Various definitions and descriptions of risk management, internal control and governance.
Risk management: A process to identify, assess, manage and control potential events or situations to provide reasonable assurance regarding the achievement of the organizational's objectives.
Enterprise risk Management: Trends and Emerging Practices notes that:
- Incorporates risks from all sources
- Makes use of the natural hedges and portfolio effects from treating those risks with a collective approach
- Coordinates risk management strategies that span risk management, mitigation, financing and monitoring,
- Focuses on the impact to the organization's overall financial and strategic objectives
- Recognizes the upside opportunity and downside nature of risks
Enterprise-wide risk management is defined as: A structured, consistent and continuous process across the whole organization for identifying, assessing, deciding on responses to and reporting on opportunities and threats that affect the achievement of its objectives.
Internal Control: A process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:
- Effectiveness and efficiency of operations
- Reliability of financial reporting
- Compliance with applicable laws and regulations
Governance: The combination of processes and structures implemented by the board in order to inform, direct, manage and monitor the activities of the organization toward the achievement of its objectives. Example of effective governance:
- Starts at the top with the board of directors and cascades throughout the organization to all employess
- Involves critical relationships among the board, senior management and shareholders
- Encompasses organizational structure as well as the related legal and regulatory environment
- Balances economic and social goals
- Extends to customers, suppliers, partners, creditors and general community.
No comments:
Post a Comment