Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
Risk management context
247 Risk architecture The risk management organization and arrangements of an organization can be described as the risk architecture. The risk architecture sets out lines of communi- cation for reporting on risk management issues and events. It is vital that the risk architecture reinforces the fact that the responsibility for managing risks remains with the owner of that risk. In order that risk management can be fully embedded into the core processes and operations of an organization, a clear statement of risk management responsibilities is required. Also, as part of the analysis of each significant risk, risk management responsibilities need to be clearly allocated to the following aspects of managing that risk: ● ● development of risk strategy and standards; ● ● implementation of the agreed standards and procedures; ● ● auditing compliance with the agreed standards. The risk architecture can be represented diagrammatically as a means of identify- ing the committees with risk management responsibilities and the relationships between those committees. The importance of the risk architecture of an organization is discussed in Chapter 22 and examples of typical risk architectures are provided. The risk architecture will include details of the terms of reference of the various committees. This will include details of the membership and responsibilities of the various committees. The risk architecture should also provide information on how risk information is communicated between the various committees. The risk architecture shows the relationship between various committees that have been established within the organization. The membership and responsibilities of the committee will need to be established in suitable terms of reference. The risk architecture will also include details of reports that are received by individual com- mittees and the reports that are required from those committees. An important aspect of the risk architecture is to ensure that risk escalation procedures are embed- ded within the organization, including appropriate whistleblowing arrangements. When considering the range of documentation that needs to be produced, organ- izations should distinguish between the risk protocols that are recorded in the risk management manual and those documents or reports that are intended to track and monitor changes and improvements. The risk management manual may be considered to be a static record of processes and procedures, whereas the other documentation, for example the risk register, should be a dynamic record of actions that are planned or are in progress. In effect, the risk register should be considered to be the risk management action plan. Download 3.45 Mb. Do'stlaringiz bilan baham: 
|