Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Risk management responsibilities Allocation of responsibilities
|
Risk strategy
256 Risk performance and certification reports include consideration and analysis of preliminary reports of the results of operations, as well as more formal declarations and certified reports to stakeholders. In some cases, certification of the results of operations of the organization will be undertaken as a formal attestation of the results of operations. This approach is required by the Sarbanes–Oxley Act in relation to financial reporting. This attestation will often be undertaken by a third party, such as an external auditor. Such an attestation could also relate to an evaluation of the effectiveness of the control activities. Management will be interested in receiving details of risk performance. This will be especially important when the organization is exposed to a portfolio of risks that bring the total risk exposure close to the limit of the risk appetite and/or risk capacity of the organization. For example, an organization may have budgeted for a certain level of loss in relation to hazard risks. If this budget is challenging, then careful monitoring of losses will be required in order to ensure that the exposure to the specific type of hazard risk is not being exceeded. The hazard tolerance may be limited and so the organization will need to monitor hazard losses very carefully. For example, a transport company will need to monitor the number of motor vehicle accidents and the breakdown frequencies related to the vehicles run by the company. 22 Risk management responsibilities Allocation of responsibilities Everybody working for an organization will need to be made aware of their risk management responsibilities, as will contractors and suppliers. There are many professional people in large organizations who have an understanding of risk and a substantial contribution to make to the successful management of the priority significant risks. Unfortunately, there is not always a common view of risk manage- ment or the issues that are important to the organization. Ownership of core processes, key dependencies and risks is important, because it enables the risk management and audit committees (see Part Eight) to monitor actions and responsibilities. This ownership is important for all risks, although the audit committee will only monitor the priority significant risks. Any confusion of responsibilities and reporting structure must be eliminated. There should be clear statements of responsibilities for the following aspects of the management of each priority significant risk: ● ● setting required risk standards; ● ● implementing risk standards; ● ● monitoring risk performance. A detailed set of responsibilities will ensure that the roles of risk owners, process owners, internal audit, risk management functions, members of staff, contractors and outsourced operations as well as all others are clearly defined and understood. The allocation of responsibilities to committees, as part of the risk architecture is also an important consideration. The membership, responsibilities and reporting structure will normally be described in the terms of reference of each committee. Download 3.45 Mb. Do'stlaringiz bilan baham: 
|