USING THE DATA FOR MANAGEMENT-ACTIONABLE RISK APPETITE
Having achieved, challenged and validated control assessments and residual likelihood and impact values these can be used by the business to align its expenditure on risks and controls to its risk appetite. As explained further in Chapter 4, Risk appetite, qualitative statements of risk appetite can be represented using the likelihood and impact values which are used in risk and control self-assessments (RCSAs). It is therefore wholly appropriate to ask if the confirmed residual likelihood and impact figures are at levels at which the business is comfortable. If they are at such levels, clearly no further actions are required. However, if the business is not comfortable with the confirmed ...
Get Mastering Risk Management now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
