Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Risk assurance 398
|
Monitoring and learning
Environment should be monitored to re-evaluate controls. Performance should be monitored against the targets. Assumptions behind objectives should be periodically challenged. Information needs and related information systems should be reassessed. Procedures should be established to ensure appropriate actions occur. Management should periodically assess the effectiveness of control. Risk assurance 398 will enable the company to identify that it needs to pay more attention to the areas of challenging objectives and the assumptions that lie behind them. Better auditing of controls and a structured senior management review of risk management and internal control activities can then be introduced. The main differences in approach between COSO and CoCo are that CoCo is more explicit about the following issues: ● ● identification of a need to exploit opportunities; ● ● mitigation of weaknesses in business resilience; ● ● the importance of individual trust to the quality of the control environment; ● ● the need to periodically challenge assumptions. There are two versions of COSO, and it is the COSO ERM framework (2004) that is considered in detail in this book. COSO Internal Control was originally published in 1992, but was updated in 2013 and the first component of the COSO Internal Control framework is called the control environment. The features of the control environment that are considered to be important by COSO Internal Control can be summarized as: ● ● organization is committed to integrity and ethical values; ● ● board has oversight of development and performance of internal control; ● ● management sets structures, reporting lines, authorities and responsibilities; ● ● organization seeks to attract, develop, and retain competent individuals; and ● ● organization holds individuals accountable for internal control responsibilities. A good risk culture consistently supports appropriate risk-awareness, behaviours and judgements about risk taking within a strong risk governance framework. A good risk culture bolsters effective risk management, promotes appropriate risk taking, and ensures that emerging risks or risk-taking activities beyond risk appetite are recognized, assessed, escalated and addressed. A good risk culture should emphasize the importance of ensuring that: 1) an appropriate risk–reward balance consistent with risk appetite is achieved when taking on risks; 2) an effective system of controls commensurate with the scale and complexity of the organization is in place; 3) the quality of risk models, data accuracy, capability of available tools to accurately measure risks, and justifications for risk taking can be challenged; and 4) all limit breaches, deviations from established policies, and operational incidents are investigated with proportionate disciplinary actions when necessary. Based on Financial Stability Board (2014) Components of a good risk culture |
