Internal Controls and Risk Management -Five Key defenses against risk

(Extract from Online News)

"Achieving the proper balance between entrepreneurial risk and enterprise value protection is the most difficult task of risk management and internal control, according to a new report from the Committee of Sponsoring Organizations of the Treadway Commission (COSO)"

The report describes how COSO’s enterprise risk management (ERM) and internal control frameworks can be used to improve organisational performance and governance

"The five lines of defence identified by DeLoach, a managing director for global consulting firm Protiviti, are:

1. Tone of the organisation. Tone at the top is not enough, DeLoach said. He said the tone at the middle and bottom of organisations – as established by middle managers instructing their employees – must be aligned with the tone at the top. “A proper tone of the organisation sets a strong risk culture, which is foundational to the other lines of defence,” DeLoach said.

2. Primary risk owners. These include business owners and process leaders whose activities create risk. DeLoach said they need to take ownership in managing and mitigating risk.

3. Independent risk-management and compliance management functions. The titles of these functions vary across organisations, but DeLoach said their duties are to create a framework for identifying, measuring, evaluating and monitoring risk, and to ensure that the framework is applied across the organisation in a robust manner.

4. Assurance functions. This role is typically filled by internal audit, DeLoach said.

5. Escalation process. This involves reporting of status, progress and problems all the way up to executive management and the board of directors. “They are the last line of defence,” DeLoach said."

http://www.coso.org/documents/2014-2-10-COSO%20Thought%20Paper.pdf

Article Source : http://www.cgma.org/Magazine/News/Pages/20149569.aspx

Risk Category: 

Other Services of Interest

  • Assurance Services

    In Riskpro we believe that Internal audit function has to align its activities with business activities of any organisation to achieve its objectives. IA can be of significant value if it maintains...
  • Risk Based Internal Audit Services

    Why Internal Audit Matters In order to run your business, you develop processes to manage the factors that drive performance and help control internal and external risks that could prevent you from...
  • GDPR Training: India gets ready for GDPR

    Riskpro welcomes you to GDPR Training Background GDPR and privacy issues, along with infrastructure management and emerging technologies, rank as the top technology challenges organisations face...
  • Digital Forensic Services

    Riskpro has partnered with a specialist Digital Forensics Services firm to offer digital forensic services. This involves analysis of digital assets for specified objectives. Whether it is a...
  • COSO ERM 2017 - Know the risks that matter

    In risk management, the end goal is to manage the risks that matter, and not to manage all the risks that can exist. For this, a welcome update to COSO ERM 2017 is the shift from process based risk...
  • Automating Legal Compliance Management

    Never miss a compliance. Register by sending an email to info@riskpro.in
  • Cybersecurity Checklist - NIST Framework

    Riskpro has developed a cybersecurity checklist based framework to perform a self assessment of cyber risk preparedness. Please email info@riskpro.in to obtain more information on this.
  • Legal and Compliance Audits

    Regulations and legal / compliance burden is affecting organisations of all sizes and across industry sectors. The challenge to timely identify updates to regulatory changes and the time consuming...
  • Part time and Staff Augmentation

    With the Companies Act, 2013 placing a lot of importance on Audit, Risk...
  • Go to top