In Order that everybody speaks a common language and to
avoid misunderstandings with the aim to anchor adequate governance within the
company it is necessary to define some roles and functions as follows.
1. Risk owner :
Executive committee, through setting limits and appetite for risks and
approving risk policies & governance, owns the risks, through the
delegation of authority and responsibility for these risks through the
company’s management processes.
2. Risk taker/Line Management : The business functions (product/operation/distribution) through
writing business and implementing the risk policies and governance framework as
well as management controls, take risks. In addition, corporate functions take
risks, e.g. Finance through its balance sheet and control management
activities.
3. Risk controlling & reporting : The risk specialist functions, through identification of emerging issues, creation of risk policies, and review of the business function, provision of management information and consolidated risk committee/executive committee reporting, perform core controls in the risk management process. The chief risk officer, through periodical review of any part of the risk assurance matrix as he deems appropriate, performs additional controls.
4. Independent assurance : Internal audit, through their audits of process and policy compliance by both business functions and risk specialist, provide independent (from management / risk committee) assurance that framework is compiled with.
5. Risk policy : The risk policies are governance documents with the aim to ensure that an adequate risk frameworks is in place for a certain type of risk. These documents are prepared by the risk management function (second line of defense) and they are adopted by the risk owners. Risk policies are published by the chief risk officer. The company sets the risk appetite for the business. For most of the policies the implementation is the responsibility of the line management.
6. Policy owner : The policy owner is the manager within the first line of defense who is responsible for the corresponding policy in the business.
3. Risk controlling & reporting : The risk specialist functions, through identification of emerging issues, creation of risk policies, and review of the business function, provision of management information and consolidated risk committee/executive committee reporting, perform core controls in the risk management process. The chief risk officer, through periodical review of any part of the risk assurance matrix as he deems appropriate, performs additional controls.
4. Independent assurance : Internal audit, through their audits of process and policy compliance by both business functions and risk specialist, provide independent (from management / risk committee) assurance that framework is compiled with.
5. Risk policy : The risk policies are governance documents with the aim to ensure that an adequate risk frameworks is in place for a certain type of risk. These documents are prepared by the risk management function (second line of defense) and they are adopted by the risk owners. Risk policies are published by the chief risk officer. The company sets the risk appetite for the business. For most of the policies the implementation is the responsibility of the line management.
6. Policy owner : The policy owner is the manager within the first line of defense who is responsible for the corresponding policy in the business.
I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. Car accident attorney
ReplyDelete