Nine fundamental principles of an effective risk management program define and integrate risk-related responsibilities at every level of the organization.
A. Risk Governance
- Principle 1: A common definition of risk, which addresses both value preservation and value creation, is used consistently throughout the organization.
- Principle 2: A common risk framework supported by appropriate standards (e.g., COSO, etc.) is used throughout the organization to manage risks.
- Principle 3: Key roles, responsibilities and authority relating to risk management are clearly defined and delineated within the organization.
- Principle 4: Governing bodies (e.g., boards, audit committees, etc.) have appropriate transparency and visibility into the organization’s risk management practices to discharge their responsibilities.
B. Risk Infrastructure & Oversight
- Principle 5: Executive management is charged with primary responsibility for designing, implementing and maintaining an effective risk program.
- Principle 6: A common risk management infrastructure is used to support the business units and functions in the performance of their risk responsibilities.
- Principle 7: Certain functions (e.g., internal audit, risk management, compliance, etc.) provide objective assurance as well as monitor and report on the effectiveness of an organization’s risk program to governing bodies and executive management.
- Principle 8: Business units are responsible for the performance of their business and the management of risks they take within the risk framework established by executive management.
- Principle 9: Certain functions (e.g., Finance, Legal, Information Technology, Human Resources, etc.) have a pervasive impact on the business and provide support to the business units as it relates to the organization’s risk program.
By effectively implementing these principles, a company can transform itself into a Risk Intelligent organization where:
- Leaders take a “Risk Intelligent” attitude that incorporates a broad outlook on risk and integrates risk thinking into strategic decision-making.
- The board executes fiduciary responsibilities to ensure that appropriate risk management controls and procedures are in place.
- Capable processes, systems and trained people exist to act on such intelligence in a timely and coordinated manner.
- A consistent approach is used across the organization to managing all classes of risk in an effective and efficient manner.
- Read more about applying the Nine Fundamental Principles of Risk Intelligence in Delloite's white paper “Putting Risk in the Comfort Zone.”
Source: Deloitte LLP, US. (C) Dec, 2008.
No comments:
Post a Comment