Approaches to risk management 
86
depends. This will include members of staff and people providing services on an 
outsourced, contracted and/or supplier basis.
Having identified the expectations of internal stakeholders, including identification 
of the importance of these stakeholders to the operations and compliance activities 
of the organization, it will then be possible to view in more detail the factors that 
influence the internal context. The FIRM risk scorecard provides a structure for
carrying out a detailed evaluation of the context of the organization. The financial 
and infrastructure components of the FIRM risk scorecard are primarily related to 
the internal context and the reputational and marketplace components are primarily 
related to the external context.
Table 14.2 provides a detailed checklist of questions related to the development 
of a riskiness index based on the structure of the FIRM risk scorecard. In summary, 
the financial component of the internal context of an organization defines the financial 
procedures and the means by which money is managed and profitability is achieved. 
In particular, when evaluating the financial component of the internal context, the 
following issues should be addressed:
●
●
availability of adequate funds to fulfil strategic plans;
●
●
existence of robust procedures for correct allocation of funds for investment;
●
●
nature of internal financial control environment to prevent fraud;
●
●
availability of funds to meet historical and anticipated future liabilities.
The other component of the FIRM risk scorecard relevant to the internal context is 
infrastructure, as this influences the nature of the processes undertaken within the 
organization. Infrastructure risks define the level of inefficiency and dysfunction that 
may arise during internal processes. In particular, when evaluating the infrastructure 
component of the internal context, the following issues should be addressed:
●
●
senior management structure and the nature of the risk culture;
●
●
availability of adequate people resources and people skills, including 
intellectual property;
●
●
availability of adequate physical assets to support operational activities;
●
●
information technology infrastructure sufficient to achieve resilience and 
protect data;
●
●
business continuity plans in place to ensure continuity of activities following 
major disruption;
●
●
arrangements for service delivery and/or transportation and reliable 
communication infrastructure.
The FIRM risk scorecard offers one mechanism for evaluating the internal context 
of an organization, but other approaches may be employed, including a SWOT
analysis. Many organizations use the political, economic, social, technological, legal 
and environmental/ethical (PESTLE) risk classification system. The PESTLE risk 
classification system is considered in more detail in Chapter 11. Some components of 
the PESTLE risk classification system are related to the external context, some are
related to the internal context and other components are relevant to both external 
and internal contexts.

Download 3.45 Mb.

Do'stlaringiz bilan baham: