Please enable JavaScript.

Coggle requires JavaScript to display documents.

Risk Management Frameworks (COSO (The ERM Framework is geared to achieving…

- - - - Initial Component: Mandate and Commitment by the Board and is followed by:
        
        Design of Framework
        
        Implement Risk Management
        
        Monitor and Review Framework
        
        Improve Framework
  - - - The key stages in the process are represented as risk assessment and risk treatment. It also indicates that the risk management process takes place withing the risk management context of the organisation.
        
        Risk Assessment
        
        Risk Identification establishes the exposure of the organisation to risk and uncertainty.
        
        The result of risk analysis can be sued to produce a risk profile that gives a rating of significance to each risk and provides a tool for prioritising risk treatment efforts
        
        Risk Treatment
        
        Risk Treatment is the activity of selecting and implementing appropriate control measures to modify the risk.
        
        Risk Treatment includes as its major element, risk control (or mitigation), but extends further to, for example, risk avoidance, risk transfer and risk financing.
        
        Feedback Mechanisms
        
        Two mechanisms are used
        
        Monitoring and review ensures that the organisation monitors risk performance and learns from experience.
        
        Communication and consultation is presented in ISO 31000 as part of the risk management process, but it may also be considered to be part of the supporting framework.
  - - - Identity intended benefits of the ERM initiative and gain Board Mandate
        
        Plan the scope of the ERM initiative and develop common language of risk
        
        Establish the risk management strategy, framework, and the roles and responsibilities
        
        See Table 3 for Risk Management Responsibilities
    - - Adopt suitable risk assessment procedures and an agreed risk classification system.
        
        Establish risk significance benchmarks and undertake risk assessments.
        
        Determine risk appetite and risk tolerance levels, and evaluate the existing controls.
        
        See Table 4 for Risk Assessment Techniques
    - - Ensure cost-effectiveness of existing controls and introduce improvements
        
        Embed risk aware culture and align risk management with other management tasks.
    - - Monitor and review risk performance indicators to measure ERM contribution
        
        Report risk performance in line with legal and other obligations, and monitor improvement.
- - - - A process, ongoing and flowing through an entity
      - Effected by people at every level of an organisation
      - Applied in strategy setting
      - Applied across the enterprise, at every level and unit, and includes taking an entity-level portfolio view of risk
      - Designed to identify potential events that, if they occur, will affect the entity and to manage risk within its risk appetite
      - Able to provide reasonable assurance to an entity's management and board of directors
      - Geared to achievement of objective in one or more separate but overlapping categories.
  - - - Objective Setting:
        
        Event Identification:
        
        Risk Assessment:
        
        Risk Response:
        
        Control Activities:
        
        Information & Communication:
        
        1 more item...
    - - This depiction portrays the ability to focus on the entirety of an entity's enterprise risk management or by objectives category, component, entity unit, or any subset thereof.
        
        Effectiveness: ERM is "effective" when the eight components are present and functioning effectively and when the 4 categories are effective it provides the board of directors and management with reasonable assurance that all objectives are met and complied with.
  - - - Internal Parties
        
        CEO, Managers, Risk Officer, Financial Officer, Internal Auditor, Entity Personnel and the Board of Directors
      - External Parties
        
        Not responsible for the entity's ERM, only provide useful information in effecting ERM
        
        Ex. Customers, Vendors, Business Partners, External Auditors, Regulators and Financial
        Analysts.
- - - - The governing body should perform the following practices:
        
        Determine and implement the approach for risk governance that includes opportunities and risks when developing the strategy as well as the positive and negative effects of those same risks when trying to achieve the objectives
        
        Incorporate treating risk in decision-making as well as the execution of duties
        
        Risk management implementation should be delegated to management
        
        Oversee the risk management process to ensure the following results:
        a. Assessment of risks and opportunities
        b. Achievement of objectives
        c. The organisation's dependency on resources and relationships
        d. The design & implementation of appropriate risk responses
        e. Business continuity, and
        f. Integration of risk management into the culture of the organisation
        
        Ensure the periodic assurance on risk management effectiveness
        
        Disclosing the nature and extent of risks & opportunities, an overview of the risk management process, key areas of focus, key risks and unexpected risks they are facing, risks taken outside tolerance levels, actions that were taken to monitor and address risk management and planned areas of future focus.