R&R - risk-man

Question 1

Board and executive management

B*
Oversight
Regularly
Ensuring
Determining

Answer 1

Oversight of risk-man process

Regularly and periodically monitoring risk profile

Ensuring it received appropriate assurance from management that correct processes are in place and being used correctly

Determining risk appetite

Question 2

Risk committees

R*
Assess
Manage
Play

Answer 2

Assess risk-man processes, risk profile and risk appetite in more depth than board

Manage specific risks and risk events

Play central role in approval of risk-man policies and procedures by reviewing them prior to board approval

Question 3

Chief Risk officer

C*
Overseeing
Directing
Ensuring
Supporting

Answer 3

Overseeing risk-man activities of whole org and ensuring management of risk is consistent with risk appetite

Directing work of risk function

Ensuring regulatory-compliance risk-man arrangements are in place across org by working with compliance and internal audit functions

Supporting board and risk committee in fulfilment of responsibilities, including raising any concerns

Question 4

Risk manager and risk function

R*
Overseeing
Managing
Monitoring
Advising
Supporting

Answer 4

Overseeing, co-ordinating and facilitating risk-man activity across an organisation

Managing specific risks in smaller orgs (possibly)

Monitoring and reporting - collecting exposure and risk-man information

Advising how to control specific risk and training employees

Supporting design and implementation of risk-man processes

Question 5

Compliance manager and compliance function

C*
Acting
Guaranteeing
Ensuring

Answer 5

Acting as intermediary between the org and risk-man regulatory or supervisory bodies

Guaranteeing H&S and environmental risks are managed appropriately

Ensuring that design and operation of risk-man processes are compliant with all applicable rules and guidance

Question 6

Internal audit function

I*
Conducting
Effectively

Answer 6

Conducting audits of risk function and of process used to support management of risk

Effectively assuring that an org’s risk-man process is effective in terms of design and implementation

Question 7

CoSec

C*
Operating
May
May
Always
Smaller orgs

Answer 7

Operating closely with risk, compliance managers or functions

May have compliance related responsibilities

May have direct risk-man responsibilities in certain areas, such as purchase of insurance

Always has a supporting role to play to board so will need to be ready to advise on risk-man responsibilities

Smaller orgs - not uncommon to be given responsibilities of a risk manager

Question 8

Other functions

O*
H
I
O

Answer 8

H&S
Information security
Operations