Please enable JavaScript.
Coggle requires JavaScript to display documents.
3 risk frameworks - Coggle Diagram
3 risk frameworks
King IV
encompasses the risk governance of both the positive and negative effects of a particular risk on achieving the organization's objectives
Governing body should treat risk as integral to the way it makes decisions and executes duties.
they should approve policy that articulates and gives effect to its set direction on risk.
they should evaluate and agree the nature and extent of risk that the organization should be in pursuit of its strategical objectives
the should delegate management responsibility
they should exercise ongoing oversight of risk management
they should consider the need to receive periodic assurance on the effectiveness of risk management
the nature and extent of risk should be disclosed without compromising sensitive information
what should be disclosed: an overview of arrangements for governing and managing risk; key areas of focus during reporting period; key risks that the organization faces, unexpected, and undue risks; actions taken to monitor effectiveness of risk management and the outcomes were addressed; planned areas of future focus.
ISO 31 000
Risk Management process: 7Rs and 4Ts method
risk architecture, strategy and protocol
sets out roles and responsibility for the board
Components of Framework: Design of framework; implement risk management; monitor and review framework; improve framework
Supporting risk management process
the activity of selecting and implementing appropriate control measures to modify risk
COSO ERM
deals with risks and opportunity affecting value creation or preservation
Enterprise risk management is a process, effected by an entity’s board of directors,
management and other personnel, applied in strategy setting and across the
enterprise, designed to identify potential events that may affect the entity, and manage
risk to be within its risk appetite, to provide reasonable assurance regarding the
achievement of entity objectives
risk management framework: strategic, operations, reporting and compliance
Components of risk management: internal environment, objective setting, event identification, risk assessment, risk response, control activities, information and communication, monitoring.
ERM is a multidirectional process in which almost all components can influence one another.
