Risk Management Responsibilities Flashcards
Why is it important to have clearly defined ownership of core processes, dependencies and risks?
Allows RM and Audit Committees to monitor actions and responsibilities
Where would the membership and responsibilities of committees be set out?
In the committee’s terms of reference
Describe the relationship between the Risk/Audit functions and risk ownership.
Risk management should be embedded in core processes and business activities and therefore owned by managers, not risk/audit functions.
Name seven risk management professional that might be involved in RM activities
- Insurance risk manager
- Corporate treasurer
- Finance director
- Internal auditor
- Compliance manager
- HSE Manager
- Business continuity manager
Describe the key RM responsibilities of a CEO, and where the role fits in the ‘three lines of defence’ model
First line.
- Determine strategic approach
- Establish RM structure
- Understand most significant risks
- Consider risks from poor decisions
Describe the key RM responsibilities of a location manager, and where the role fits in the ‘three lines of defence’ model
First line.
- Build risk-aware culture
- Agree RM performance targets
- Evaluate employees RM reports
- Ensure implementation of recommendations
- Identify/report changed risks
Describe the key RM responsibilities of an employee, and where the role fits in the ‘three lines of defence’ model
First line.
- Understand, accept and implement RM processes
- Report inefficient, unnecessary or unworkable controls
- Report incidents and near-misses
- Co-operate with management on investigations
- Ensure visitors and contractors comply with procedures
Describe the key RM responsibilities of a risk manager, and where the role fits in the ‘three lines of defence’ model
Second line
- Develop and update RM policy
- Facilitate risk-aware culture
- Establish internal risk policies and structures
- Co-ordinate RM activities
- Compile risk info and prepare board reporting
Describe the key RM responsibilities of a risk specialist, and where the role fits in the ‘three lines of defence’ model
Second line.
- Establish specialist risk policies
- Develop specialist contingency plans
- Keep up-to-date in specialist areas
- Support incident investigations
Describe the key RM responsibilities of an internal audit manager, and where the role fits in the ‘three lines of defence’ model
Third line.
- Develop risk audit plan
- Audit risk processes across the org
- Provide assurance on RM activities
- Develop RM processes
- Report on efficiency and effectiveness of internal controls
Why is a board level sponsor for risk management required, and what are they typically responsible for?
Ensures RM is given sufficiently high profile. They are usually responsible for the RASP.
How does ISO Guide 73 define a risk owner?
“A person with the authority and accountability to make the decision to treat or not treat a risk.”
An individual with accountability for an objective has accountability for the associated risk.
Describe the common law duties of Directors set out in the Companies Act 2006.
- Act in accordance with responsibilities
- Act in accordance with constitution of the company
- Promote the success of the company
- Exercise independent judgement
- Exercise reasonable care, skill and judgement
- Avoid or declare conflicts of interest
- Do not accept benefits from third parties
How does good RM support the common law duties of Directors set out in the Companies Act 2006?
Good RM promotes the success of the company, and facilitates reasonable care, skill and judgement through informed decision-making.
Boards are usually made up of exec and non-exec directors. What type of org might have a separate board non-execs?
A charity may have a board of execs with a separate board of governors.
Typically, what is the relationship between an exec director and the organisation?
Execs are usually full-time employees of the org.
Describe the 8 key roles of non-exec directors
- Constructively challenge and help develop proposals on strategy
- Scrutinise the performance of management
- Challenge integrity of risk information
- Seek assurance that financial controls and systems of RM are robust and defensible
- Determine appropriate levels of remuneration for the exec directors, succession planning
- Establish and maintain confidence in the conduct of the company
- Be independent in judgement, promoting openness and trust
- Be well informed about the org, its external environment and relevant issues
Describe the non-exec’s role in an org’s STRATEGY
Constructively challenge and help develop proposals on strategy
Describe the non-exec’s role in an org’s PERFORMANCE
Scrutinise the performance of management
Describe the non-exec’s relationship to an org’s RISK
Challenge integrity of risk information
Describe the non-exec’s relationship to an org’s CONTROLS
Seek assurance that financial controls and systems of RM are robust and defensible
Describe the non-exec’s role in the org’s PEOPLE
Determine appropriate levels of remuneration for the exec directors, succession planning
Describe how the non-exec’s relationship to CONFIDENCE in the org
Establish and maintain confidence in the conduct of the company
Describe how INDEPENDENCE fits into the role of non-exec
Be independent in judgement, promoting openness and trust