Please enable JavaScript.
Coggle requires JavaScript to display documents.
RISK TOPIC 2: ORANGE BOOK (REVIEWING AND REPORTING RISKS (REVIEW PROCESSES…
RISK TOPIC 2: ORANGE BOOK
ADDRESSING RISK
turn uncertainty to the organization’s benefit by constraining threats and taking advantage of opportunities.
action to address a risk is known as “internal control”.
5 KEY ASPECTS OF ADDRESSING RISK
Tolerate - Tolerate with risk without any further action being taken.
Treat - Action (control) is taken constrain the risk to an acceptable level.
Transfer - Transfer to third party which is more capable of effectively managing the risk.
Terminate - Terminating the activity in order to reduce the risk to acceptable levels.
Take the opportunity - Option which should be considered whenever tolerating, transferring or treating a risk
REVIEWING AND REPORTING RISKS
To monitor whether or not the risk profile is changing
To gain assurance that risk management is effective
To identify when further action is necessary
REVIEW PROCESSES
ensure that all aspects of the risk management process are reviewed at least once a year
ensure that risks themselves are subjected to review with appropriate frequency
make provision for alerting the appropriate level of management to new risks or to changes in already identified risks so that the change can be appropriately addressed.
Tools and Techniques
Risk Self Assessment (RSA)
-maintaining the organisation-wide risk profile
Stewardship Reporting
-requires that designated managers at various levels of the organisation report upwards
Risk Management Assessment Framework
-evaluating the maturity of an organisation’s risk management
COMMUNICATION AND LEARNING
Not a distinct stage in risk management but runs through the whole risk management process.
Everyone in the organisation should understand the organisation’s risk strategy, risk priorities and their responsibilities in the organisation.
Ensure that transferable lessons are learned and communicated to those who can benefit from them.
Ensure that each level of management actively seeks and receives appropriate and regular assurance about the management of risk within their span of control.