Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Detective controls
|
Risk response
194 The value and relevance of directive controls is obvious. Chapter 18 discusses business continuity planning and the importance of providing clear directions to people in relation to managing the crisis as the immediate priority, followed by re- covering from the disaster and finally, ensuring business continuity. Contracts, in- cluding insurance policies, are also a form of directive control, as discussed in Chapter 17 on insurance and risk transfer. All contracts provide written directions to people on how they should respond when a defined set of circumstances, such as an insurance claim, arises. An important aspect of directive controls that is often overlooked is that when an unexpected event occurs, it is usually directive controls that are introduced as an immediate response to that unexpected event. The hierarchy of controls described in Table 16.2 represents the desired situation in established and stable circumstances. However, when the unexpected has been detected, the order in which new controls will be introduced may be somewhat different. The initial response is likely to in- volve introducing directive controls and/or preventive controls, if the event repre- sents an immediate risk, especially if it is a safety risk. This immediate response will then allow corrective controls to be designed and implemented as the new set of circumstances becomes clear and/or stabilizes. Detective controls Table 16.1 provides a brief description of the nature of detective controls. As suggested in the title, detective controls are those procedures that identify when the hazard has materialized. Detecting that a hazard has materialized some time after the event is not entirely satisfactory, but can be justified in certain circumstances. Sometimes, other controls may be unable to completely eliminate the chances of a risk materializing. Examples of detective controls include stock or asset checks to ensure that stock or assets have not been removed without authorization. Bank reconciliation exercises can detect unauthorized transactions. Also, post-implementation reviews can detect the lessons learnt from projects that can be applied in future. Detective controls are closely related to review and monitoring exercises undertaken as part of the risk management process. The advantage of detective controls is that they are often simple to administer. In any case, they are essential in many circumstances where the organization will require early warning that other risk control measures have broken down. The disadvantage of the detective controls is that the risk will already have materialized before it is detected. It could be argued, of course, that the fact that detective controls are in place will deter certain individuals from attempting to circumvent other risk controls. Detection of fraud is often only possible after the fraud has taken place. However, there are considerable advantages in detecting fraud early, so that the nature and scale of the fraud may be reduced and the scope for future similar fraudulent activities eliminated. The text box discusses introducing new financial controls in a charity. |
