Risk management context
245
●
●
event reports and recommendations;
●
●
risk performance and monitoring reports.
One of the standard documents produced by organizations as part of their risk manage-
ment initiatives is the risk register. Risk registers can be produced for a variety of
operational, project and strategic purposes. The likely format of the risk register is
discussed in Chapter 7 and the basic format is illustrated in Table 7.1.
The working relationship between risk management and internal
audit is critically
important. Risk management expertise rests in the assessment of risk and the identi-
fication of existing and additional controls. Internal audit has its expertise in the
evaluation of controls and the testing of their efficiency and effectiveness. Successful
TAbLE
21.1
Risk management framework
risk management architecture
●
●
Committee structure and terms of reference
●
●
Roles and responsibilities
●
●
Internal reporting requirements
●
●
External
reporting controls
●
●
Risk management assurance arrangements
risk management strategy
●
●
Risk management philosophy
●
●
Arrangements for
embedding risk management
●
●
Risk appetite and attitude to risk
●
●
Benchmark tests for significance
●
●
Specific risk statements/policies
●
●
Risk assessment techniques
●
●
Risk priorities
for the present year
risk management protocols
●
●
Tools and techniques
●
●
Risk classification system
●
●
Risk
assessment procedures
●
●
Risk control rules and procedures
●
●
Responding to incidents, issues and events
●
●
Documentation
and record keeping
●
●
Training and communications
●
●
Audit procedures and protocols
●
●
Reporting/disclosures/certification
