Internal Controls and Risk Management -Five Key defenses against risk

(Extract from Online News)

"Achieving the proper balance between entrepreneurial risk and enterprise value protection is the most difficult task of risk management and internal control, according to a new report from the Committee of Sponsoring Organizations of the Treadway Commission (COSO)"

The report describes how COSO’s enterprise risk management (ERM) and internal control frameworks can be used to improve organisational performance and governance

"The five lines of defence identified by DeLoach, a managing director for global consulting firm Protiviti, are:

1. Tone of the organisation. Tone at the top is not enough, DeLoach said. He said the tone at the middle and bottom of organisations – as established by middle managers instructing their employees – must be aligned with the tone at the top. “A proper tone of the organisation sets a strong risk culture, which is foundational to the other lines of defence,” DeLoach said.

2. Primary risk owners. These include business owners and process leaders whose activities create risk. DeLoach said they need to take ownership in managing and mitigating risk.

3. Independent risk-management and compliance management functions. The titles of these functions vary across organisations, but DeLoach said their duties are to create a framework for identifying, measuring, evaluating and monitoring risk, and to ensure that the framework is applied across the organisation in a robust manner.

4. Assurance functions. This role is typically filled by internal audit, DeLoach said.

5. Escalation process. This involves reporting of status, progress and problems all the way up to executive management and the board of directors. “They are the last line of defence,” DeLoach said."

http://www.coso.org/documents/2014-2-10-COSO%20Thought%20Paper.pdf

Article Source : http://www.cgma.org/Magazine/News/Pages/20149569.aspx

Risk Category: 

Other Services of Interest

  • Legal Compliance software - Partnership Announcement

    Riskpro is pleased to announce that we have partnered with LexComply to offer legal compliance software solutions to our clients. To learn more about legal compliance software that we have to offer...
  • Information Security Policies - Full Set

    Riskpro has put together a complete documentation toolkit for ISMS /ISO 27001 framework. To purchase this work template based toolkit, please send an email to info@riskpro.in.
  • SSAE 18 - SOC Audit and Attestation Services

    Riskpro's unique approach to SSAE engagement is sustained value addition to your business. Our readiness services enable you to remediate the control gaps in an efficient manner that not only help to...
  • SSAE 18 - SOC Audit and Attestation Services

    Riskpro has been providing SSAE 16/ now SSAE 18 and other information security services for over two years. Here are some of the major benefits our clients are experiencing. Benefits of SOC Audit...
  • Cybersecurity Checklist - NIST Framework

    Riskpro has developed a cybersecurity checklist based framework to perform a self assessment of cyber risk preparedness. Please email info@riskpro.in to obtain more information on this.
  • Risk Management for Corporates

    Banks are often seen in the forefront of any risk management discussion and it is often perceived that Risk Management is synonymous with Banking. But this is not entirely true. It is true that Banks...
  • Go to top