Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
Risk strategy
254 The risk guidelines for the organization also provide practical guidance to man- agers on how to fulfil their risk management responsibilities. Keeping necessary records will allow the organization to demonstrate the successful implementation of the risk guidelines. The risk management administration documentation should extend to (at least) the items listed in Table 21.2. It is not the intention that the keeping of risk management records should become overly bureaucratic or burdensome. However, adequate records need to be kept so that the information is available for decision making, necessary advice for managers is accessible and confirmation can be provided to auditors that necessary controls have been correctly implemented. The importance of record keeping is highlighted below. There are many benefits to be gained from implementing records management. Records management is a key driver in increasing organizational efficiency and offers significant business benefits. Records management: ● ● reduces the time spent by staff looking for information; ● ● facilitates the effective sharing of information; ● ● reduces the unnecessary duplication of information; ● ● identifies how long records need to be kept; ● ● optimizes the legal admissibility of records to defend malicious litigation; ● ● supports risk management and business continuity planning. In short, records management improves control over information assets, frees up staff time and other resources, and helps protect individuals and the organization from various risks. Records management means that too much reliance is not placed on the memories of a few individuals. Importance of records The only reason for undertaking a risk assessment is so that current controls can be validated and the need for any further actions to improve control of risk can be identified. The risk register is the means of recording information on current controls and details of intended additional controls. It is important that the risk register should not become a static document. It should be treated as a dynamic element and considered to be the risk action plan for a unit or the organization as a whole. As well as risk response plans, information will also need to be recorded about the responsibility for individual controls. If additional controls are required, then the deadline, as well as the responsibility, for the implementation of those improved controls should be recorded. Download 3.45 Mb. Do'stlaringiz bilan baham: 
|