Professional Documents
Culture Documents
Risk Assessment
Identify and leverage common
Emerging Risk Identification
processes, technologies and
knowledge Risk/Control Monitoring (Key Risk
Indicators)
(1) Working team from functions which should
participate
- establishes common understanding of “integration”, goals
and internal vision, e.g.:
agree common risk management concept
maintain independence/objectivity of each function
rationalize and harmonize approaches
share information cross-functionally
(2) Discuss internal vision with executive
management and board (or audit committee)
present both benefits and potential pitfalls!
test against Strategic Framework
(3) Consider areas where initial opportunities for
improvement exist
Usually among processes involving communications,
knowledge-sharing, scheduling or risk assessments.
(4) Detail plans to tackle inceptive projects
Consider resourcing needs as well as mechanisms for
feedback
(5) Develop an overall risk management policy
Include legal/technical/corporate governance aspects
What is the organization’s “risk-appetite”?
(6) Establish success factors and measurement points
Ensure feedback mechanism allows lessons to be
learned
(7) Iterative process for further working group
sessions
Develop a final vision and organization specific goals.
(8) Finalize Board’s risk policy
Use working group reassessment outputs
Is the current policy still valid or does a new one have to
be developed?
(9) Gain Board’s (or audit committee) formal
approval
Internal auditors to provide assurance on both design
and implementation of audit plan.
(10) Execute!