Risk strategy
258
Information on ownership of each priority significant risk should be included in 
the risk register. It is important that the activities of the risk manager, risk manage-
ment committee, audit committee, internal auditors and others do not reduce local 
ownership of significant risks. Managers must see ownership of risks as integral to 
the management of core processes and business activities, not as a separate issue that 
is the responsibility of specialist professional risk management and/or internal audit 
practitioners.
Range of responsibilities
Table 22.1 sets out examples of the range of risk management responsibilities of line 
management, the main functional departments and individual employees involved
in risk management. The risk management professionals involved will include the 
following individuals (at least), depending on the size of the organization:
●
●
insurance risk manager;
●
●
corporate treasurer;
●
●
finance director;
●
●
internal auditor;
●
●
compliance manager;
●
●
health, safety and environment manager;
●
●
business continuity manager.
The structure of Table 22.1 is also important. Items 1, 2 and 3 allocate responsibilities 
to the management of the organization. Item 1 is concerned with the allocation
of responsibilities to top management, being the board and executive. Item 2 is
concerned with the allocation of responsibilities to heads of department or middle 
management. Item 3 is concerned with the allocation of risk management respon-
sibilities to staff. Together, these three layers of management represent the first line of 
defence in ensuring that adequate attention is paid to risk management and internal 
control.
Item 4 of Table 22.1 describes the responsibilities of the risk manager for the 
organ ization. Item 5 sets out the responsibilities of specialist risk management func-
tions, such as health and safety or business continuity. In providing specialist support 
to management, these functions may be considered to be the second line of defence 
in achieving satisfactory risk management and internal control. Item 6 of Table 22.1 
sets out the responsibilities of the internal audit manager. Internal audit activities 
may be considered to be the third line of defence in ensuring adequate standards of 
risk management and internal control.
Externally, insurance brokers, insurance companies, accountancy firms and external 
auditors also have a contribution to make to the improved management of risk in 
their client organizations. It is important that risk management professionals work 
together. However, it is also important that the benefits of risk management are
embedded into the core processes of the organization.

Download 3.45 Mb.

Do'stlaringiz bilan baham: