Risk culture 
290
be managed as an internal control issue and will be monitored and reviewed by the 
internal audit department. Risks associated with a merger or acquisition should be 
managed as an opportunity issue by the CEO or a nominated senior executive.
steps to successful risk management
In order to improve the risk management performance of an organization, a risk 
management initiative will be required. The nature of this initiative will depend on 
the size, complexity and nature of the organization. There is no single correct
approach to implementing risk management in an organization. The drivers for
undertaking risk management and the expected outputs and impacts will vary
between organizations.
Although there is no single correct approach, Table 24.1 sets out some of the key 
steps in achieving successful risk management. Appendix C provides an approach 
that is entirely compatible with the issues mentioned in Table 24.1. The appendix 
also draws together the acronyms used throughout this book and lists the various 
risk management tools and techniques associated with each stage in the implementa-
tion of a successful enterprise risk management initiative.
TAbLE 
24.1
Achieving successful enterprise risk management
 1 
Engage senior m
anagement and board of directors to provide organizational 
support and resources.
 2 
Establish an independent ERM function reporting directly to a board member.
 3 
Establish the risk architecture at executive and board levels, supported by 
internal audit.
 4 
Develop the ERM framework that incorporates an appropriate risk classification 
system.
 5 
Develop a risk aware culture fostered by a common language, training and 
education.

Download 3.45 Mb.

Do'stlaringiz bilan baham: