Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Risk assurance techniques 407
|
TAbLE
34.2 Sources of risk assurance Culture measurement – by use of a recognized framework such as CoCo or COSO in order to gain a quantitative evaluation of the control environment. Audit reports – produced by internal audit and external auditors on a range of issues including risk assessment, implementation, compliance and training. Unit reports – on such issues as risk performance indicators, CRSA, response to audit recommendations and reports on incidents that have occurred. Performance of the unit – on risk-related issues, losses, significant weaknesses in control measures and details of any material losses suffered by the unit. Unit documentation – on topics such as the risk management policy, health and safety policy, business continuity plans and disaster recovery plans. Risk assurance techniques 407 introduce a control risk self-assessment (CRSA) procedure that will be based on the components as set out in the 2014 risk guidance published by the Financial Reporting Council. Areas of weakness identified in the CRSA returns will be reported to the executive committee and remedial action will be required. All of these actions will provide the board with greater assurance and place the company in a better position to secure the additional funding from the bank. When considering risk assurance, the organization will need to evaluate different issues, depending on whether the evaluation is related to strategy, tactics, operations or compliance. Assurance on adequate management of hazard risks can be achieved by evaluation of the hazard risk performance of the department. Depending on the risk priorities of the organization, the board or audit committee may require annual reports on certain hazard risks. Because of the importance of health and safety at work, boards usually receive annual reports on safety perform- ance. Likewise, the audit committee will wish to receive an annual report on the incidents of fraud that have been detected within the organization. This will be especially true of organizations that handle large amounts of cash. Risks that are concerned with uncertainty, and in particular with the successful completion of projects, are often the subject of a review by the board or audit com- mittee. Within large organizations, it is typical to have a post-implementation review of a project. For example, if the board of a retail company has authorized the open- ing of a new store, the audit committee will require a review of the completion of the project for opening the store. This post-implementation review will evaluate whether the project was delivered on time, within budget and to specification. It is also common for the audit committee to require a further post-implementation review of the first 12 months trading of the new store. Risk assurance related to strategy/opportunities is more difficult and somewhat less well developed. Nevertheless, there is an increasing number of examples of organizations that undertake opportunity evaluations. This has become increasingly common in the professional consultancy firms. When a new business prospect arises, many professional consultancy firms have an opportunity review committee that decides on whether the organization wishes to offer its services to the client prospect. This type of opportunity evaluation may initially be achieved by attaching a risk assessment to a new business proposal. Download 3.45 Mb. Do'stlaringiz bilan baham: 
|