Scribd Logo
Upload

Welcome to Scribd!

  • 3.5 (Compare Roles)

    Uploaded by

    bluffmaster55
    22 views2 pages
    3.5

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    3.5

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    22 views2 pages

    3.5 (Compare Roles)

    Uploaded by

    bluffmaster55
    3.5

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    3.

    5
    Compare the role of internal auditors, management and the board of directors in risk management.
    Management

    Establish framework

    Assess risks

    Treat risks (action plans)

    Monitor framework
    Risk committee

    Facilitate communication

    Break down silos

    Allow consistent communication

    Allow managers to use committee to present views


    Chief risk officer
    Function

    Integrate RM activities across organization with objectivity

    Champion ERM
    Skills

    Understand business and risk

    Leadership

    Strategic mindset
    BOD
    Oversee

    management, hold it to account


    Review and approve corporate vision, mission, code of ethics (tone at top)
    Review, provide input, monitor strategy
    Oversee processes management has to identify risk and opportunity
    o
    Consider risk tolerance (type and level)
    Ensure control systems in place and functioning

    IA
    Assurance

    Giving assurance on Risk Management (RM) process

    Giving assurance that risks are evaluated correctly

    Evaluating RM process

    Evaluating reporting of key risks

    Reviewing management of key risks


    Consulting (with safeguards)

    Facilitating identification & evaluation of risks

    Coaching management in responding to risks

    Coordinating ERM activities

    Consolidating ERM reporting

    Maintaining & developing ERM framework

    Championing establishment of ERM

    Educate others

    Be alert to new risks


    Should not do
    Take on board/management role (decisions)

    Set risk appetite

    Impose RM process

    Provide management assurance on risk

    Decide risk responses

    Implement risk responses

    Be accountable for RM

    3.5

    The Three Lines of Defense in Effective Risk Management and Control


    FIRST LINE OF DEFENSE: Operational Management

    As the first line of defense, operational managers own and manage risks. They also are responsible for
    implementing corrective actions to address process and control deficiencies.
    THE SECOND LINE OF DEFENSE: Risk Management and Compliance functions

    The responsibilities of these functions vary on their specific nature, but can include:
    o
    Supporting management policies, defining roles and responsibilities, and setting goals for
    implementation.
    o
    Providing risk management frameworks.
    o
    Identifying known and emerging issues.
    o
    Identifying shifts in the organizations implicit risk appetite.
    o
    Assisting management in developing processes and controls to manage risks and issues.
    THE THIRD LINE OF DEFENSE: Internal Audit

    Best practice is to establish and maintain an independent, adequately, and competently staffed internal
    audit function, which includes

    Reporting to a sufficiently high level in the organization to be able to perform its duties independently.

    Having an active and effective reporting line to the governing body.


    Standard 2120

    The internal audit activity must evaluate the effectiveness and contribute to the improvement of risk
    management processes.

    You might also like