Fundamentals of Risk Management
Approaches to risk management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Coso eRM cube
|
Approaches to risk management
76 the key features of a risk management framework that is built around and supports the risk management process. The RASP approach is entirely consistent with the concept of the risk management context or risk management framework described in ISO 31000. Part Five of this book describes the risk architecture, strategy and protocols (RASP) in more detail. It is these elements that define the framework within which the risk management process takes place. These three components of risk architecture, strategy and protocols are required for successful risk management activities. There needs to be a clear understanding of the risk management process, followed by a clear definition of the framework that supports the process. Because the framework is a supportive structure, it is shown in Figure 6.2 as a series of components built around and supporting the risk management process. In implementing and supporting the risk management process, the risk manage- ment framework needs to facilitate communication and the flow of risk information. The risk management framework has two separate considerations. Firstly, it must be supportive of the risk management process and, secondly, it must ensure that the outputs from the process are communicated into the organization and achieve the anticipated benefits for the organization. If an organization decides to follow the structure of the IRM Risk Management Standard, it would then have to set up a framework that includes the structure, responsibilities, administration, reporting and communication components of risk management. All of these procedures will then be recorded in a risk management manual. Coso eRM cube An Enterprise Risk Management (ERM) version of the COSO framework was pro- duced in 2004 and this has both risk management and internal control within its scope. Details of the COSO ERM framework are provided on the COSO website and there is a free download of the executive summary of COSO ERM. The COSO ERM approach suggests that enterprise risk management is not strictly a serial set of activities, where one component affects only the next. It is considered to be a multidirectional, iterative process in which almost any component can and does influence all other components. In the COSO ERM framework, there is a direct relationship between objectives, which are what an entity strives to achieve, and enterprise risk management components, which represent what is needed to achieve them. The relationship is depicted in a three-dimensional matrix, in the form of a cube, and this is reproduced as Figure 6.3. The COSO ERM cube is a very influential risk management framework and it consists of eight interrelated components. These are derived from the way manage- ment runs an enterprise and are integrated with the management process. A brief description of the COSO ERM components is set out in Table 6.2. COSO ERM describes the framework by stating: ‘within the context of the established mission or vision of an organization, management establishes strategic objectives, selects strategy and sets aligned objectives cascading through the enterprise.’ |
