Risk Management Responsibilities Flashcards
Why is it important to have clearly defined ownership of core processes, dependencies and risks?
Allows RM and Audit Committees to monitor actions and responsibilities
Where would the membership and responsibilities of committees be set out?
In the committee’s terms of reference
Describe the relationship between the Risk/Audit functions and risk ownership.
Risk management should be embedded in core processes and business activities and therefore owned by managers, not risk/audit functions.
Name seven risk management professional that might be involved in RM activities
- Insurance risk manager
- Corporate treasurer
- Finance director
- Internal auditor
- Compliance manager
- HSE Manager
- Business continuity manager
Describe the key RM responsibilities of a CEO, and where the role fits in the ‘three lines of defence’ model
First line.
- Determine strategic approach
- Establish RM structure
- Understand most significant risks
- Consider risks from poor decisions
Describe the key RM responsibilities of a location manager, and where the role fits in the ‘three lines of defence’ model
First line.
- Build risk-aware culture
- Agree RM performance targets
- Evaluate employees RM reports
- Ensure implementation of recommendations
- Identify/report changed risks
Describe the key RM responsibilities of an employee, and where the role fits in the ‘three lines of defence’ model
First line.
- Understand, accept and implement RM processes
- Report inefficient, unnecessary or unworkable controls
- Report incidents and near-misses
- Co-operate with management on investigations
- Ensure visitors and contractors comply with procedures
Describe the key RM responsibilities of a risk manager, and where the role fits in the ‘three lines of defence’ model
Second line
- Develop and update RM policy
- Facilitate risk-aware culture
- Establish internal risk policies and structures
- Co-ordinate RM activities
- Compile risk info and prepare board reporting
Describe the key RM responsibilities of a risk specialist, and where the role fits in the ‘three lines of defence’ model
Second line.
- Establish specialist risk policies
- Develop specialist contingency plans
- Keep up-to-date in specialist areas
- Support incident investigations
Describe the key RM responsibilities of an internal audit manager, and where the role fits in the ‘three lines of defence’ model
Third line.
- Develop risk audit plan
- Audit risk processes across the org
- Provide assurance on RM activities
- Develop RM processes
- Report on efficiency and effectiveness of internal controls
Why is a board level sponsor for risk management required, and what are they typically responsible for?
Ensures RM is given sufficiently high profile. They are usually responsible for the RASP.
How does ISO Guide 73 define a risk owner?
“A person with the authority and accountability to make the decision to treat or not treat a risk.”
An individual with accountability for an objective has accountability for the associated risk.
Describe the common law duties of Directors set out in the Companies Act 2006.
- Act in accordance with responsibilities
- Act in accordance with constitution of the company
- Promote the success of the company
- Exercise independent judgement
- Exercise reasonable care, skill and judgement
- Avoid or declare conflicts of interest
- Do not accept benefits from third parties
How does good RM support the common law duties of Directors set out in the Companies Act 2006?
Good RM promotes the success of the company, and facilitates reasonable care, skill and judgement through informed decision-making.
Boards are usually made up of exec and non-exec directors. What type of org might have a separate board non-execs?
A charity may have a board of execs with a separate board of governors.