Bsi bip 2154 2008

Risk management sy stem.. Other management proces es.. Summary ofrisk management tools... Note 3: risk is ofe chara terize by refere ce to p te tial ev ent, conse u nces or a combination

DAV ID SMITH an ROBERT POLIT OW SKI

S ev en c p y oizio a ris.T he av er e

A r isk -based management sy st ems approach t o int ernal cont rol

F reword iv

Acknowledgements iv

1 Introduction 1

2 Scope and defnitions 7

3 Risk management sy stem 9

4 Implementat ion of a r isk management syst em 15 5 Other management proces es 34

6 Self -as es ment ques ionnaire 35

Appendix A Summary ofrisk management tools 38

T his is a g id to h w organiz tio s can id ntif y an manag th ir risks f or g o g v ernance

A ck now ledgement

T his b o prov id s g idance f or organiz tio s that w ish todev elo a f ramew ork f or

Back ground

1

2

3

‘…recognise th right of stake older establshed by law or throu h mutual

4

5

6

WorldCom

of risk

Many organiz tions n e to manag aw hole hos of risks, f or ex ample:

—

—

—

—

—

Risk manag me t an internal co t ol sh uld b inclu e in al dime sio s of pu lc

—

—

Chapter 4 an 5 co tain a practical g ide to d lv erin

Faiu re to identify ris k of data los s

A g ov rnme nt de patme nt wa see king

to trnsfer pe rsonal data to an the r

de atme t in a short spac of time

Efe ctiv pro edures were in eiste nc b t

th time and c st of re mo ing th sensitiv

e leme nts of th data wa c nside re d to

in trnsit th p rsonal de tais of man

g ov rnme nt de patme nts handlng

c nf e tial pe rsonal informatio ;

individuals wh se de tais hav b e

•

a p ssibity for f udule nt activity

•

thro g h th use of this informatio

Chaity A wa c ale ng ed b a g ove rnme t

de atme t that had made a g rant for

an aid projet Th c aity wa asked

to demo strte that its g ove rnan e

proedures were fetiv in th delvry

of aid a n ws media re orts sug g e sted

that th se sup osedly re ce iving th aid had

made laims that it wa inap ro riate for

th ir ne eds nd some had fle n into th

wro g hands.This thre ate ne d to b c me

a scandal and afe ct n t o ly fu ding fom

made a sig nifcant cntrib tio to o erl

fu ds.Th n e d for an efetiv c ntrol

f me work and mo itoring and auditing

d lv erin th ir o jectiv es – ‘th re has to be somethin

Financial tu rmoi

Th turmoiin th fnan ial mak ts in 20 0 7

wa a g ood e xample f th c nse q ue ce s

of fing to re cog niz and manag e risks

Th fiure f ‘sub-prime ’ h me loans in

Ame rica le d to fiures in lo al ban s.What

internatio al be cause lag e n mb r of

the se su -prime loans had b e n pacag e d

u and sold to institutio s ro nd th

had misjudg ed th risk of US mortg ag e

b row s le d to a c n lusio that risk

had b e n u derestimate d in al kinds of

de t mak ts,and ban s we re le ft with

lag e amo nts of u se llable de t In th

to b ing able to b row mo e whe n

n e de d sud e nly fo nd that ban s were

n lo g e r wi ng to pro ide th loan

A reg io al mortg ag e le de r had g rown

su stantialy using wh le sale mo e y

mak t b rowing whic it wa able to

c ang e in internatio al mo e make ts

le d to e xp sure to a shortfl in fu ding

Assess e t of th risk and c ntrol of

g rowth tog eth r with cnting e nc

arng eme nts sho ld hav pre ve nted th

c lapse of th ban

—

—

—

—

Note 3: risk is ofe chara terize by refere ce to p te tial ev ent, conse u nces or a combination

3.1 Gener al requirements

—

—

—

—

—

—

—

—

risks;

—

Risk identifcation

O bjectives and management programme

—

—

—

T he organiz tio sh uld e sure that it p r on el are aw are of th relev ance an

Docu mentation

—

—

d termine th ex te t tow hich ap l cable re uireme t are b in met;

General

rev iew in actual or pote tial n nco f ormities;

management system

A lag e multinatio al ban , Ban A,

with a substantial in e stme nt ban ing

c ntrol Th disco ery of lag e losses that

a trde r had soug ht to hide le d to some

of th lag est losses eer reorded with

re pe rc ssio s ro nd th g lo al fnan ial

mak ts.This situatio had o c re d b fore

wh n th actio s of a sing le trder led to

wa awae f th pre vio s history it fied

to impleme nt adeq uate o trols to pre ve nt

sufe ring a simia pro lem

General system requ irement

—

—

Inorganiz tio s that hav e n t prev io sly car ie o t a proces of risk id ntifcatio an

So rces of inf ormatio can inclu e:

—

—

Hav in id ntife th p s ible outcome, th risk sh uld b ev aluate as to it fre u ncy

T ble 4.2 Matr ix for r isk as es me t

Plan for the management ofindividual risks

O bjectives and management programme

Security

A lth u ha cer ain par of th organiz tio ( div isio s, f unctio s, etc.) ma b as ig e

Implementation and oper ation

General

to su g s that th inv olv eme t of th w orkf orce ina meanin f ul w ay can hav e a

Leadership

How ev er, th inv olv eme t of th w orkf orce at al

People

Smal- and medium-size d e terprise s

(SMEs) hav an e q ual ne ed to ap ly

g ovrnan e rin iple s to th irorg anizatio ,

patic laly whe n this is re q uireme t or

e xp ctatio of cntrct te ndering

A lo al c ntrctor working in a sch ol

fied to c ntrol th activities of an

ap re ntic working u de r inadeq uate

su ervisio Whist u supe rvised th

ap re ntic wa able to ace ss th sch ol IT

n twork and use d it to ace ss th intern t,

c mmu icating with indiscrete utside

patie Wh n th mate r came to lg ht

ap ro ed c ntrctors’ lst and th me mb r

of staf re spo sible dismisse d

ap ro riate b hav iour Organiz tio s sh uld e sure

A multinatio al oieplortio and refning

we ll o th fnan ial mak t and atrcted

e thical in e stors,ep rie cd major fiure s

with b th safe ty and e nviro me tal

in ide ts.The se in ide nts reeivd g lo al

me dia e xp sure and advrse c mme t

th manag eme t of th se o e ratio al risk

In e stig ator p inte d to a lac of inte rnal

c ntrol and p or c lturl issues a having

a lag e pat to play in th in ide ts nd,

at a time f escalating oiprice s, its sto k

b comin pro res iv ely more blur e It is imp r ant that organiz tio s d v elop a culture

—

—

—

an th re are oc u atio al h alth an saf ety is u s relate to t ansp r :

Docu mentation

—

—

—

—

—

—

-—

Per f or mance assessment

Manag r d mo s ratin g n in interes in ‘sh p fo r’ activ ities w il

—

—

—

fn in s ma hav e b e discus e w ith ap ro riate lev els of manag me t, it sh uld b

General

—

—

For th sys em to b eff ectiv e th re is a n e to inv olv e th w orkf orce an

—

—

—

T here are many internatio al an natio al manag me t sys em proces es that can

T he simple q es io s set o t b low w il e able y ou to es ablsh w here yo r organiz tio is

0 1 2

0 1 2

T ble A 1 Summar y of r isk manageme t tools

To l Id ntifcatio A sses me t Resp nse

element s of qual ty, env ironment al and OH& S

Go d Gov ern nce – Risk

Corp rate g v ernance cod s f rom aro n th w orld:

FinancialRe or in Co nci ( FR ) ( 20 8) Th Combin d Code o Corporate Go ernance,

T rn ul N et al ( 19 9) Internal Co t ol – Guidance for Director on th Combined Code,