What are you best practices for raising awareness of the importance of Enterprise Risk Management practices within your firms?
Following is an excerpt from a blog post, first published at www.cfotips.com entitled "Do you manage
Best Practices -
-Review company product lines and service lines and identify areas of risk.
-Establish metric(s) for each risk with corresponding tolerance range(s).
-Adjust policies and procedures, as necessary, to ensure risks are controlled:
a. Approvals and Authorizations
b. Top level performance reviews (actual vs. budget/ forecast/ prior period)
c. Track major initiatives
d.Physical Controls (inventories/ equipment/ cash/ other assets)
e. Information Processing
f. Segregation of Duties
g. Develop a company-wide Board established “Risk policy” which identifies acceptable levels of risk.
h. Communicate that policy to all employees, i.e. creating a culture of awareness.
-Monitor periodically adherence to the level of Risk established, i.e. metrics and tolerances
b. Internal and external audits
c. Planning sessions
d. Process improvement