RISK MAPPING

Since the law of December 9, 2016 relating to the fight against corruption and the law of March 27, 2017 relating to the duty of vigilance, the firm Grenier Avocats has equipped itself with a packaged offer to support public and private entities present in France. and internationally in the identification and prevention of the ethical and vigilance risks with which they are confronted within the framework of their activity. 

As such, the experience accumulated by our firm over the past five years has enabled us to develop and deploy a clear and precise methodology allowing us, in particular, to develop a risk map for our clients and to define, following it, a plan of actions to be implemented to prevent and effectively combat these risks.

1. Our methodology 

The methodology that we are proposing to you is substantially inspired by that recommended by the French Anti-Corruption Agency and is based, as such, on several key stages.

2. Analysis of your ecosystem 

To begin, we will seek to better understand the economic, political, social and cultural context in which you operate, based in particular on information available in open sources and information of a general nature that you may have communicated to us when you have contacted our firm. 

3. Role clarification 

We will then agree on a common organization, coordination and distribution of roles in order to proceed, together, to the definition of the scope of the project, the organization of its key stages and the making of the project team.

4. Identifying your risks 

We will then be able to identify all the risks with which you are effectively confronted, by carrying out a meticulous analysis of your current processes, the risks that you will have already identified internally, and the incidents and breaches that you have possibly observed in the past. It is on this occasion that we will be required, on the one hand, to carry out the documentary analysis of the documents that we will have requested from you and, on the other hand, to organize interviews with those of your collaborators that we will have identified. as being the best able to provide us with relevant information from the perspective of determining the concrete risks you face.

5. Assessing your gross risks 

The next step consists of evaluating the impact (financial, reputational and legal) as well as the frequency (probability of occurrence) of your risks and assigning them, if necessary, aggravating or mitigating factors, in order to determine, using an algorithmic solution put in place by our firm, the level of raw risk for each of the points of vigilance identified. 

6. Assessing and prioritizing your net risks 

Following this, we will assess the impact (adequacy and effectiveness) of the preventive measures that you have already put in place. Taking these measures into account will, in fact, allow the determination of your net risks, based, therefore, on your gross risks. In addition to evaluating these net risks, they will be prioritized taking into account their level of criticality, in order to obtain a first matrix: the criticality matrix. 

7. Determining your action plan 

Once your net risks have been identified and prioritized, we will determine all the actions you will need to put in place to remedy them. Our mission will then consist, in close collaboration with your management team and your compliance managers, in listing all the actions likely to be implemented within your structure to prevent and fight more effectively against these risks. We will thus be able to define, again according to an algorithmic solution that we have put in place, the priority according to which it will be appropriate to carry out these actions, that is to say the prioritization matrix, to which it will be appropriate, finally, to associate an implementation schedule, monitoring and control of the identified corrective actions.

8. Updating your risk map 

Updating your mapping makes it possible not simply to obtain a snapshot of your risks at a given time – which would, hypothetically, be immediately outdated as soon as the mapping is finalized –, but a construction that is both strategic and evolving. It will then be appropriate, according to a periodicity that you decide, to carry out a regular and effective review of your mapping, taking into account the actions gradually implemented within you, the evolution of your activity and your ecosystem ,and important events you will encounter.

9. Our deliverables 

On the occasion of the realization of your risk mapping, our firm will be required to provide you with a certain number of deliverables, including, mainly, the precise description of the methodology applied; the risk assessment scales used to calculate the impact and frequency of risks and any mitigating or aggravating factors; the summary presentation of your gross and net risks; a sheet for each identified risk (which includes its precise description, the identification of its owner, the existing preventive measures, the actions to be implemented, their implementation schedule, the means required, and the position in the criticality matrices and prioritization…); the reports of the interviews carried out with your employees; and the general table of your risk mapping (which includes, in particular, theassessment of your gross risks, theassessment and prioritization of your net risks and your action plan).