GETTING THE LEVEL OF ASSESSMENT RIGHT
A risk and control self-assessment aims to capture the risks and controls of a firm at the required level. This level may be firm-wide (strategic), process/departmental or activity, as shown in Figure 6.3. A strategic risk and control self-assessment will derive its risks and controls from the business objectives of the firm and what will prevent the firm from meeting its business objectives. Similarly, the risk and control self-assessment carried out at a higher level will take account of the departments or divisions which a firm has and the objectives of those departments or divisions. These may be high-level areas, i.e. at a major business unit level, or may be at a lower-level such as a single department. ...
Get Mastering Risk Management now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
