As an industry-specialized developer and operator of Dubai’s leading business communities and work environments, TECOM Group, has been a major catalyst for Dubai’s development into a knowledge economy. The company is a frontrunner in delivering the Government’s innovation strategy, championing the growth of start-ups and small businesses, as well as the Emirate’s service sector. Its 11 business communities provide a home in Dubai for over 5,100 businesses, ranging from major multinationals to local SMEs and start-ups, representing a total workforce of 76,000.
TECOM Group is a risk aware company that has a risk champion model in place across its nine business units, in addition to a centralized Risk Management Team. Along with the central team, Risk Champions are responsible for delivering risk management within their business units which includes arranging and holding risk reviews, assisting with the identification, evaluation and mitigation of risk, and ensuring all information is recorded, monitored and updated.
“Having the capability to assign risks to specific objectives at both the group and business unit level has enabled us to better conform to ISO 31000, which has given the Board a greater degree of confidence that risks are being assessed in line with international risk management standards.”
“We needed a more efficient system for identifying and evaluating risks, recording mitigations and automating the reporting process. The centralized risk team were spending a considerable amount of time entering data into spreadsheets. We needed a solution that was easy to use and would be embraced across the organization, helping to raise awareness of the need to mitigate significant risks”
Empowering business units
ARM has enabled the small, focused risk team at TECOM to leverage their capabilities and focus on more strategic and beneficial undertakings by decentralizing risk management and empowering the business units to record their own risk information. ARM licenses were provided to the business unit risk champions and training sessions held to ensure all system users were comfortable with the solution. Rushu Das remarks; “ARM is easy to use and update, since deployment we have seen a massive improvement in the quality of information entered into the system. Employees now see the value of risk management in helping them to elevate issues that are preventing them from achieving success. Six months onwards from ARM implementation, we have seen the business request for more user licenses.”
The risk team conducted an extensive review of several systems and selected Active Risk Manager (ARM) from Sword GRC as it proved to be the most configurable system and allowed the company to quantifiably measure risks against business objectives. “ARM has transformed how we do things; we can produce reports that deliver a clear overview of risk and are laid out in a format that people can digest and quickly find the information they require” comments Rushu Das, Senior Risk Manager at TECOM. “ARM is easy to update and has been embraced across the organization, it has improved every aspect of how we identify, manage and report risk. It has been an enabler for our business units to own their risk management and deliver greater risk awareness across the organization.”
Delivering greater business clarity
The ARM solution has enabled the company to quantifiably measure risk against business objectives by delivering the functionality to directly score and link each risk. Whereas previously, the risk team were using spreadsheets to manage risk and only had qualitative measures. The system enables three point estimates and percentage likelihood. Today, TECOM can quantitatively analyze and evaluate project risk, in terms of time and cost impact. This has delivered greater clarity and highlighted the potential risks and opportunities, along with the tangible effects on the business.
Measuring risk against business objectives
Since implementing the ARM solution, TECOM Group has seen substantial behavioural improvements. Risk management is now more embedded into the culture of the organization and is on the agenda at regular business unit management meetings. Risk management is no longer solely driven by the centralized team but embraced throughout the organization. Rushu Das concludes; “As a risk professional, the ultimate goal is to get everyone in the organization thinking about risk and effectively being their own risk manager. ARM has influenced our processes and helped to bring about a cultural change that has reverberated throughout the company and got everyone talking about risk during their everyday activity.”