10 Effective ways to get more out of risk management

10 Effective ways to get more out of risk management
To counter organization's operation risks in today’s dynamic world, there is a need for robust risk and control self-assessment framework which will enable your company to assess control's maturity level regularly against the risks to operations. You may think of including (but not limited to) the following actions/activities as part of risk & control self-assessment.
 
  1. Agree risks are complete and accurate - Take into account risks identified through internal and 3rd Party risks, security audits, incident logs (IT only) , significant business changes/ new regulations, external data, and risks identified in ICAAP scenario sessions(Banking and Financial sectors).
     
  2. Identify root cause of Risks.
     
  3. Ensure that controls mitigate all root causes - If there are gaps in risk mitigation, then there is a need to improve the controls applied. Controls should be clearly identified, and not simply stated as processes or steps within a control. For example: Having just a policy in place is not sufficient, it is the process of implementing the policy would help mitigate risk.
     
  4. Align controls to the regulatory or compliance requirements.
     
  5. Assess the effectiveness of controls - Take into account issues in the following areas: Risk/Issue logs (internal and 3rd Party), KRIs on the dashboard, incidents (IT only), compliance/ audit issues.
     
  6. Agree to any control improvement with target dates - This should be realistic and achievable.
     
  7. Assess any changes to risk/control ratings - Ensure that proper reasoning for changing the ratings are documented. Risks with high inherent financial impact but low controls mitigation rating should be assessed in detail, with control improvement identified to reduce the impact.
     
  8. Present the paper, outlining the activities undertaken as part of renewing the risk and compliance committee in your organization.
     
  9. Assess and update dashboard with any new/improved KRIs (High/Medium risks).
     
  10. Track complete list of control improvement against target dates on an ongoing basis.
Rate this article: 
0
No votes yet
Article category: