Enterprise Risk Management Framework and Business Continuity Plan

1 Application

This document is intended to provide guidance on implementing an effective Enterprise Risk Management (ERM) program for ACI Global Pty Ltd for ongoing Business Continuity. The basic principles outlined in these documents and the methodology and process adopted will need to be modified and appropriately scaled to reflect changes to ACI Global as it grows in size and complexity. This will include consideration of the range of products and services on offer, geographic coverage, business strategies and technology.

As ACI Global grows in size and complexity the ERM program should evolve to ensure that all significant new, emerging and increased risks are appropriately considered and addressed as part of the on-going review and assessment process. When establishing an appropriate and effective enterprise risk management process, ACI Global, its personnel and agencies should give consideration to the guiding principles outlined in Appendix A.

1.2 Definitions

Risk is an event or activity that may have an impact on ACI Global’s ability to effectively execute its strategies and achieve its objectives or which may cause a significant opportunity to be missed.

Risk Management is an on-going process, involving ACI Global’s Owners, management and other personnel. It is a systematic approach to setting the best course of action to manage uncertainty by identifying, analysing, assessing, responding to, monitoring and communicating risk issues/events that may have an impact on an organisation successfully achieving their business objectives.

Assurance is process that provides a level of confidence that objectives will be achieved within an acceptable level of risk.

Potential Exposure is the maximum foreseeable loss is an estimate of the amount of damage that would be expected to occur in the event that all loss protections failed.

Risk Appetite is the degree of risk, on a broad-based level, that a ACI GLOBAL is willing to accept or take in pursuit of its objectives.

Risk Tolerance is the level of risk that ACI GLOBAL is willing to accept in various risk areas. This can be measured in terms of both quantitative and qualitative dimensions.

Risk Officer (if one is appointed) is normally identified as the person responsible to coordinate and oversee management of the ERM process and approve reports to the Owners.

1.3 Introduction

Enterprise Risk Management is defined as:

". . . a process, effected by an entity’s Owner, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the ongoing achievement of the entity’s objectives."

In summary, ERM:

  • is a comprehensive, systematic, disciplined and proactive process that is used to identify, assess, manage and report on the significant strategic, business and process level risks related to the achievement of the company objectives which are inherent in the business strategy and operations at any point in time;
  • is a decision making process for measuring and addressing any variation (positive or negative) from ACI Global’s desired objectives;
  • forms a basis for ACI Global’s decision making processes from the development of its strategy and objectives to its daily operations, reporting and compliance routines;
  • provides the ability for management to make more efficient use/allocation of capital and resources within the organisation to optimise financial outcomes;
  • optimises risk management by balancing the cost of risk with the cost of control for all aspects of ACI Global’s potential risk areas to ensure organisational objectives are met;
  • is an integral part of sound business and financial management from the strategic planning process to the day-to-day operations of ACI GLOBAL that helps identify and manage all material internal and external risks and opportunities that may affect its performance, reputation and viability;
  • seeks to enhance value and preserve the longer term viability of ACI GLOBAL; and
  • is a fundamental responsibility and accountability of the Owner and senior management.

ERM involves a pro-active holistic enterprise-wide view of all risks and their associated risk appetite and tolerances to ensure that they are fully aligned with ACI Global’s objectives and strategies and reflects the quality, competencies and capacity of people, technology and asset backing of the business. ERM also helps identify the interdependency and interaction of risks across the organisation and provides the tools to rationalise risk management activities.

1.4 Purpose and Objectives

The purpose of ERM is to create, protect, and enhance ACI Global’s viability as a sustainable business by managing the uncertainties that could influence achieving its objectives. Implementing an effective ERM achieves the following key objectives:

Oversight: All critical risks have been identified and are being managed and monitored under a holistic approach consistent with the Owner’s approved risk appetite statement as reflected within ACI Global’s Business Review and Interested Parties Review processes.

Ownership and Responsibility: The ownership of risk is assigned to management individuals who are responsible for identifying, evaluating, mitigating and reporting risk exposures.

Assurance: The Owner, management and members have reasonable assurance that risk is being appropriately managed within defined levels to bring value to the organisation.

1.5 Benefits

ACI GLOBAL which successfully implements ERM should expect the following benefits:

  • More efficient use of financial capital and resources and resulting impact on cash flow,
  • Reduced likelihood of operational loss,
  • Earlier detection of unlawful activities,
  • Fewer surprises,
  • Focus on lower cost prevention rather than higher cost resolution strategies,
  • Cost savings by using risk information to streamline and improve processes,
  • Increased awareness and integrated view of risks (existing and emerging),
  • Systematic, repeatable approach to mitigate risks and identify opportunities, and
  • Clearer, better informed decisions.

By being informed, the Owner and senior management can be proactive in responding to the significant risks and opportunities that ACI GLOBAL experiences as a learning services provider. ERM helps identify strategically significant high priority risk issues for the Owners’ attention. Through a comprehensive risk identification and assessment process, ACI GLOBAL can identify who owns the risk and how best to respond to the risk. This ensures that the most appropriate and optimum level of resources is assigned to areas of greatest risk. Enterprise risk management helps identify opportunities as well as identifying risks. To be effective and not create additional overhead, ERM should be integrated into existing processes within ACI GLOBAL that support such activities as strategic planning, business-planning, conformance monitoring, performance measurement and process reassessment. Building ERM into existing processes increases awareness and sensitivity to risk and helps create a culture where risk is proactively assessed and managed at every level.

1.6 Roles and Responsibilities

The key roles and responsibilities of the Owner and Management are summarised below.

Key ERM Roles and Responsibilities

The Owner governs the risk profile of ACI GLOBAL

  • Oversees of ERM framework - gains assurance on its effectiveness;
  • Establishes, approves, annually updates governing policy on Enterprise Risk;
  • Articulates risk appetite/risk tolerance in policy;
  • Gains understanding of overall risk profile of ACI GLOBAL at inherent and residual levels;
  • Gains understanding of significant risks at inherent and residual levels;
  • Understands level of risk in relation to aggregate residual risk of ACI GLOBAL business; and
  • Approves acceptance of residual risks or direct additional risk response action where residual level is in excess of established risk appetite/tolerance;
  • Gains assurance that management has undertaken the risk responses as outlined;
  • Monitors risk indicators for known significant risks on quarterly basis and more frequently on specific risks when issues arise;
  • Monitors emerging risks and discuss implications with management during business review.

Management takes action to manage the risks to an acceptable level

  • Develops processes to implement Enterprise Risk Management in ACI GLOBAL;
  • Assigns responsibilities for risk ownership, monitoring of risk, risk reporting;
  • Identifies process to develop risk profile;
  • Implements processes to develop risk profile and to assess the severity of each risk;
  • Implements processes to determine risk responses are in place, and identify if further action required;
  • Determines level of risk in place, make recommendations where it is not sufficient;
  • Reports to the Owner on the risk profile of the ACI GLOBAL including significant risks at the inherent and residual level;
  • Takes action, monitors to ensure risk responses operate effectively and continuously;
  • Presents periodic reports to Owner which present risk indicators and level of risk by categories; and
  • Presents information to the Owner on emerging risks on a needs basis and this information is recorded, monitored and actioned within business review.

2. The Process

ERM is an on-going and cyclical process. The Owner and senior management set the tone for enterprise risk management in ACI GLOBAL. This includes establishing ACI Global’s risk appetite and how risks will be identified, measured and managed.

There are five primary steps in the ERM process. It is also important to ensure that ERM process and risks are re-evaluated and updated on an on-going basis to reflect new information and experiences so that all significant risks are appropriately identified and addressed and that any material opportunities are not overlooked.

Risk Cycle

Enterprise Risk Management Cycle

The process requires the involvement from all levels in ACI GLOBAL and requires a willingness to understand the risk facing ACI GLOBAL, assist with the creation of appropriate responses to risks, and maintain them within the risk appetite and tolerances established by the Owner and senior management.

2.1 Risk Identification

Identification of risks should occur on an on-going basis for existing processes and on an adhoc basis as required for new learning product introductions, training projects or changes contemplated to existing learning products and processes.

There are several techniques that may be used to help identify risks including self-assessment of interested parties, questionnaires, surveys, workshops and interviews.

ACI Global uses a rigorous review of all its Interested parties on an annual basis or on the occurrence of renewal of contracts. The following schematic reflects ACI Global’s on-going re-evaluation of its key risks.

ERM Process

Risk Identification Process

To help with risk identification, risks should be considered within main risk categories. ACI GLOBAL has two clear risk areas: Organisational and Operational / Learning Services.

Organisational risk relates to the business plan and can be further classified as: strategic, professional, financial and compliance risks.

Operational / Learning Services risk covers actions like: facilitation, assessment establishment, Facilitation and Mentoring job acceptance protocol, terms of learning services engagement with the learner and conformance to applicable standards ISO 21001:2018, ISO 26000:2010, ISO 29993:2017, ISO 17024:2012, ISO 27001:2013, ISO 31000:2018 and ISO 22301:2012.

ERM Process

Main Risk Categories

2.2 Assessment and Measurement

Risk assessment includes consideration of the likelihood of a risk occurrence and the impact of a risk on the achievement of ACI Global’s objectives within a specified timeframe.

The likelihood of occurrence is often based on the probability or frequency (number of times) the risk might occur over a specified timeframe such as once a quarter, daily, twice a year, etc. A higher probability or frequency of the event occurring will result in higher risk weightings. An event that is expected to occur sooner rather than later will also result in a higher likelihood. The impact of occurrence is often stated as a dollar value of loss or percent of impact on earnings or capital, but can also be described in qualitative terms (e.g. reputation, service quality, regulatory compliance, etc.) that could result if the risk event occurred. The magnitude or severity of a risk is based on the product of its likelihood and impact.

For the purpose of planning the following Risk Weightings will be used:

Severity Weighting Explanation
1 Insignificant or Minor Low-Medium Financial Loss – a cause for concern if arises too frequently
2 Moderate High Financial Loss – may need to seek outside assistance to resolve / recover
3 Major / Catastrophic Huge Financial Loss – without protection afforded by insurance would definitely pose a threat to the financial viability of the business
1 Likely Has a high probability of occurring.
2 Possible Can occur at sometime in the future.
3 Rare May happen but only in exceptional circumstances.


2.3 Risk Response and Action

For each identified risk ACI GLOBAL should establish an appropriate “response” option in order to optimise risk management. These generally range from accept to avoid. Four possible response options are identified below:

Accept ACI GLOBAL decides to accept, manage and monitor the level of risk and take no action to reduce the risk.

Mitigate ACI GLOBAL is willing to accept some risk by implementing control processes to manage the risk within established tolerances.

Transfer ACI GLOBAL chooses to transfer the risk to a third party (e.g. obtaining insurance).

Avoid ACI GLOBAL feels the risk is unacceptable and will specifically avoid the risk (e.g. cease selling a learning/training product or providing learning services within a specific market).

Generally, if the magnitude or severity of the risk under consideration is high or moderate, the risk response needs to be strong (mitigate, transfer or avoid). Each risk and related response should be assigned to the manager who is responsible for the area affected by the risk. As part of the response process, management should determine and document what actions (prevention or detection) are necessary to manage the risk.

2.4 Monitoring

Risks and risk response activities should be monitored by the responsible manager to ensure that significant risks remain within acceptable risk levels, that emerging risks and gaps are identified and that risk response and control activities are adequate and appropriate. Internal and external Audit plays an important oversight role in confirming that management is monitoring and managing risks in accordance with established levels. Indicators that fall outside of acceptable risk levels should be escalated with appropriate action plans to bring the risk back within established risk levels. Those risks that still remain above acceptable risk levels should be considered by the Owner for their approval of any necessary resolution strategies. This activity will form the basis for reporting to the Owner and recorded within ACI Global’s Business Review process and on-going monitoring by management will also be recorded.

It is also helpful to “quantify” the aggregate exposure of significant risks (or specified subset of risks) in terms of potential impact on finances. While this is often subjective and may be difficult to determine, it does help indicate any material change in risk levels from one period to another and could identify potential risks that may not otherwise be fully noted.

The ACI Global Business Review Process of ERM helps to confirm that the level of aggregate risk exposure is within the established risk appetite of ACI GLOBAL as established in policy.

2.5 Reporting

The Owner and senior management will require the results of the ERM process to be reported to them in their oversight capacity and to gain assurance that risks are being managed within approved risk levels. At a minimum, ERM reports to the Owner from each Region and should:

  • summarise the nature and magnitude of significant risks;
  • highlight all significant risks and those risks that exceed their acceptable risk levels;
  • identify the timeframe and status of any additional risk management activities that may be required to bring risks within approved risk levels;
  • identify any negative trends of higher risk areas and any changes to risk management activities;
  • highlight any new risks including their risk assessment, risk response and management activities:
  • identify any material emerging risks; and
  • summarise any exceptions to established policies or limits for key risks.

On a periodic basis, the Owner should review all high-risk areas (even those that are appropriately mitigated within acceptable levels) in order to have a full understanding of all the significant risks facing ACI GLOBAL.

The review of all high-risk areas as above will be recorded within ACI Global’s Business review process.


Guiding Principles

When developing an appropriate and effective enterprise risk management framework, Regions should consider the following key guiding principles:

  • Decisions should be made with appropriate consideration of the impact on the overall organisation, not just the individual lines of business or the Region alone;
  • The governance model should provide a forum for risks to be appropriately considered, discussed, debated, and factored into strategic business decisions;
  • Governance should focus on and enable making risk management processes proactive rather than reactive;
  • The risk governance structure should consider and reflect the roles and interaction with related functions, including compliance, internal audit, key stakeholders etc.;
  • There should be a clear understanding of the requirements and appropriate resources to provide independent assurance (e.g. independent audit);
  • The governance model must reflect separation of the three main areas of:
  • Business units that take risk and manage the risks they take;
  • Risk management that provides policy, guidance, recommendations, risk reporting and analysis; and
  • Independent assurance functions such as internal audit.
  • The risk governance model should evolve over time, as ACI GLOBAL changes.



ACI GLOBAL will maintain a robust ERM framework to ensure:

  • Significant current and emerging risks and opportunities are identified and understood;
  • Appropriate and prudent risk management systems to manage these risks are developed and effectively implemented;
  • Regular reviews are conducted to evaluate the effectiveness of risk mitigation measures; and
  • Reports are produced on a regular basis regarding adherence to this policy


The objectives of this policy are to:

  • Align with ACI Global's Key Business Objectives;
  • Establish the risk appetite for ACI GLOBAL;
  • Identify the key responsibilities of the Owner, Chief Risk Officer, Agency Owner, audit committee and management;
  • Outline the frequency, form and content of reporting requirements;
  • Commitment to corporate social responsibility and sustainability, ethical behaviour and compliance to legal and legislative requirements in undertaking its business activities;
  • Maintenance of a zero debt to equity ratio to ensure continuity planning and ongoing support for all resources including employees, learners, mentors, stakeholders and interested parties;
  • Excellence in training and supporting professional development programs.
  • Recognition through ISO personal certification to Business Professionals and Industry and or ISO or CMMI Registration.
  • Impartiality and Fairness in delivering learning and Certification outcomes;
  • Vehicle for continuous improvement/optimisation and security of personal information;
  • Leadership role in the competitive market of Industry learning, Professional Development, Personal Certification and Industry and or CMMI, ISO Registration by providing professional support, secure online platforms and Ethical and Secure Contractual arrangements for all parties;
  • Commitment to the health and wellbeing of its workers, facilitators, mentors and learners;
  • Ongoing support to those in need by providing graduate and cadetship programs globally;
  • Commitment to accountability and responsibility in reference to the chain of responsibility (COR) and the mitigation of Human Error;

Risk Appetite and Risk Tolerances

The risk appetite of ACI GLOBAL is [INSIGNIFICANT OR MINOR] [This is where the potential exposure is less than 2% of gross revenue for the group] or the group is maintaining a ZERO DEBT TO EQUITY RATIO. Significant risks must have Owner approved risk management policies and/or risk management strategies.

Risk tolerances will be developed for each identified significant risk that reflect the level of risk appetite elected by the Owner and management [based upon potential exposure].


The Owner is responsible for:

  • Setting risk appetite levels;
  • Overseeing ERM activities of ACI GLOBAL;
  • Understanding the nature and magnitude of significant risks to which ACI GLOBAL is exposed;
  • Reviewing reports on the assessment of risk levels compared to established strategic risk targets; and
  • Annually reviewing risk management policies, including risk appetite, and strategies to ensure that risk exposures remain appropriate and prudent.

The [Chief Risk Officer] is responsible for:

  • Reviewing management’s identification of the significant risks of ACI GLOBAL in accordance with the ERM policy;
  • Ensuring there are enterprise risk management processes in place to measure, monitor, manage and mitigate significant risk exposures, including appropriate policies, procedures and controls;
  • Overseeing the application of ERM practices and the on-going identification of emerging risks; and
  • Reporting to the Owner on risk exposure levels.

The [Agency Owner] is responsible for:

  • Recommending risk tolerance levels to the Owner;
  • Identifying, measuring and evaluating significant strategic, business and process risk exposures;
  • Ensuring an appropriate level of resources are allocated in alignment with established risk appetite targets for assessing and managing risk;
  • Mitigating of risk exposures through appropriate risk responses;
  • Monitoring the application of risk responses and mitigation strategies; and
  • Reporting on ERM processes and findings, including the level and direction of risk exposures and the extent of risk management activities.


Management will submit a report to the [Chief Risk Officer] at least quarterly. The report should provide appropriate information on the following:

  • Nature and magnitude of significant risks and opportunities;
  • Significant risks and those risks that exceed their acceptable risk levels ;
  • Timeframe and status of any additional risk management activities that may be required to bring risks within approved risk levels;
  • Any negative trends of higher risk areas (EQUITY RATIO) and any changes to risk management activities;
  • Any new significant risks including their risk assessment, risk response and management activities;
  • Any emerging risks; and
  • Any exceptions to ACI Global’s established policies or limits for key risks.

The [The Chief Risk Officer] will report to the Owner on its review of risk management activities, including the status of any significant current and emerging exposures and trends.

ERM Review

The effectiveness of the ERM framework should be assessed from time to time including a review of all significant risks and the risk environment of ACI GLOBAL. As well, any changes to the framework should be recommended to the Owner.

Appendix C: Identified Risks

The following is a risk identification summary of risks associated with the ACI Global. Its aim is to provide a top-down stimulus for Regional risk analysis and introduces concepts and areas of risk not previously given significant weight in the Organisation as our focus has been mainly on Operational Risk. Most risk analysis currently undertaken by ACI GLOBAL relates to the physical risk of execution with some contract and quoting ‘stop-loss’ mechanisms. Areas of organisational risk include:

Organisational Risks

Clients ACI GLOBAL should not become reliant on one particular client. As a rule no one client should exceed 10% of our revenue base. This is because:

  • ACI GLOBAL financial viability becomes inextricably linked to the major client;
  • The major client may seek to gain concessions from ACI GLOBAL because they know they dominate the relationship. Price reduction, late or long payment, dispute on payments to gain an advantage or benefit are common strategies.
  • The client may have a ‘change of heart’ or a ‘change of personalities’ which sees a major and immediate swing away from ACI GLOBAL to an alternate supplier. E.g. a new learning product is approved from a competitor and instantaneously ACI GLOBAL is without any further work.
  • The company may have an internal change of policy direction e.g. out of delivery of training services into retrenchment of staff leaving ACI GLOBAL with no further prospects of work.
  • A significantly larger client may also harm ACI GLOBAL by pulling ACI GLOBAL into any price cutting action to which ACI GLOBAL may or may not be a major player as it ensures to maintain its debt to Equity Ratio.
  • We may not be covered by Professional Indemnity Insurance if any one client exceeds 20% of our revenue base.

Disaster Recovery ACI Global uses it digital information security framework as guidance in managing its Disaster recovery process, supported by a secure framework for the location of it Academy (e-Quip) servers of which are not accessible by direct web login.

Training Needs Analysis

Clear setting of goals and responsibilities is important for financial success. A "grey" or "rubbery" scope or Training Needs leads to disputes, scope creep, rework, damaged expectations, frustration and ultimately margin reduction or actual financial loss. Expectations on both sides must be managed as part of the risk process.

On any Learning Services Project over $20,000 a senior ACI GLOBAL employee must sit down with the Client and agree on the Learning Needs Analysis and deliverables and incorporate them into a learning services project brief which needs to be issued to the Client and support staff so no ambiguity exists. Any project over $50,000 or is a two or three year project must have a learning services needs analysis raised and accepted by the client outlining all aspects of methodology and delivery including accuracy, attributes and delivery formats. The following ambiguous situations must be avoided:

  • What learning outcomes are to be assessed and how are they to be assessed and reported – Industry, standards and statutory bodies?
  • How is the data learning outcomes to be presented – spreadsheet, database, uploaded executable, paper, web based?
  • Quality of data presented by the client. Does any work need to be done before analysis can commence? If so, at whose cost?
  • Accuracy of data presentation – Does the client believe that all learning outcomes will be assessed to cover key competencies and personal behaviour disciplines?
  • Does the learning needs analysis described by the Client’s Representative reflect our quotation and or the contract documents?
  • Requirement, approval and cost of ongoing continuous professional development monitoring?
  • Who is going to do what? Make sure responsibilities are clearly identified.
  • Who can approve variations? Is a verbal or email communication sufficient proof of acceptance? Have we identified and dealt with any variation in accordance with our QA system?

Too quickly disputes can escalate into conflict and subsequent legal action. Therefore it is imperative that such events are managed quickly and effectively. The easiest way to do this is remove the egos and personality issues and focus on the facts. If no progress is made then an outside arbitrator maybe useful.

The same type of issue applies to an interfering client. Such interference can be difficult to void but if left unchecked may derail the learning services project and increase our liability and ultimately affect our maintenance of a zero debt to equity ratio. This is best dealt with by clearly defining roles and tasks.


As professional trainers and mentors covered by our Accreditations and Professional Indemnity Insurance we must work within our area of competency. We must be clear and do not undertake work we are either not qualified to do or is outside our area of expertise. Competencies are to be clearly detailed. This not only includes the company but also individuals in the Company and Facilitators and Mentors. Some areas we might like to push into like international face to face in house learning service delivery are high risk because we aren’t geophysical associated and the consequences of getting it wrong could be very costly.

Analysis of Exposure

If a Learning services project is more technically challenging or involves complex course design work including innovative concepts, it is generally accepted that the learning services project will carry a higher risk rating than other projects. ACI GLOBAL must have a strategy to identify the level of design complexity or technical innovation and remember that ‘cutting edge solutions’ generally mean ‘high risk’ and again may compromise our ability to maintain our zero debt to equity ratio.

Risk Allocation

In any learning services project there must be a set of terms and conditions that form part of the contract, quote or tender. If there is not, we should not be doing the learning services project. Contained in these terms and conditions will be a set of liability clauses or concepts that assign liability / risk between the parties. ACI GLOBAL Management must closely review any set of terms and conditions and look for the works like: ‘indemnify, ‘absolve all risk’ etc as these terms normally are associated with the cascading of responsibility and hence liability for any negligent claim against the learning services project. What may look benign on the surface may contain onerous liabilities when examined in detail and in the context of the contract as a whole.

ACI GLOBAL should only accept and work on learning services projects where we are solely responsible for our actions or non-actions and cannot be co-joined, grouped or otherwise drawn into any action against delivering the required learning outcome.

Where possible ACI GLOBAL should only be bound by our own terms and conditions. Where this is not possible we should only accept standard industry contracts. Where words like ‘indemnify’ exist then ACI GLOBAL should seek to have them struck out, reviewed by our insurance broker or a commercial lawyer. A $20,000 job may expose ACI GLOBAL to millions of dollars of compensation.


Professional and Public Liability insurances operate to exclude any liability that is imposed upon you by contract unless that liability would have existed in the absence of the contract. ACI GLOBAL must not accept insurance requirements that impose a greater liability than the amount of the liability we are insured for.

Industry Codes and Compliance

ACI GLOBAL will be engaged to deliver learning services through agencies only after the agency satisfies ACI GLOBAL’S criteria of conformance and registration by a Third Party approved Contract Auditor or Appraiser to ISO 21001:2018, and were possible ISO 29993:2017. Other standards such as ISO 17021, ISO/IEC 17024 and ISO 31000 will need to be conformed to by the agency covered within a contract before engagement by ACI GLOBAL.

ACI GLOBAL will require Third Party verification to the above standards before entering into any contractual agreement with a third party (Agency)

Commercial Risks

Feasibility of Returns

ACI GLOBAL cannot be engaged in a contract under which we expect to lose money, or we cannot deliver (technically or physically). We must go into any contract believing that we can and will make money and deliver to the client’s expectations. We must also only be engaged in learning services projects where we get a fee for our service. ACI GLOBAL cannot engage in projects where a success fee is our only potential reward as it creates a ‘conflict of interest’ situation and ultimately may compromise ACI GLOBAL’S zero debt to Equity Ratio.

Given our appetite for risk is [INSIGNIFICANT or MINOR] high risk delivery of learning services projects like overseas in countries where we do not have a presence, are working for the first time with an unfamiliar client in a foreign currency and in a different time zone will not be considered.

Collection of fees is also a prime risk. ACI GLOBAL considers a sale not a sale unless payment is made. As a rule ACI GLOBAL should not accept a contract from a new supplier when we have concerns about our ability to be paid.

The terms of payment should be clearly outlined in the learning services project brief or our terms and conditions. If we are in doubt about our ability to collect or be paid within a ‘stated’ time period then we should either pass on the project or ask for a significant portion of the cost up front.

Service Delivery

Facilitators Sub-Contractors/Agents

Engaging a Facilitator sub-contractor or agent does not release us from the liability. We remain vicariously liable for their actions or non-action. Therefore it is prudent risk management to manage our Facilitators, sub-contractors or agents and be aware of their limitations.

In all cases we must ensure that we have a written contract / terms of engagement with our Facilitators sub-contractors and that the terms of this sub-contract mirror the main contract ie liability clauses match those in the main contract. We must agree the skill set and qualifications needed to be provided by the facilitator sub-contractor and clearly identify their role and responsibilities and seek their explanation as to how they propose to deliver the required services. We should also spend time investigating their management practices and ensure they are similar if not better than our own. Timelines and budget / cost of facilitation sub-contractor services are in line with our own contract ie we not paying more for facilitation than we have charged the client. We need to consider spot checks VOC to monitor their performance. We need to ensure they have current and sufficient Professional Indemnity and Public Liability to meet the head contract and our needs.


We must remember that reports are our ‘output’ of our services and maybe held up in court as ‘evidence’ of our negligence of professional work. As such they must be of a high standard and cross checked. The report must reflect the training plan brief and where possible make reference to the brief. Key strategies to minimise our liability include:

  • Summarise the training project brief in the report;
  • Demonstrate the method of work you adopted to achieve the desired result and include comment on any agreements on methodology on how best to proceed;
  • Include disclaimers and possible changes for special needs
  • Use appendices to bring in more supporting documentation into how the conclusions were reached
  • Note and use references from third parties which support your approach or conclusions reached.
  • If we are quoting someone outside the company make sure they are properly quoted and referenced.

Business Management

Business Plan

The development and review of a business plan is a necessary and crucial step in managing risk. Without a plan any path or action will take us to where we don’t want to go. However if we are clear and unified in our plan then we will all be working towards a common goal and outcome.

Succession Planning (Covered comprehensively in ACI Global’s Business Continuity Plan)

The Key is the maintenance of a ZERO DEBT to EQUITY Ratio

Succession planning is the process whereby we train and develop the next generation of leaders, facilitators and mentors who will one day take over our roles and responsibilities. I have often said that a person in ACI GLOBAL cannot be promoted and achieve a higher salary until they have trained a competent successor.

A failure to develop successors leaves the business vulnerable to dependency on key personnel who may or may not work for the total benefit of the company. The more ‘indispensable’ a person feels, the more likely they will demand (and in most cases, be granted) concessions not earned or available to other employees. This causes disharmony in the workforce. It also allows for a shock when a person (or family member) is suddenly struck down by a debilitating illness or they seek to leave or have time off to start a family.

No plan, no flexibility and increased risk of losing momentum or having to put in a higher cost solution is not acceptable

ACI GLOBAL has a ZERO DEBT to EQUITY RATIO and will strive at all accounts to maintain this ratio as this is the greatest protection we have in succeeding with our Succession Plan.