Internal Controls and Risk Management -Five Key defenses against risk

(Extract from Online News)

"Achieving the proper balance between entrepreneurial risk and enterprise value protection is the most difficult task of risk management and internal control, according to a new report from the Committee of Sponsoring Organizations of the Treadway Commission (COSO)"

The report describes how COSO’s enterprise risk management (ERM) and internal control frameworks can be used to improve organisational performance and governance

"The five lines of defence identified by DeLoach, a managing director for global consulting firm Protiviti, are:

1. Tone of the organisation. Tone at the top is not enough, DeLoach said. He said the tone at the middle and bottom of organisations – as established by middle managers instructing their employees – must be aligned with the tone at the top. “A proper tone of the organisation sets a strong risk culture, which is foundational to the other lines of defence,” DeLoach said.

2. Primary risk owners. These include business owners and process leaders whose activities create risk. DeLoach said they need to take ownership in managing and mitigating risk.

3. Independent risk-management and compliance management functions. The titles of these functions vary across organisations, but DeLoach said their duties are to create a framework for identifying, measuring, evaluating and monitoring risk, and to ensure that the framework is applied across the organisation in a robust manner.

4. Assurance functions. This role is typically filled by internal audit, DeLoach said.

5. Escalation process. This involves reporting of status, progress and problems all the way up to executive management and the board of directors. “They are the last line of defence,” DeLoach said."

http://www.coso.org/documents/2014-2-10-COSO%20Thought%20Paper.pdf

Article Source : http://www.cgma.org/Magazine/News/Pages/20149569.aspx

Risk Category: 

Other Services of Interest

  • GDPR - Data Privacy Trainings - Six Webinar on GDPR Anniversary - Riskpro

    GDPR turns ONE on 25 May 2019. On this Anniversary, lets explore what the last 12 months meant for global companies as it relates to Data Protection and Privacy. Riskpro India has organised 6 GDPR...
  • HIPAA Awareness Training (Mandatory) - Riskpro India

    EVENT OVERVIEW: HIPAA stands for the Health Insurance Portability and Accountability Act and is a US regulation that deals with security measures for protecting patient’s medical records. Employees...
  • SEBI's Insider Trading Amendment - Free Webinar by Riskpro India

    Another important compliance topic that kicks off today. SEBI Amendment to Insider Trading Regulations. Join us for an hour to learn the important changes and how to deal with these. Register -...
  • Sox Training

    Our sox training covers the following points. 1. What is SOX? 2. The Act and its Sponsorors. 3. The background for bringing in this act. 4. Major Sections in the Act 5. Section 404 overview 6...
  • EUC Risks : Manage Spreadsheet risks - Riskpro India

    EVENT OVERVIEW Uncontrolled and untested spreadsheet models pose significant business risks. These risks include: lost revenue and profits; mispricing and poor decision making due to prevalent but...
  • 1 Day AML Training by Riskpro India - Mumbai

    Training event in Bangalore on Anti Money Laundering (AML) and KYC “Are we doing enough to protect integrity of Indian financial sector?” Banks face growing costs to comply with AML requirements...
  • GDPR Countdown

    Riskpro is working hard so that clients can GDPR deadline as the clock ticks away.
  • EU-US Privacy Shield for Data Transfers

    Come GDPR (General Data Protection Act) and EU-US PRivacy shield will assume more importance. Privacy Shield Overview The Privacy Shield program, which is administered by the International Trade...
  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Go to top