Topic 2: Enterprise Risk Management Framework

Risk identification and assessment

Risk monitoring

Risk treatment

Risk profile

To support a detailed consideration of the nature and level of risk.

To understand how the risk profile is changing and the extent to which internal controls are

operating as intended to provide reasonable assurance over the management of risks to

an acceptable level.

Selecting the most appropriate risk treatment option.

To review the adequacy

and effectiveness of internal controls

Identify risk areas

Implement strategy and allocate responsibilities

Information for decision making

Develop risk and response strategy

Develop the Risk Management policy and keep it up-to-date

Cooperate with management on incident investigations

Report loss events and near-miss accidents

Cooperate with management on incident investigations

Facilitate risk aware activities so that employees understand the situations

Monitored and modified the risk assessment as necessary

Analysing the risk by consider the likelihood impact to the organization

Set the basis how risk is viewed and addressed those risk that possibly happen in organization

Agree and implement the risk management performance in their department

Develop a risk-based internal audit programme

Audit the finance account to ensure there is zero internal risk exist that will lead to fraud

Establish a risk management policy for the board to follow

Risk monitoring

Risk treatment

Risk reporting

Risk assessment

1995

2001

2006

2014

Analyse risks

Identify risks

Treat risks

Evaluate risks

Risk that can be totally avoided by avoiding the activity or setting that could contribute to the risk.

Risk that is accepted and management internally rather than passing it to a third parties

Risk that refer to diversifying risk by spreading it over multiple assets investment or project