Escolar Documentos
Profissional Documentos
Cultura Documentos
Risk Manager
Risk Audit
Risk Manager
Risk management committee Role
1. To agree the risk management
2. Review risk reports from affected department
Provide board guidance on emerging risks
Work with the audit committee on designing and monitoring internal
controls
3. Monitor overall exposure and specific risks. Strategic risk monitoring could
occur frequently
4. Assess the effectiveness of risk management systems
Risk Audit
Internal and external risk audit
Risk audit and assessment is a systematic way of understanding risks
Features
1. Complicated
It can be a complicated and involved process. Some organisations employ
teams of people to monitor and report on risks.
2. Voluntary
Risk audit is not a mandatory requirement for all organisations but,
importantly, in some highly regulated industries (such as banking and
financial services), a form of ongoing risk assessment and audit is
compulsory
Process
1. Identify risk
Management must be aware of potential risks
They change as the business changes
So this stage is particularly important for those in turbulent environments
Uncertainty can come from any of the political, economic, natural, sociodemographic or technological contexts in which the organisation operates.
2. Assess risks
The probability and the impact of the risk needs assessing
( sometimes not possible to gain enough information about a risk to gain an
accurate picture of its impact and/or probability)
This strategy is often, from share portfolio management to terrorism
prevention.
Businesses then come up with strategies to deal with the risks (TARA) but
thats for a different part of the syllabus
In a risk audit, the auditor now reviews the organisations responses to each
identified and assessed risk.
3. Review controls over risk
Here, the controls used are reviewed
For example, insurance cover or diversification of the portfolio
In the case of accepted risks, a review is made of things such as evacuation,
clean-up and so on,
4. Report on inadequate controls
Finally, a report is produced and submitted, in most cases, to the Board
Management will want to know about the key risks; the quality of existing
assessment and the effectiveness of controls currently in place.
Advantages
o Those conducting the audit will be familiar with the systems,
environment and culture.
o So an internal auditor should be able to carry out a highly contextspecific risk audit.
o The audit assessments will therefore use appropriate technical
language and in a management specified form
Disadvantages
o Impaired independence and overfamiliarity
Advantages
o Reduces the independence and familiarity threats.
o Higher degree of confidence for investors and regulators.
o A fresh pair of eyes to the task
o Best practice and current developments often used