 |
- Board of Directors to be given adequate exposure to / training on the company’s business model and risk profile
- Risk management framework to be developed and approved by the Board
- Risk Management Framework to consider strategic (including environmental), operational and support areas in its assessment of risks
- Risk Management Framework to define a common risk language, ie: definition of risks, well defined criteria for measuring and prioritizing risks and identification of thresholds to determine Risks That Matter (ie, the most significant risks)
- Risk assessment to be performed at least annually and reviewed by the Board
- Risk assessment review to focus on the key risks facing the company in order to prioritize resource allocation towards mitigating actions
- Primary ownership for risks and timelines for mitigation to be defined clearly
- Risk Management Framework to include strong monitoring component to track implementation of risk mitigation plans
- Controls/mitigation plans committed by management to be included in scope of internal audit to provide assurance to the Board and Audit Committee on these.