Roles and Responsibilities to implement Risk Management





Risk Management Roles and Responsibilities

Roles and responsibilities of risk management rests to each individual within an organization. To be more specific, various structures within organization are being given specific roles and responsibilities to perform in relation to risk management. 

 Roles and responsibilities of risk management have been assigned to various parties as follows;


Roles and Responsibilities to implement Risk Management



1.   Audit Committee

Depending on the reporting structure of the organization, there are some organizations which have a risk management committee in place, while others have not. It is here advised that if there is no a special committee for risk management, there is no need to form one at the early stages of adopting risk management. Instead, the audit committee should be given the responsibilities for this aspect by including issues of risk management in its existing charter.

Also depending on the nature of the organization, where some have Audit Committee/or a risk management committee as committees of the governing board/of council, hence is more of an oversight than advisory. It is advised that the roles and responsibilities should be designed to fit this structure. However, as in most organizations, the Audit Committee has an advisory role and reports to the Accounting Officer/Managing Director.

In relation to risk management, the Audit Committee should therefore:

i.                 Familiarize itself with risk management process and approach of the organization.
ii.               Make risk management as one of its standing agendas in its meetings.
iii.             Catalyze risk management by inquiring from management risk assessments and treatment reports.
iv.             Ask to see the departmental/ institutional level risk registers periodically.
v.               Review all matters related to risk and risk management, through risk management reports, on the manner they are being managed
vi.             Ensure appropriate internal audit work is undertaken with regards to risks, by ensuring that internal audit plans are risk-based and focus on the most significant risk areas.
vii.           Provide regular feedback to the Accounting Officer/ the Board/Council on the adequacy and effectiveness of risk management in the organization, including recommendations to improvement.



2.   Risk Management Coordinator

There shall be a risk management coordinator, who should be appointed to coordinate issues of risk management in the organization. For organizations with mature risk management practices, the officer is also named as the Chief Risk Officer (CRO). This officer is also a primary risk champion. The risk management coordinator, works to assisting the Accounting Officer, and is therefore responsible for coordinating efforts in designing the organizations risk management framework and for the day-to-day activities associated with coordinating, maintaining and embedding the framework in the organization.

The role of a risk management coordinator is a technical role. Wherever practical, it is recommended that staff with an appropriate skills be assigned the responsibility for risk management. The role does not have to be a dedicated one. It is common for a staff member who has operational responsibility for planning, or policy development, or project management and who understands risks and risk management, to be assigned the role of a risk management coordinator. In some circumstances, for example in smaller organizations, or when adopting risk management for the first time, the Chief Internal Auditor or Head of Audit Unit may fulfill the role of the Risk Management Coordinator. However, if the Chief Internal Auditor is given this role appropriate safeguards must also be put in place to address the threats to independence of both roles.

Specifically, the role of the risk coordinator is to assist the Accounting Officer to fulfill his/her risk management roles. The risk coordinator has the responsibility to:

i.                 Coordinate efforts for developing and enhancing appropriate risk management policies, procedures and systems.
ii.               Co-ordinate and monitor the implementation of risk management initiatives within an organization.
iii.             Work with risk owners to ensure that the risk management processes are implemented in accordance with agreed risk management policy and strategy.
iv.             Collate and review all risk registers for consistency and completeness.
v.               Provide advice and tools to staff, management the Executive and Board on risk management issues within the organization, including facilitating workshops in risk identification.
vi.             Promote understanding of and support for risk management including delivery of risk management training.
vii.           Oversee and update organization-wide risk profiles, with input from risk owners.
viii.         Ensure that relevant risk information is reported and escalated or cascaded, as the case may be, in a timely manner that supports organizational requirements.
ix.             Attend at audit committee meetings where risk management issues are discussed.






3. Directors, Heads of Department, Heads of Units and Sections (Risk Owners)

Also depending on the structure of an organization, line managers, or functional specialists are the ones who assume responsibility for designing, implementing, and/or monitoring risk treatments. This are also termed as Risk Owners, who are responsible for the following:

i.                 Manage the risk they have accountability for.
ii.               Review the risk on a regular basis.
iii.             Identify where current control deficiencies may exist.
iv.             Update risk information pertaining to the risk.
v.               Escalate the risk that is increasing in likelihood or consequences.
vi.             Provide information about the risk when it is requested. This includes giving cooperation to auditors (both internal and external) in the course of audit of risk management activities within their departments or directorates
vii.           Preparation of quarterly risk management implementation reports of risk treatment action plans and to submit them to the Risk Management Coordinator.
viii.         Annual review of their risk registers and related controls.
ix.             Maintenance of risk register and other documents/ reports relating to risk management within their respective departments or directorates in a systematic manner.





4. Risk Champions

It is advised that a number of existing staff be appointed as risk champions (eg from 2 to 5 staff depending on the size of the organization). Risk champions (working together with the Risk Management Coordinator) are people who promote risk management across the organisation, or specifically within a particular function or project. They can help embed risk management into the organisation other systems and processes. Champions can also help ensure that functional and project areas are using the organisations risk management processes consistently.

A risk champion may hold any position within the organisation, but is generally a person who:

i.                 Has the skills, knowledge and leadership qualities required to support and drive a particular aspect of risk management.
ii.               Has sufficient authority to intervene in instances where risk management efforts are being hampered by a lack of cooperation or through lack of risk management capability or maturity.
iii.             Is able to add value to the risk management process by providing guidance and support in managing difficult risk or risks spread across functional areas.




5. Internal Audit

The Internal Audit Unit/ Department has the responsibility to provide overall assurance and advice to the Accounting Officer by conducting the following activities:

i.                 Evaluating the effectiveness of the risk management activities in ensuring that key risks facing the organization are being managed appropriately.
ii.               Focusing internal audit work on the significant risks as identified by management.
iii.             Auditing the risk management (adequacy of enterprise risk management) process.
iv.             Providing active support and involvement in the risk management process such as:
Ø  Championing and coordination the adoption of risk management practices (at the initial stages where there is no a risk management coordinator).
Ø  Participation in audit committee meetings where risk management issues are discussed.
Ø  Monitoring activities and status reporting.
Ø  Training and education of front line staff in risk management and internal control
Ø  Facilitating risk workshops.


Internal auditors should pay particular attention on the professional limitation of their role with regard to risk management activities. This should be made in reference to IIA position statement (i.e. on core roles, legitimate roles and roles not to undertake).




6. All Staff

It is the responsibility of all personnel, stakeholders and contractors to apply the risk management process to their respective roles.

Their focus should be upon identifying risks and reporting these to the relevant risk owner. Where possible and appropriate, they should also manage these risks.

Comments

Post a Comment

Popular posts from this blog

Routes of communications and their advantages and disadvantages

Communication has been defined as exchange of information creating and maintaining relationship as well as sharing understanding with those around us. Also communication is defined as process in which people share information, ideas and feelings. It involves spoken and written words, body language personal mannerisms, styles and anything that adds meaning to a message. Therefore, Communication is a transfer of information to achieve a goal. Organizational communication is the process by which information is shared within organizations such as businesses. Outside of informal social interactions, individuals in an organization typically communicate with coworkers in their departments who have attained the same status they have, or they communicate with their direct superiors or subordinates. Routs of Communication are ways in which information transfer from one place/person to another, these are: Lateral/Horizontal communication  is  communication  b...
Read more

How to listen properly? - Strategies to improve listening skills

Image
Strategies to improve listening skills Most groups of people such as students spend a lot of time listening to their teachers/instructors during learning/class sessions. Listening is practiced in our daily life experiences. It is important to improve the level of listening so that to improve communication. Oral communication is the one mostly involving the listening skills. Various strategies can be used to improve listening skills. Some of these strategies have been stipulated here below; Maintain eye contact with the instructor. Eye contact keeps you focused on the subject matter at hand and keeps you involved in the matter. Eye contact Increases the level of concentration and understanding. If eye contact is not maintained, it is likely to lose focus, concentration and understandability. Focus on content, not delivery. Content carries the message that someone is about to deliver during the speech. Focusing on the content increases the level of understandabil...
Read more