Risk Management Planning
Risk management planning is the process of developing options and actions to enhance opportunities and reduce threats to project objectives. Risk management implementation is the process of executing risk management actions.
Effective crisis response begins with effective decision-making. Good initial decisions can make even a catastrophe manageable; bad decisions can fatally exacerbate an otherwise small problem. In both cases, the window of opportunity for initial decision making is extremely small and closes rapidly. Once the moment for decision making has gone, it does not come back. Proper crisis response is about ...view middle of the document...
The steering committee and local staff will be responsible for implementing this process in addition to maintaining and updating the plan.
The essence of benchmarking is measuring, managing and satisfying customer requirements and expectations, assessing your strengths and weaknesses, finding and studying the best practices wherever you find them, and adapting what you learn to your circumstances.
When designing an internal audit function, strategy must drive tactics, not the inverse. Too often, the start-up is in response to an immediate tactical need. In a rush to implement a response, key strategic issues can be overlooked. The result can be a tactical internal audit function in search of a strategy. To help design and implement a strategically focused internal audit function, you can use the following 10-step start-up framework. Define Stakeholder Expectations-To create an effective internal audit function, you must determine how the function will deliver the desired value.
Once specific value drivers are defined, your company’s chief audit executive should work with senior management and the audit committee to articulate the mission for internal audit. A formal mission statement or charter lays out the function’s goals and provides the basis to evaluate internal audit performance. An effective mission statement delineates the function’s authority and responsibilities and reflects the priorities of senior management and the audit committee. Although they vary in length and specificity, mission statements ought to address the degree to which the internal audit function will allocate resources toward traditional assurance-focused internal control activities vs. consulting activities perceived to add value to lines of business. A mission statement that does not align clearly and directly with stakeholder expectations is of little value and can be a detriment to achieving strategic performance.
A strategic plan helps guide the development of the internal audit function. The plan is more than a point-in-time risk assessment. It formally defines the value proposition of the new function, the customers it serves and the value it will create now and into the future. It outlines operational tactics to achieve key objectives as well as functional management responsibilities. The plan also addresses funding and human resource needs both initially and over a three-to-five year horizon. Key assumptions and benchmarks comparing the plan against third-party data are generally included. The plan may also consider the costs and benefits of using differing approaches to achieve the desired results.
Optimizing integration with other risk and control monitoring functions such as legal, compliance, credit, market, security and fraud risk management functions use of third-party sourcing to provide skills and competencies to the function, development of a control self-assessment program. The strategic plan should address communication issues that are...