Risk Management (10–20%)
2.1 Corporate Risk Management
Risk is pervasive throughout an organization as it can arise from any business function or process at any time without warning. Because of this widespread exposure, no single functional department management, other than the board of directors, can oversee the enterprise-wide risk management program. This approach also supports the idea that risks cannot be identified, measured, and monitored on a piecemeal basis. A holistic approach is needed.
Since risks can arise in any business function or process, it makes good sense for business unit line management to accept full responsibility for risk management with support from a centralized risk management function. The business unit line management must see that managing risk is an integral part of its mission, for example, manufacturing a product or delivering a service, where risks are linked to business objectives and strategy. The business unit line managers are thus responsible for identifying, managing, and reporting risk matters upstream through the management hierarchy to members of the board of directors. The board then works with the audit committee or other committee members in coordination with the chief risk officer (CRO) to manage enterprise-wide risks. ...