Risks impact on stakeholders

　　(1) Shareholders: Potential loss of value of investment (fall in share price) and loss of income (decrease in dividends)。

　　(2) Directors: Loss of income (assuming remuneration is linked with company performance) and potential for poor reputation.

　　(3) Managers/Employees: Fall in remuneration or become demotivated.

　　(4) Customers: Mainly negative impact on the company because of poor product reputation.

　　(5) Suppliers: Loss of supply.

　　(6) Government: Less tax revenue raised.

　　(7) Banks: Loans and interest due to banks are not repaid.

　　Risk assessment

　　Risk map

　　(1) The map identifies whether a risk will have a significant impact on the organization and links that into the likelihood of the risk occurring.

　　(2) The approach can provide a framework for prioritizing risks in the business.

　　(3) Risks with a significant impact and a high likelihood of occurrence need more urgent attention than risks with a low impact and low likelihood of occurrence.

　　(4) The significant and impact of each risk will vary depending on the organization.

　　Board consideration of risk

　　(1) The board considers risk at strategic level and defines the organization’s attitude and approach to risk.

　　(2) The board is responsible for ensuring that risk management supports the strategic objectives of the organization.

　　(3) The board will determine the level of risk which the organization can accept in order to meet its strategic objectives, and which cannot be managed or is not cost-effective to manage.

　　(4) The board ensures that the risk management strategy is communicated to the rest of the organization and integrated with all the other activities.

　　(5) The board is responsible for driving the risk management process and ensuring that managers responsible for implementing risk management have adequate resources.

　　(6) The board reviews risks and identifies and monitors progress of the risk management plans.

　　Reporting on internal control and risk

　　(1)

　　(2)

　　(3)

　　(4)

　　(5)

　　Part D – Controlling Risk

　　Role of risk manager

　　(1) Risk manager is a member of the risk management committee, reporting directly to that committee and the board.

　　(2) The role of manager focuses primarily on implementation of risk management policies.

　　(3) The risk manager is supported and monitored by the risk management committee.

　　(4) Policy is set by the board and the risk management committee and implemented by the risk manager therefore the role is more operational than strategic.

　　(Risk manager is responsible for)

　　(1) Identifying and evaluating the risks affecting an organization.

　　(2) Implementing risk mitigation strategies including appropriate internal control to manage identified risks.

　　(3) Seeking opportunities to improve risk management methods and practices.

　　(4) Developing, implementing and managing risk management programs and initiatives.

　　(5) Maintaining good working relationships with the board and the risk management committee.

　　(6) Working with the external auditors to provide assurance and assistance in their work in appraising risks and controls of the organization.

　　(7) Reporting on risk management.

　　Role of internal/external auditing

　　(1) Risk is integral to the work of internal and external audit, both in terms of influencing how much work they do and also what work they actually do.

　　(2) Risk auditing assists the overall risk monitoring process by providing an independent view of risks and controls in an organization.

　　(3) With auditing, a fresh pair of eyes may identify errors or omissions in the original risk monitoring process.

　　(4) External auditors will be concerned with risks that impact most on the figures shown in the financial accounts.

　　(5) Internal auditors have more flexible role and their approach depends on whether they focus on the control or the overall risk management process.