Week 006

Risk Management Processes

OBJECTIVES OF RISK MANAGEMENT

COSO states their objectives of risk management separately:

This enterprise risk management framework is geared to achieving an entity’s objectives, set forth in four categories:

• Strategic—high-level goals, aligned with and supporting its mission

• Operations—effective and efficient use of its resources

• Reporting—reliability of reporting

• Compliance—compliance with applicable laws and regulations.

TOOLS FOR RISK MANAGEMENT

There are two useful tools to apply in risk management:

1. the risk matrix

2. the risk register.

THE RISK MATRIX

Risk is usually defined as the possibility that an event will occur (that is, a threat will materialize) and adversely affect
the achievement of objectives. It is measured in terms of the degree of likelihood that the event might occur,
coupled with the probable impact should the event occur. So an individual risk may be plotted graphically using a
graph, sometimes known as a risk map or matrix.
RISK REGISTERS

The risk register approach is less visual in its representation, but is widely used to create and maintain a record of
threats and their management at all levels and in all parts of the organization. The risk register allows a more
detailed description of the approaches being taken to manage risks.
Control Objectives for Risk Management Processes

(a) Organizational objectives support and align with the organization’s mission

(b) Significant risks are identified and assessed

(c) Appropriate risk responses are selected that align risks with the organization’s risk appetite

(d) Relevant risk information, enabling staff, management, and the board to carry out their responsibilities, is
captured and communicated in a timely manner across the organization, enabling staff, management, and the
board to carry out their responsibilities.