Читать книгу Successful Compliance - Barbara Neiger - Страница 21

As part of an ICS and the second instrument of an efficient and effective governance structure, risk management aims to identify opportunities and risks at an early stage and to assess how they may affect the achievement of corporate objectives (from the point of view of strategy, operations, accounting and compliance). These findings support decision-making for future-oriented planning and are incorporated into risk management.

Event identification – all internal and external events are to be identified that affect the achievement of an organisation’s objectives. These influences can be of both a positive (opportunity) and negative (risk) nature.

Risk assessment – identified potential risks are consolidated in a risk catalogue and analysed and evaluated according to their probability of occurrence and their impact. Risks are then prioritised based on the results of such evaluation in order to develop targeted measures to manage them.

Risk management – risks can be avoided through the omission of a business activity. In all other cases measures must be put in place to reduce risk, either by controls or by transfer (e.g. insurance).