Risk Reporting and Communication
For internal reporting purposes different levels within the organisation
need different information from the risk management process. For example while
the board of directors would like to know about the most significant risks
facing the organisation, business units within the organisation would be aware
of risks which fall into their area of responsibility, and individuals would understand
their accountability for individual risks.
External reporting enables a company to report to its
stakeholders on a regular basis setting out its risk management policies and
the effectiveness in achieving its objectives. Good corporate governance
requires companies adopt a methodical approach to risk management.
Risk Treatment
The process of selecting and implementing measures to modify
the risk is called risk treatment. This process includes risk
control/mitigation and extends to risk avoidance, risk transfer, risk
financing, etc. A system of treatment should have a threshold of efficient and
effective operation of the organisation; effective internal controls; and
compliance with laws and regulation.
Making a detailed risk analysis assists the effective and
efficient operation of the organisation by identifying those risks which
require attention by management. Risk control actions are prioritised in terms
of their potential benefit to the organisation. Effectiveness of internal
controls is the extent to which the risk will either be eliminated or reduced
by the proposed control measure by a cost/benefit analysis. Compliance with
laws and regulations is not an option. Understanding the applicable laws and
implementing a system of controls to achieve compliance is a must.
Further reading:
0 comments:
Post a Comment