Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
Alternative approaches
109 Different approaches The approach adopted by the Canadian Criteria of Control (CoCo) framework (1995) produced by the Canadian Institute of Chartered Accountants is based on the idea that the risk culture of the organization is the most important consideration. If the risk culture is correct, then the successful management of risks should follow. The CoCo framework states that: A person performs a task, guided by an understanding of its purpose (the objective to be achieved) and supported by capability (information, resources, supplies and skills). The person will need a sense of commitment to perform the task well over time. The person will monitor his or her performance and the external environment to learn about how to do the task better and about changes to be made. The same is true of any team or work group. In any organization of people, the essence of control is purpose, commitment, capability and monitoring and learning. The COSO ERM framework refers to the control environment as the internal environ- ment. This is equivalent to the control environment that is considered in the CoCo framework. CoCo provides a structured means of analysing the control environment that enables a quantitative assessment of the control environment, so that the features for improvements can be identified. The CoCo framework is considered in more detail in Chapter 33. Although there are different versions of the CoCo questions, the following are the headings that are normally used in order to evaluate the risk-aware culture within an organ ization using the CoCo approach: ● ● purpose, vision and mission; ● ● commitment to integrity and ethical values; ● ● capability, authority and responsibilities; ● ● learning and development of competence. In addition to the CoCo approach, there are many other risk management and internal control standards available throughout the world. The scope and intended purpose Embedding organizational resilience into governance mechanisms should ensure that the management of the risks to critical infrastructure posed by natural hazards, major accidents and other malicious damage is considered by the board. The needs of organizational resilience would thereby inform strategic investment and procurement decisions, risk management and discussions with supply chain partners. It would enable infrastructure owners and operators to improve their understanding of the resilience of their infrastructure, measure the success of the strategy at regular intervals, and make necessary amendments to secure delivery or to match changing organizational priorities. Increasing importance of resilience |
