Risk Management at Client Organization
During our first employment or opportunity with a theoretical knowledge on what is “Risk” and “Risk Management” we would be assigned with a task of understanding the process and identifying applicable risk which forms the basis to either define risk management approach or to evaluate the same.
During our first employment or opportunity with a theoretical knowledge on what is “Risk” and “Risk Management” we would be assigned with a task of understanding the process and identifying applicable risk which forms the basis to either define risk management approach or to evaluate the same.
While doing so our understanding
would be directed towards basic transaction with little or no knowledge on how
this might impact the Department, Business unit or the Organization. However
with little bit of curiosity and supervision we might end with an understanding
on how the risk impacts at a higher level like the respective functional
department, Business unit and then the organization.
Eg: Purchase orders not released in a timely manner is a risk at a transaction
level; however this also indicates that Department seniors have not monitored
their function in timely discharge of their responsibilities affecting the
respective production schedule and sales of respective finished goods.
However this bottom to top approach
would not provide an impactful insight on how this would affect the business,
positioning in the market, customer perception, market penetration and others
relevant for its successful existence.
A slight tweaking/modification
in the way we understand the risk would enable us to have a meaningful
understanding of the actual risk. To do so we need to understand from the top
starting with vision/mission of the organization, its strategic/operational
objective, translation of the same into policies & procedures, Business
processes and activities. This top down approach helps understand the cascading
effects of applicable risks across the organization landscape.
In effect we need to orient / direct
our understanding on the targets to be achieved by an organization with use of
respective landscape which enables us with an effective mechanism to manage the
risk across the organization. This could be achieved with the help of the
framework defined by COSO.
The following are identified (by
COSO)
(A) As objectives of an organization
to achieve its purpose:
- Strategic Objective
- Operational Objective
- Reporting requirements and
- Compliances
(B) As components of landscape in an
organization by which the objectives could be achieved:
·
Entity level,
- Business units,
- Divisions,
- Subsidiaries and others
(C) Layers of a mechanism to
understand and manage the risk in achieving the objective across the landscape
in the following sequence
- Understand the Internal Environment
- Determine the objectives (Strategic, operational and tactical) to be achieved
- Events that impacts the organization either as a risk or as on opportunity in achieving the objective
- Assess the risk that has a likelihood and impact
- A response to address the risk either by avoiding, sharing, reducing or accepting the same
- Control activities that reflects management’s intention to reduce the risk
- Timely communication of essential information to enable implementation of control activities
- Monitor the controls for its design and operating effectiveness
The above three is put together by
COSO in the following form as ERM Framework
No comments:
Post a Comment