Chapter 10: Monitoring and communication Flashcards
Requirements of good data and its communication TRAFVICS GRC
• Timeliness of data
• Reliability
• Audience considered
• Format of the data
• Volume and Detail of data
• Internal or external sourcing
• Common classification of data into risk categories
• Suitable technology and systems to capture data
• Good quality of risk management is dependent on quality of data gathered
• Relevance and clarity
• Competency of data capturers
Information that should be documented SMARD
• Systems used for documenting
• Management failures
• Assumptions made, data used and methodology used for modelling
• Risk register – ID and assessment of risks
• Decisions made regarding risk management
The attributes of a common risk management language TUMS:
• Thresholds for reporting
• Universally understood top-down rating system
• Management level responsible for mitigation linked to risk rating
• Standardised templates used
The elements of a good KRI CAD TOMBS CEYA
• Consistent methodologies and standards applied
• Accountable individual linked to it
• Drives decision making
• Trackable
• Objectives tied to it
• Measurable/Quantifiable
• Benchmark set against it
• Cost effective
• Simple
• Clarity on the metrics used
• Expected view created
• Year on year comparison
• Additional information provided
Importance of risk reporting IBM MOCK
• Inform stakeholders
• Business decisions are improved
• Monitoring of risks are improved
• Management inefficiencies found
• Compliance must be ensured
• Objectives that are at risk should be assessed
• Key risk exposures assessed
The contents of a risk report A TICKLED SARS
• Assist in decision-making
• Trend analysis
• Information – internal, external, formal, informal
• Clear and easy to understand
• Key business risk details
• Losses and incidents
• Events/Milestones
• Detail should be relevant to the parties involved
• Single point of access to critical information
• Analysis, commentary and explanations provided
• Real time data
• Summary of risks
The structure of a risk report LEKTOR
• Likelihood and severity of the risk
• Easily understood
• Key risk summaries
o Likelihood and severity
• Traffic light
• Operating units
• Risk types
Why a common risk language is important FAEBICS
Focus on substance, rather than structure of risk management ensured
• Audit is easier to conduct across the business
• External and internal risk measurement should be consistent
• Business buy-in to ERM ensured
• Inefficiencies and Duplication avoided
• Concentration of risk avoided
• Silo approach prevented