HR: Does the organization have sufficient, qualified, and experienced people to manage the risk?
RISK MANAGEMENT CONTROL ENVIRONMENT (e.g., proper tone at the top, good communications about risk, an organization structure aligned with decision-making authorities, code of conduct). Does the organization's risk management environment support or impede the management of its risks?
RISK MANAGEMENT CONTROLS AND OVERSIGHT: Does the organization have appropriate and effective controls and oversight in place to ensure that risk management practices are working?
RISK MANAGEMENT PRACTICES: Does the organization have appropriate and effective risk management practices in place to manage the risk?
RISK MEASUREMENT: Does the organization have risk measurement models that see risk beyond the typical approach of predicting future risk exposures based solely on historical information?
UNDERSTANDING OF RISK: Does the organization understand the potential risk events that could result in the occurrence of a risk and the potential impact and likelihood of these events?
No comments:
Post a Comment