D1-Targeting and monitoring of risk

Risk Manager
Risk Audit

Risk Manager
Risk management committee Role
1. To agree the risk management
2. Review risk reports from affected department
Provide board guidance on emerging risks
Work with the audit committee on designing and monitoring internal
controls
3. Monitor overall exposure and specific risks. Strategic risk monitoring could
occur frequently
4. Assess the effectiveness of risk management systems

Roles of a risk manager

1. Providing overall leadership, vision and direction, involving the
establishment of risk management (RM) policies
2. Seeking opportunities for improvement of systems.
3. Developing and promoting RM competences
4. Reporting on the above to management and risk committee
5. Ensuring compliance with relevant codes, regulations, statutes

Arguments against Risk management

1. Cost
2. Disruption to normal organisational practices
3. STOP errors - where a practice has been stopped when it should have been
allowed to proceed
4. Slowing the seizing of new business opportunities

Risk Audit
Internal and external risk audit
Risk audit and assessment is a systematic way of understanding risks

Features
1. Complicated
It can be a complicated and involved process. Some organisations employ
teams of people to monitor and report on risks.

2. Voluntary
Risk audit is not a mandatory requirement for all organisations but,
importantly, in some highly regulated industries (such as banking and
financial services), a form of ongoing risk assessment and audit is
compulsory

Process
1. Identify risk
Management must be aware of potential risks
They change as the business changes
So this stage is particularly important for those in turbulent environments
Uncertainty can come from any of the political, economic, natural, sociodemographic or technological contexts in which the organisation operates.
2. Assess risks
The probability and the impact of the risk needs assessing
( sometimes not possible to gain enough information about a risk to gain an
accurate picture of its impact and/or probability)
This strategy is often, from share portfolio management to terrorism
prevention.
Businesses then come up with strategies to deal with the risks (TARA) but
thats for a different part of the syllabus
In a risk audit, the auditor now reviews the organisations responses to each
identified and assessed risk.
3. Review controls over risk
Here, the controls used are reviewed
For example, insurance cover or diversification of the portfolio
In the case of accepted risks, a review is made of things such as evacuation,
clean-up and so on,
4. Report on inadequate controls
Finally, a report is produced and submitted, in most cases, to the Board
Management will want to know about the key risks; the quality of existing
assessment and the effectiveness of controls currently in place.

Any ineffective controls would be the subject of urgent management

attention.

Internal Risk Audit

Advantages
o Those conducting the audit will be familiar with the systems,
environment and culture.
o So an internal auditor should be able to carry out a highly contextspecific risk audit.
o The audit assessments will therefore use appropriate technical
language and in a management specified form
Disadvantages
o Impaired independence and overfamiliarity

External Risk Audit

Advantages
o Reduces the independence and familiarity threats.
o Higher degree of confidence for investors and regulators.
o A fresh pair of eyes to the task
o Best practice and current developments often used