qITIL中級(jí)課程風(fēng)險(xiǎn)管理_第1頁(yè)
qITIL中級(jí)課程風(fēng)險(xiǎn)管理_第2頁(yè)
qITIL中級(jí)課程風(fēng)險(xiǎn)管理_第3頁(yè)
qITIL中級(jí)課程風(fēng)險(xiǎn)管理_第4頁(yè)
qITIL中級(jí)課程風(fēng)險(xiǎn)管理_第5頁(yè)
已閱讀5頁(yè),還剩58頁(yè)未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

qlTIL中級(jí)課程風(fēng)險(xiǎn)管理

Contents

CHAPTER1:INTRODUCTION

1.1Purposeofthisguide

1.2Whatismanagementofrisk?

Inthisguideriskisdefinedasuncertaintyofoutcome,whetherpositiveopportunityornegative

threat.Theterm'managementofrisk'incorporatesalltheactivitiesrequiredtoidentifyandcontrol

theexposuretoriskwhichmayhaveanimpactontheachievementofanorganisation'sbusiness

objectives.

Everyorganisationmanagesitsrisk,butnotalwaysinawaythatisvisible,repeatableand

consistentlyappliedtosupportdecisionmaking.Thetaskofmanagementofriskistoensurethat

theorganisationmakescosteffectiveuseofariskprocessthathasaseriesofwelldefinedsteps.

Theaimistosupportbetterdecisionmakingthroughagoodunderstandingofrisksandtheirlikely

impact.

Therearetwodistinctphases:riskanalysisandriskmanagement.Riskanalysisisconcernedwith

gatheringinformationaboutexposuretorisksothattheorganisationcanmakeappropriate

decisionsandmanageriskappropriately.

Managementofriskinvolveshavingprocessesinplacetomonitorrisks,accesstoreliableandupto

dateinformationaboutrisks,therightbalanceofcontrolinplacetodealwiththoserisks,and

decisionmakingprocessessupportedbyaframeworkofriskanalysisandevaluation.

Managementofriskcoversawiderangeoftopics,includingbusinesscontinuitymanagement,

security,programme/projectriskmanagementandoperationalservicemanagement.Thesetopics

needtobeplacedinthecontextofanorganisationalframeworkforthemanagementofrisk.Some

risk-relatedtopics,suchassecurity,arehighlyspecialisedandthisguidanceprovidesonlyan

overviewofsuchaspects.

1.3Whymanagementofriskisimportant

Acertainamountofrisktakingisinevitableifyourorganisationistoachieveitsobjectives.Effective

managementofriskhelpsyoutoimproveperformancebycontributingto:

?increasedcertaintyandfewersurprises

?betterservicedelivery

?moreeffectivemanagementofchange

?moreefficientuseofresources

bettermanagementatalllevelsthroughimproveddecisionmaking

reducedwasteandfraud,andbettervalueformoney

innovation

?managementofcontingentandmaintenanceactivities.

1.4Whoisinvolvedinriskmanagement

Inpractice,everyoneinanorganisationisinvolvedinriskmanagementtosomeextentandshould

beawareoftheirresponsibilitiesinidentifyingandmanagingrisk.However,therearesomeaspects

forwhichresponsibilitymustbeassignedtoindividuals.Withoutclearresponsibility(andthe

authoritytosupportthatresponsibility)someriskswillbemissedoroverlooked.

Inthepublicsector,therearetwomajorroleswithaclearresponsibilitytoensurerisksaremanaged

(therewillbeequivalentstotheserolesinprivatesectororganisations).Theserolesare:

?anAccountingOfficer(orequivalentseniormanager),whoisresponsibleforthe

organisation'soverallexposuretorisk.TypicallythispersonwillbetheChiefExecutive

Officer(CEO);theseniormanagerintheorganisation.Theymaydelegatesomeofthe

actionsbutcannotforgotheresponsibility

?aseniormanageractingasaproject'owner;whoisresponsibleforriskrelatingtoaspecific

programmeorprojectandfortherealisationofassociatedbusinessbenefits.

Audienceforthisguidance

Businessmanagers,processowners,strategicplanners,projectandprocurementteams,business

continuityplannersandsecurityteamsaretheprimaryaudienceforthisguidance,togetherwith

theirserviceproviders.

Itwillalsobeofinteresttoauditors,withtheirresponsibilityforensuringeffectivecorporate

governance.

1.5Howtousethisguide

Chapter1introducesthestructure,processandcultureofmanagementofrisk,explainingwhy

organisationsneedtodeviseandimplementeffectivestrategiesinordertomaximiseopportunities

andminimisethreatstotheachievementoftheirbusinessobjectives.Itidentifieskeypersonnelin

themanagementofriskandthetargetaudiencefortheguidance.

TheAnnexesprovidesupportingdetail:

1.6Theresearchforthisguidance

CHAPTER2:PRINCIPLES

Thischapteroutlinesthekeyprinciplesunderpinningtheeffectivemanagementofrisk.

2.1Criticalsuccessfactorsformanagementofrisk

Thekeyelementsthatneedtobeinplaceifriskmanagementistobeeffective,andinnovation

encouraged,include:

?clearlyidentifiedseniormanagementtosupport,ownandleadonriskmanagement

?riskmanagementpoliciesandthebenefitsofeffectivemanagementclearlycommunicated

toallstaff

?existenceandadoptionofaframeworkformanagementofriskthatistransparentand

repeatable

?existenceofanorganisationalculturewhichsupportswellthought-throughrisktakingand

innovation

?managementofriskfullyembeddedinmanagementprocessesandconsistentlyapplied

?managementofriskcloselylinkedtoachievementofobjectives

?risksassociatedwithworkingwithotherorganisationsexplicitlyassessedandmanaged

?risksactivelymonitoredandregularlyreviewedonaconstructive'no-blame'basis.

Jointworkingandpartnershipsofteninvolvemorecomplextypesofriskthatcanadverselyaffect

thedeliveryofbusinessservices.Forexample,ifpartoftheserviceprovidedbyoneorganisationis

delayedorofpoorquality,thesuccessofthewholecollaborationcanbeputatrisk.Youmustmake

surethatyourorganisationknowsabouttheriskmanagementapproachesofyourpartners.Sharing

informationaboutriskmanagementmeansthatrisksincollaborativeprogrammescanbeidentified

andmanagedinaproactiveway.

Publicsectorconcerns

TheModernisingGovernmentinitiativeseekstoencouragethepublicsectortoadoptwellmanaged

risktakingwhereitislikelytoleadtosustainableimprovementsinservicedelivery.Moreeffective

riskmanagementwillimprovethepublicsector'sabilitytoundertaketheincreasinglycomplexand

cross-cuttingprojectsthataredemandedbytheModernisationagenda.Publicsectororganisations

needtohaveinplacetheskills,managementstructuresandorganisationalstructurestotake

advantageofpotentialopportunitiestoperformbetterandtoreducethepossibilityoffailure.

Thekeyareasthathavetobeaddressedare:

?theneedfora'riskowner'atseniorlevel,foranactivity(strategy,programmeorproject).

Heorsheissupportedbyriskownersateverydayworkinglevelsasappropriateforthe

activityandriskexposure

?theneedforimprovedreportingandupwardreferralofmajorproblems

?opportunitiesandthepotentialresolutionapproaches

theneedforsharedunderstandingofriskmanagementatalllevelsintheorganisationand

withpartners,combinedwithconsistenttreatmentofrisk

managingprojectriskinthewidercontextofprogrammesofchangeandthebusiness.

Meetingtheneedsofcorporategovernance

Corporategovernanceistheongoingactivityofmaintainingasoundsystemofinternalcontrolto

safeguardshareholders'investmentandthecompany'sassets.

TheTurnbullReportstatesthat:

'acompany/sobjectives,itsinternalorganisationandtheenvironmentwhichitoperatesinare

continuallyevolvingandasaresulttherisksitfacesarecontinuallychanging.Asoundsystemof

controlthereforedependsonathoroughandregularevaluationofthenatureandextentoftherisks

towhichthecompanyisexposed.Sinceprofits[orbusinessresults]areinparttherewardfor

successfulrisktakinginbusiness,thepurposeofinternalcontrolistohelpmanageandcontrolrisk

ratherthaneliminateit.'

Corporategovernanceframeworksmustensurethatmanagementisheldaccountablefora

corporation'sperformanceandthatownersareabletomonitorandinterveneintheoperationsof

management.

Theseprinciplesapplyequallytothepublicandprivatesectors.Whereascorporationsfocusmainly

onshareholderreturnsandthepreservationofshareholders'value,thepublicsector'sroleisto

implementprogrammescosteffectivelyinaccordancewithGovernmentlegislationandpolicies.

Policyonmanagementofrisktosupportcorporate

governance

Tosupportcorporategovernance,thereneedstobeariskmanagementpolicyinplace.Thispolicy

should:

?beappropriateforthesizeandnatureofyourorganisation,itsbusinessandoperating

environment

?beclearabouttheroles(and,ifpossible,individuals)thatareresponsibleforrisk

?beclearaboutescalationcriteriainrelationtoriskmanagement(i.e.zwhentoreferdecision

makingupwards)

?ensurethatprocesses,andthecuIture/infrastructure,toidentifyandmanageriskareputin

place;theseprocessesmustberepeatable

setupthemechanismformonitoringthesuccessoftheapplicationofthepolicy(including

reportstomanagement,atleastannually)

?ensurethatinternalcontrolmechanismsareinplaceforindependentassessmentthatthe

policyisimplemented(andchecked).

2.2Whatisatriskandwhy?

Relatingmanagementofrisktosafety,securityandbusiness

continuity

Managementofriskshouldbecarriedoutinthewidercontextofsafetyconcerns,securityand

businesscontinuity.

?Healthandsafetypolicyandpracticeisconcernedwithensuringthattheworkplaceisa

safeenvironment.

?Securityisconcernedwithprotectingtheorganisation'sassets,includinginformation,

buildingsandsoon.

?Businesscontinuityisconcernedwithensuringthattheorganisationcouldcontinueto

operateintheeventofadisaster;suchaslossofaservice,floodorfiredamage.

Figure1:Reasonsforariskmanagementprocess

Reducingriskinlargescaleprojects

Experiencehasshownthatprogrammesandprojectsattemptingalargescale,comprehensive

businesschangearelesslikelytobesuccessfulthanthosetakingalessambitious,step-by-step

approach.Althoughthelatterincreasesmanagementactivity,witheachoftheelementsneedingto

becontrolledandcoordinated,theadvantagesarethatactivitiesare:

?easiertomanage

?simplertoimplementwithinthebusinessenvironment

?easiertoacceptformallyas,typically,thespecificationiseasiertodocumentandthus

simplertoverifythatithasbeenmet

?abletooffermoreoptionsforcontingency

?morelikelytoaccommodatefastmovingchangesintechnology,orinthepoliticalor

financialenvironment

abletooffermoredecisionpoints,allowinggreatercontroloftheproject.

2.3Decisionsaboutrisk

Decisionsaboutriskneedtobebalancedsothatthepotentialbenefitsareworthmoretothe

organisationthanitcoststoaddresstherisk.

Forexample,innovationisinherentlyriskybutcouldachievemajorbenefitsinimprovingservices.

Theabilityoftheorganisationtolimititsexposuretoriskwillalsobeofrelevance.

Youshouldaimtomakeanaccurateassessmentoftherisksinagivensituationandanalysethe

potentialbenefits.Therisksandopportunitiespresentedbyeachcourseofactionshouldbedefined

inordertoidentifyappropriateresponse.

Scopeofdecisions

Decisionsaboutriskwillvarydependingonwhethertheriskrelatestolong,mediumorshort-term

goals.

Strategicdecisionsareprimarilyconcernedwithlong-termgoals;thesesetthecontextfordecisions

atotherlevelsoftheorganisation.Therisksassociatedwithstrategicdecisionsmaynotbecome

apparentuntilwellintothefuture.Thusitisessentialtoreviewthesedecisions,andassociatedrisks,

onaregularbasis.

Medium-termgoalsareusuallyaddressedthroughprogrammesandprojectstobringaboutbusiness

change.Decisionsrelatingtomedium-termgoalsarenarrowerinscopethanstrategicones,

particularlyintermsoftimeframeandfinancialresponsibilities.

Therearealsoconsiderationsaboutwhatcanrealisticallybeachievedinonechangeinitiative.

Deliveryofeachofthecomponentsofachangeinitiative(whetheraprogramme,projectorstage)

mustprovidesomedirectbenefittotheorganisationasaresultofitsdelivery.Thiscouldbeby

delivering:

?amajorcomponenttosupport/buildtowardstheintendedoutcome-forexample,

providingatelephonehelplinefirstaspartofanewinformationserviceandthenadding

websiteservicestoexpandthefacilitiesavailabletothepublic

?theproducttopartoftheendusercommunityandthen'rollingout'totherestofthat

community-forexample,introducinganewinformationserviceintheNorth-Eastand

graduallymakingitavailablenationwide.

Whenmanaginganyprojectitisessentialtoensuremajordecisionsaremadeappropriately.A

projectwillsupportsomebusinesschangeandsorequiresomethingtobeproducedandthenput

intouse.

0

Figure2:Mainstagesoftheprocurementprocess

2.4Whererisksoccur

Theriskmanagementprocessshouldbemostrigorouslyappliedwherecriticaldecisionsarebeing

made.

?strategicorcorporate

programme

project

operational.

Inpractice,thelevelsoverlap;however,itishelpfultoclarifytheoccurrenceofrisksattheselevels

toinformthekindofdecisionsyouarelikelytomake.

0

Figure3:Organisationalmanagementhierarchy

Itisimportanttonotethatariskmaymaterialiseinitiallyatonelevelbutsubsequentlyhaveamajor

impactatadifferentlevel.ArecentexampleisaHighStreetbankfacingtechnicalfaultsatthe

operationallevel;ultimatelycustomers'confidenceinthebank'sonlineservicebecameastrategic

risk.Thishighlightstheneedforrelevantinformationaboutriskstobesharedthroughoutthe

organisation.

Table1:Riskrelatedtoorganisationallevels

LevelExamplesoftypicalrisksconsideredatthislevel

Strategic/corporateCommercial,financial,political,environmental,directional,cultural,acquisition

andqualityrisks.Thereisafocusonbusinesssurvival,continuityandgrowth

forthefuture.Whenprogramme,projectandoperationalrisksexceedset

criteria-e.g.notacceptable,outsideagreedlimits,couldaffectstrategic

objectives,informationneedstobeescalatedtothislevelsothatappropriate

decisionscanbetaken.

ProgrammeProcurement/acquisition,funding,organisational,projects,security,safety,

qualityandbusinesscontinuityrisks.Whenprojectandoperationalrisksexceed

setcriteria一e.g.notacceptable,outsideagreedlimits,couldaffectprogramme

objectives,informationneedstobeescalatedtothislevelsothatappropriate

decisionscanbetaken.

ProjectPersonal,technical,cost,schedule,resource,operationalsupport,qualityand

providerfailure.Operationalissues/risksshouldbeconsideredatthislevelas

theyaffecttheprojectandhowitneedstoberun.Informationonstrategicand

programmerelatedrisksshouldbecommunicatedtothislevelwheretheycould

affectprojectobjectives.Projectmanagersshouldcommunicateinformationon

riskstootherprojectsandoperationsasappropriate.

OperationsPersonal,technical,cost,schedule,resource,operationalsupport,quality,

providerfailure,environmentalandinfrastructurefailure.AIIthehigherlevels

haveinputtothislevel;specificconcernsincludebusinesscontinuity

management/contingencyplanning,supportforbusinessprocessesand

customerrelations.

Additionalfactors

Additionalfactorsmayincreasethecomplexityofassessingoverallexposuretorisk.Theseinclude:

?interdependencies,orlinksbetweenprojectsand/orrelatedissues,wheretheimpactof

oneormoreriskscouldaffectothers,possiblycreatinga'domino'effect.Youshouldensure

thatanyknowninterdependenciesareidentifiedandassessedsothatappropriateaction

canbeplanned

?therelationshipbetweenbusinessbenefitsandriskstodelivery,whereachievementof

benefitsisdependentonsuccessfuldeliveryofaproject.Youshouldcontinuallycheck

whetherchangingplansaffecttheachievementofbenefits.

2.5Aframeworkformanagingrisk

Aframeworkformanagementofrisksetsthecontextinwhichriskswillbeidentified,analysed,

controlled,monitoredandreviewed.Itmustbeconsistentwithprocessesthatareembeddedin

everydaymanagementandoperationalpractices.Itaddresses:

?howrisksareidentified

?howinformationabouttheirprobabilityandpotentialimpactisobtained

?howrisksarequantified

?howoptionstodealwiththemareidentified

?howdecisionsonriskmanagementaremade,suchasfurtherriskreduction

?howthesedecisionsareimplemented

?howactionsareevaluatedfortheireffectiveness

howappropriatecommunicationmechanismsaresetupandsupported

howstakeholdersareengagedthroughouttheprocess.

2.6Riskownership

Fortheorganisation,ownershipoftheriskmanagementframeworklieswiththeAccountingOfficer

(orequivalentseniormanageratBoardlevel).Individualseniormanagersowntheprogrammeor

projectandareresponsibleforthemanagementoftheoverallriskofthatactivity.However,these

rolesdonotownalltheindividualrisks.Riskownershipmustbeclearlydefined,documentedand

agreedwiththeindividualownersatalllevels,sothattheyunderstandtheirvariousroles,

responsibilitiesandultimateaccountabilitywithregardtothemanagementofrisk.Theownerofa

riskmaynotbethepersontaskedwiththeassessmentormanagementoftherisk,butheorsheis

responsibleforensuringthemanagementofriskprocessisapplied-theremaybeseparateowners

toactuallydealwiththerisks.

Itisimportanttoidentifywhoowns:

?thesettingpolicyandtheorganisation'swillingnesstotakerisk

?themanagementofriskprocessatthedifferentlevels-thatis,strategic,programme,

project,operationallevels

?differentelementsofthemanagementofriskprocess,suchasidentifyingthreats,through

toproducingriskresponsesandreportingondecisions

?implementationoftheactualmeasurestakeninresponsetotherisks

?interdependentrisksthatcrossorganisationalboundaries,whethertheyarebusiness

processes,operationalservicesorprojects.

Forexample,foraseniormanagerwithresponsibilityforaproject,ownershipofriskcouldbe

definedasfollows:

Seniormanagersresponsibleforprojectsmustassurethemselvesthatanumberoftypesofriskare

beingtrackedanddealtwithaseffectivelyaspossible.Themechanismsinplaceformonitoringand

reportingriskwillvaryaccordingtothesizeandcomplexityoftheprojectorprogramme,ranging

fromtheuseofasimpleriskregistertotheappointmentofariskmanagerreportingdirectlytothe

seniormanager.Clearly,thedegreeofdelegationadoptedbytheseniormanagerwillvary,butheor

shemustbesurethatthecriticalissuesarebeingaddressed;forexample,throughchairingthe

projectboardorbydevelopingstrongmechanismsforreportingproblems.

Checklist:ownershipofriskandtheprocess

?Haveownersbeenallocatedforallthevariouspartsofthecompletemanagementofrisk

process?

Arethevariousrolesandresponsibilitiesassociatedwithownershipwelldefined?

?Dotheindividualswhohavebeenallocatedownershipactuallyhavetheauthorityand

capabilitytofulfiltheirresponsibilities?Forexample,suppliersmaybetaskedwithrisk

ownership.

?Havethevariousrolesandresponsibilitiesbeencommunicatedandunderstood?

?Arethenominatedownersappropriateandawareoftheirnomination?

?Isownershipreassessedonaperiodicbasis,orintheeventofachangeinthesituation;

andifnecessary,canitbequicklyandeffectivelyreallocated?

?Doallrisks,andwhereappropriatetheirmitigationactions,haveclearlyidentifiedowners?

Aretheseownersappropriate?

2.7Embeddingtheriskmanagementculture

Identifyingappropriatepolicies,standardsandpracticesisthefirststageofcreatingarisk

managementculture.Oncetheseareinplacetheyneedtobetotallyembeddedinindividuals

throughtheenactmentoftheirrolesandassociatedresponsibilities.

Awarenessofandresponsibilityforriskissuesmustbelinkedexplicitlytokeyobjectives,inorderto

buildasustainableriskmanagementculture.Thereshouldbedelegatedresponsibilityforrisksat

everylevelofobjectivesintheorganisation.Thisisthemajorsupporttoembeddingrisk

managementintotheorganisationanditsculture,withriskmanagementseenasanintrinsicpartof

thewayanorganisationworks.Asthepeopleinanorganisationchange,itisessentialtoensurea

continuingunderstandingofrolesandresponsibilitiesrelatedtomanagingrisk.

Theriskenvironmentisconstantlychangingtoo.Yourorganisation'sprioritiesandtherelative

importanceofriskswillshiftandchange.Assumptionsaboutriskhavetoberegularlyrevisitedand

reconsidered,perhapsbyannualreviewoftherisksassociatedwitheachofthekeyorganisational

objectives.

Establishingappropriatecompetenciesandbehaviours

Animportantaspectofsettingupariskcultureistoensureitisrelevanttotheorganisation.Risk

managementisamajorfacetofeffectivecorporategovernance.

Thoseresponsibleforcorporategovernanceneedtohaveknowledgeandunderstandingof:

?strategicplanning

?legalrequirements

?agreementsandcontracts

?communicationtechniquesandinformationmanagement

?staffmatters,includinghowstaffcanbemotivatedandinvolved

?educationopportunitiesandcontinualprofessionaldevelopment

?continuousimprovementand/oranalyticaltechniques

?howtheorganisationismonitoredandevaluated

?resourcemanagement,includingequalopportunitiesanddelegation.

Althoughmanagerstendtoworkinspecificareasoftheorganisation,eitherbasedontechnical

specialismorbusinessfunction,theyallneedtoidentifyandmanagerisk.Todothistheyneedtobe

ableto:

?ensurethatthesituationisproperlyscoped

?identifyandassesstherisk

?createvalidoptionsforreducingrisktoanacceptablelevel

?collectappropriateandmeaningfulinformationtoassessriskandtheoptions,andthento

monitortherisk

?usesoundreasoningwhenmakingatrade-offbetweenthecostsandbenefitsofmanaging

arisk

?makeaclearcommitmenttoaparticularcourseofaction.

Forplanning,themajorareastoconsiderare:

?decidingonthelikelihoodofaspecificeventoccurring

?prioritisingareastoaddress/actionstoinstigate.Thisrequiresunderstandingthe

implicationsoftheoptionsavailable

?assigningownershipofrisksandactions,containmentorcontingent,tobedeployedina

timelymanner

?ensuringthatcontinuityplanscancopewiththecurrentandpotentialfuturesituation,not

withhowthingswereintherecentpast.

Visibleinformationonrisk

Informationonriskanditsmanagementneedstoreachthepeoplewhohavetotakeactionormake

decisions.Thisinformationwillflowdownwardsandupwardsbetweentheorganisationallevels.

Therewillalsobesidewaysflowsacrosseachlevel,betweenprogrammesorprojects.Thevertical

flowsarethemostimportantastheyreflectlevelsofresponsibilityfordecisionmaking.

Forexample,adecisionmaybemadeatthestrategiclevelthataffectstheprogressofcurrent

programmes.Conversely,thecollectiverisksrelatingtotheprogressofcurrentprogrammesmay

haveastrategicimpact.

Theseexamplesillustratewhyrisksshouldbeidentifiedandhandledateachlevelbeforetheyare

passedupordowntothenextlevel.Goodcommunicationmechanismsareessentialtoavoidthe

followingproblems:

?inadequatecommunicationfromlowerlevels,wherepeoplehave'handson'knowledge,to

thelevelwheredecisionsaremade,leadstounrealisticexpectationsfromsenior

management

?inadequatecommunicationfromthetopdowncanmeanthatprojectsarenolonger

supportingthebusinessdirection.

Communications

Toaddresstheseproblemsyouwillneedtoensurethatappropriatecommunicationmechanisms

existandareadopted.Yourorganisationshould:

?ensurethereissufficientcommunicationtokeystakeholders,whetherinternalorexternal,

tosupporttheirneeds

?ensurethatpeopleareaware,informedandunderstandtheirpartinmanagingrisk

?considerwhetherthereisaneedtoimproveinternalcommunications

?considertrainingneedsandhowthesecanbemetadequately

?ensurepeoplehavetherightinformationattherighttimetofulfiltheirresponsibilities(and

howtorecogniseifthisdoesnothappen).

Ensuringthatyourcontrolsareadequate

Theremustbeadequatecontrolmechanismstomeettheneedsofcorporategovernance.Thesewill

bedescribedintheriskpolicyandimplementedthroughtheriskmanagementframework.Specific

controlswillbeintroducedacrosstheorganisationtocopewithcertaincircumstances,suchas

throughtheuseofprogrammeandprojectmanagement.

Onceanappropriatesetofcontrolsisadopted,anindependentauditwillcheckthattheyareinplace,

adequateandinuse.

2.8Budgets

Themanagementofriskprocessmustbeembeddedintheorganisation,ratherthanbeingtacked

onasanafterthought.Th

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

評(píng)論

0/150

提交評(píng)論