Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Reporting on risk management Risk reporting
|
Risk assurance
422 One of the benefits of the five lines of assurance model is that improved commu- nication is required between the board of directors, members of the executive and the business unit leaders. Also, close liaison is required between the specialist expert risk units and the internal audit activities. The focus is on providing consolidated assurance across the organization, to enhance a risk-aware culture, rather than con- centrating on the design and implementation of controls. Therefore, the five lines of assurance model is more relevant to the management of strategic and tactical risks (including opportunities) than the three lines of defence model. This fact arises directly from the increased focus on assurance in the five lines of assurance model, rather than control in the three lines of defence model. It should be noted that, in both models, external auditors and regulators will continue to fulfil their specific responsibilities. 36 Reporting on risk management Risk reporting There is a wide range of risk management documentation that is relevant to risk management activities. Table 21.2 lists the types of risk management documentation that may be required as follows: ● ● risk management administration; ● ● risk response and improvement plans; ● ● event reports and recommendations; ● ● risk performance and certification reports. The risk management manual should describe the control environment or risk culture. Typically, it will include a range of information, as set out in Table 21.3. The four categories of reports mentioned above can be characterized as established procedures, action plans, incident reports and performance reports. Chapter 21 discussed the established procedures in some detail, when describing the contents of the risk man- agement manual. Action plans, especially those embedded within the risk register, together with the recommendations that come from incident reports, will help main- tain risk management as a dynamic set of activities within the organization. Chapter 21 describes risk management documentation in detail but the subject is mentioned again here because of the importance of risk performance and certifica- tion reports. In fact, the importance of these documents has increased considerably in recent times, because of the introduction of the Sarbanes–Oxley Act of 2002. Enhanced reporting requirements have been applied to all types of organizations in most parts of the world. It is important for an organization to ensure that the reports it submits achieve the highest standards that apply, whilst being compatible with other requirements. For example, there may be specific requirements that apply, such as the Sarbanes– Oxley Act when an organization is listed on the New York Stock Exchange. However, that organization may also be listed on another stock exchange with different require ments. Additionally, the organization may have subsidiaries that are registered as a charity, or operate as (for example) an insurance company, perhaps a captive insurance company. Download 3.45 Mb. Do'stlaringiz bilan baham: 
|