Fundamentals of Risk Management
Risk analysis and evaluation
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
Risk analysis and evaluation
147 Control confidence The intended effect of an individual control measure is illustrated in Figure 12.2. It is not possible for an organization to be absolutely confident that controls will always be fully implemented and will be as effective as expected or required. Controls will need to be audited in order to allow confidence that the control selected has been properly designed and implemented and is producing the desired effect. The level of control confidence can also be illustrated on a risk matrix. If the effectiveness of a control is uncertain, a greater variability of the outcome may be expected. This can be demonstrated on a risk matrix by using a circle or ellipse to represent a risk, instead of representing the risk as a single point on the risk matrix. By doing this, the level of uncertainty or variability in the outcome can be illustrated in relation to both the likelihood and impact of the event materializing. An important consideration when undertaking a risk assessment and when evalu- ating the effectiveness of risk management in general, and risk control measures in particular, is the level of confidence that should be placed on a particular control. Two questions need to be asked: ‘How confident are we that this is the correct control?’ and ‘How confident are we that it is fully implemented and effective in practice?’ When there is limited confidence in the effectiveness of a control, it will be the role of internal audit to test the control and provide information on the likely level of variability of outcome, should the risk materialize. It is the responsibility of internal auditors to check that the correct controls have been selected and that they are working correctly in practice. Internal auditors refer to effective and efficient controls respectively when reviewing these points. The use of effective and efficient is also included in this book in relation to core processes of Download 3.45 Mb. Do'stlaringiz bilan baham: 
|