated in-house team. However, those don’t tend to pop up as often.
Graduate hires tend to start out in a more general area (e.g. audit) for training before they specialise in risk assessment. However, some accounting firms do have dedicated graduate programmes for risk assessment, so keep an eye out for those. Large organisations hiring in-house typically prefer to train graduates in other areas before absorbing them into their risk assessment department later on.

To become a risk assessment professional in Malaysia, graduates must obtain a specialist risk management qualification with a professional accounting body. As a risk management trainee, you will typically start out with tasks like monitoring daily business functions, evaluating existing risk controls, and assisting with preparing recommendation reports for clients/management. 

Once you are qualified, you will take a larger hand in planning, designing and supervising the implementation of risk management processes and continuity plans for a client/company. You may also be tasked with establishing and determining the risk appetite of an organisation, and adjusting existing risk management processes to match.

It’s worth remembering, however, that risk assessment is an advisory role at its core. This means that it will be up to your client or management to ultimately execute and follow through on the measures you propose. As such, a key part of your work will also involve persuading others to adopt and carry out your recommendations. 

Required Skills

The most important skill for risk assessment professionals is problem-solving ability, that is, being able to foresee potential risks and develop effective strategies to mitigate them. This requires creativity and adaptability, as risks can vary greatly in their nature and severity.

Strong analytical skills, attention to detail, and critical thinking abilities are key as well. You should also have excellent communication and negotiation skills  ̶  both written and verbal  ̶  as you must be able to persuade others to follow through on your findings and proposed solutions.  

In-depth knowledge of enterprise risk management (ERM) software and Risk Control Self Assessments (RSCA) is needed, though these can be picked up on the job. You must also have a comprehensive understanding of the various types of risks that a firm may face both locally and internationally, as well as stay constantly up to date on relevant business laws and regulations.
In addition to these technical skills, risk assessment professionals should also possess strong interpersonal skills. You will need to collaborate with other departments and build relationships with stakeholders in order to get the most accurate findings and have a higher chance of your recommendations being adopted.