Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Risk management context
|
Establishing the context
87 There are many checklists available that will enable an organization to identify the nature of the external and internal context within which it operates. Which classification system or checklist of questions is used is less important than the need to identify the full range of risk issues faced by the organization. This will enable the organization to validate the existing business model, the resources required to deliver the business model, as well as the level of resilience within the existing business model. Risk management context Chapter 21 considers the risk management context in detail, in terms of the risk architecture, strategy and protocols (RASP) developed by the organization. The RASP of an organization defines the structure of the risk management context and how the components of that context are implemented to achieve the desired benefits from the enterprise risk management initiative. It is important that the risk management context of an organization is capable of delivering the required risk management strategy and develop the necessary risk-aware culture. The components of a satisfactory risk-aware culture are leadership, involve- ment, learning, accountability and communication (LILAC), as considered in more detail in Chapter 24. An important component of the risk management context is the mandate provided by senior management that provides the scope and level of authority for undertaking risk management activities in the organization. The mandate provided to the risk manager, head of internal audit and others involved in the risk management initiative should be defined in the risk management policy for the organization. The risk attitude and risk appetite of the organization, as defined by the risk criteria for different types of risks, helps to define the risk management context of the organization and to provide the basis for undertaking risk assessments and record- ing the results in the risk register. The nature and extent of communication of the information contained in the risk register throughout the risk architecture of the organization also helps define the risk management context. Perhaps the most important feature of the risk management context that will determine the success of the enterprise risk management initiative relates to how the initiative is implemented. Appendix C provides an outline of an implementation guide for an enterprise risk management initiative in terms of planning, implementing, measuring and learning (PIML). The risk management context must contribute to the success of the organization and be supportive of the delivery of stakeholder expectations, both external and internal. A requirement of the risk management context is that it should identify emerging risks and support the response to changes in the external and internal context of the organization. The nature of emerging risks can be complex and, by definition, highly unpredictable. In helping the organization identify the nature of emerging risks, the risk manage- ment context should provide the mechanism for providing early warning. This has been described as the ‘risk radar’ of the organization and it must include timely |
