Fundamentals of Risk Management
part of the company’s normal business activities
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
part of the company’s normal business activities; ● ● regular presentations to the board by management on the management of risk; ● ● comprehensive written policies in relation to specific business activities; ● ● comprehensive written policies in relation to corporate governance issues; ● ● regular communication between directors on compliance and risk matters; and ● ● consultation and review processes between the board and external accountants. The board requires that each major proposal submitted to the board for decision is accompanied by a comprehensive risk assessment and, where required, management’s proposed mitigation strategies. The company has in place an insurance programme that is reviewed periodically by the board. The board receives regular reports on budgeting and financial performance. A system of delegated authority levels has been approved by the board to ensure business transactions are properly authorized and executed. Edited extract from Australian Mines Limited 2013 Annual Report 15 tolerate, treat, transfer and terminate the 4ts of hazard response Priority significant risks facing an organization are those that have: ● ● high or very high impact in relation to the benchmark test for significance; ● ● high or very high likelihood of materializing at or above the benchmark level; ● ● high or very high scope for cost-effective improvement in control. Generally speaking, it is only priority significant risks that require attention at the most senior level of the organization. However, it is appropriate that compliance risks also receive boardroom attention. In practice, the board will expect these com- pliance risks to be properly managed and the board will only receive routine/annual reports describing risk performance, or a special report if a specific issue has arisen. The organization will seek to introduce effective and efficient controls to minimize compliance risks. The benchmark test for significance should be set at a level that represents a significant impact for the organization. Having identified the priority significant risks, the organization then needs to review the controls in place and decide whether further actions are required. For hazard risks, the range of responses available is often described as the 4Ts. There is a broad range of terminology available to describe risk response options. In fact, both British Standard BS 31100 and ISO 31000 use the term ‘risk treatment’ as the more generic description. For example, the British Standard defines risk treatment as the ‘process of developing, selecting and implementing controls’. Likewise, ISO 31000 defines risk treatment as ‘development and implementation of measures to modify risk’. The terminology used in the Orange Book has been adopted for this text for the risk response stage of the risk management process. The options for responding to risk can then be identified as the 4Ts. Appendix B contains information on the alternative definitions that are used by different publications. Download 3.45 Mb. Do'stlaringiz bilan baham: 
|