Database Reference
In-Depth Information
As the Institute of Risk Management in the UK puts it as "The Board has responsibility
for determining the strategic direction of the organization and for creating the
environment and the structures for risk management to operate effectively. This may
be through an executive group, a non-executive committee, an audit committee or
such other function that suits the organization's way of operating and is capable
of acting as a 'sponsor' for risk management". Or as put by the International
Organization for Standardization (ISO), "Risk Management is a key business
process within both the private and public sectors around the world. Effective risk
management and the resulting controlled environment are central to sound corporate
governance and for this reason, much of the law that has been created in response to
corporate collapses and scandals, now requires effective risk management."
And lastly as put by the committee of sponsoring organizations of the Treadway
commission, "Aligning risk appetite and strategy - Management considers the
entity's risk appetite in evaluating strategic alternatives, setting related objectives,
and developing mechanisms to manage related risks".
Verifying and quantifying risks and bringing them back to the board of directors
is the job of the Chief Audit Executive. The vehicle he uses to verify and quantify
the risks to which the enterprise is exposed in the Audit Plan. The Audit Plan is
the set of controls to be tested in the planning period. These are made visible in
the GRC Manager.
Conducting a Risk Assessment
The risks assessment at this level is really conducted through a workshop or
a guided interview process. The output of the risk assessment is the catalog of
risks. At the end of this process, the risks will be strategic risks such as:
• Competitor movement
• Technology changes
• Mergers and acquisition integrations
• Legal environment changes
 
Search WWH ::




Custom Search