Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Control environment
|
the control environment
395 good and bad times. A further purpose of the internal control system and internal control activities is to safeguard resources and ensure the adequacy of records and systems of accountability. The purpose of the control environment is to ensure consistent responses to risks that materialize. A well-developed control environment will also ensure that pre- planned responses to a crisis situation are efficiently and effectively implemented. There are a number of approaches to the evaluation of the control environment, including LILAC, CoCo and risk maturity models such as FOIL and the 4Ns, as described in Chapter 24. In many ways, the use of a maturity model will help evaluate the status of the control environment in terms of the implementation of the selected structure that will be used to drive improvements in the control environment and achieve a greater level of risk awareness in the organization. In summary, the LILAC or CoCo model will be selected as the means of driving and measuring improvements in the control environment. The level of success in implementing the selected framework will be reflected in the level of risk maturity, as measured by FOIL and the 4Ns, that has been achieved. An enhanced level of maturity will enable the organization to achieve more sophisticated outcomes from its risk management efforts, as illustrated in Figure 4.2. Risk maturity models can be used as a means of benchmarking the risk management status of an organization and targets can be set to increase risk maturity. Control environment The Criteria of Control framework, otherwise known as CoCo, produced by the Canadian Institute of Chartered Accountants (CICA) is a structured means of measur- ing the quality of the control environment within an organization. The control environ- ment, which the COSO ERM framework labels as the ‘internal environment’, is a measure of the risk culture within the organization. The view taken by the CoCo framework is that if the control environment is satisfactory, risk management and internal control activities will be successfully and appropriately undertaken. The structure of the CoCo framework is set out in Figure 33.1. The framework has four components, which are represented as a continuous cycle. The components are based on a sense of direction of the organization, a sense of identity and values, a sense of competence and a sense of evolution. A number of organizations use the CoCo framework as a means of benchmarking compliance with the internal control component of the COSO ERM framework. This approach will, therefore, be based on a framework that is a combination of CoCo and the remaining seven components of the COSO ERM framework. Table 33.2 gives more information on the specific requirements of each of the four components of the CoCo framework, as set out below: ● ● purpose; ● ● commitment; ● ● capability; ● ● monitoring and learning. |
