Ci-dessous, vous trouverez un billet, partagé par Denis Lefort, expert-conseil en gouvernance et en audit interne, qui vous incite à prendre connaissance du Bulletin de janvier 2014 du Conference Board intitulé « Risk Oversight: Evolving expectation for Board« .
Risk Oversight : Evolving Expectations for Boards
Présenté par Denis Lefort, CPA, CA, CIA, CRMA
Ce document, très intéressant, fait un retour en arrière sur les différentes analyses et recommandations effectuées par différents groupes dont, le NACD, la SEC, le SSG, Dodd-Frank, ICGN, FSB, FRC (les acronymes sont explicitées dans le document de 10 pages), dans la foulée des scandales financiers de 2008.
Le document est très critique quant au rôle très actif que devraient jouer les conseils d’administration au niveau de la surveillance des risques. Il est aussi très critique des approches mises en œuvre par les fonctions Gestion des risques et audit interne. Enfin, des recommandations sont formulées pour ces trois instances.
Bien qu’au départ, le document ait ciblé les institutions financières, ses propos peuvent s’appliquer à un grand éventail d’organisations. C’est pourquoi je vous encourage tous à en prendre connaissance et à le partager avec vos dirigeants, membres de conseils, collègues et contacts professionnels. Voici un extrait. Bonne lecture !
The Risk Oversight Committee is responsible for :
a. determining where and when formal documented risk assessments should be completed, recognizing that additional risk management rigor and formality should be cost/benefit justified
b. ensuring that business units are identifying and reliably reporting the material risks to the key objectives identified in their annual strategic plans and core foundation objectives necessary for sustained success, including compliance with applicable laws and regulations
c. reviewing and assessing whether material risks being accepted across XYZ are consistent with the corporation’s risk appetite and tolerance
d. developing, implementing, and monitoring overall compliance with this policy
e. overseeing development, administration and periodic review of this policy for approval by the board of directors
f. reviewing and approving the annual external disclosures related to risk oversight processes required by securiti esregulators
g. reporting periodically to the CEO and the board on the corporation’s consolidated residual risk position
h. ensuring that an appropriate culture of risk-awareness exists throughout the organization
Business unit leaders are responsible for:
a. managing risks to their unit’s business objectives within the corporation’s risk appetite/tolerance
b. identifying in their business when they believe the benefits of formal risk assessment exceed the costs, or when requested to by the CEO or risk oversight committee
Risk management and assurance support services unit is responsible for :
a. providing risk assessment training, facilitation, and assessment services to senior management and business units upon request
b. annually preparing a consolidated report on XYZ’s most significant residual risks and related residual risk status, and a report on the current effectiveness and maturity of the Corporation’s risk management processes for review by the risk oversight committee, senior management, and the corporation’s board of directors
c. completing risk assessments of specific objectives that have not been formally assessed and reported on by business units when asked to by the risk oversight committee, senior management, or the board of directors; or if the risk management support services team leader believes that a formal risk assessment is warranted to provide a materially reliable risk status report to senior management and the board of directors
d. conducting independent quality assurance reviews on risk assessments completed by business units and providing feedback to enhance the quality and reliability of those assessments
e. participating in the drafting and review of the corporation’s annual disclosures in the Annual Reports and Proxy Statement related to risk management and oversight
Articles reliés :
Redefining The Role Of Internal Audit: Part Two (business2community.com)
Redefining The Role Of Internal Audit: Avoiding Redundancy (business2community.com)
Risk Based Internal Audit Planning (learnsigma.co.uk)
The difference between internal audit and external audit, by a firm consulting (iareportg5.wordpress.com)
Getting from Continuous Auditing to Continuous Risk Assessment (mjsnook.co)
The Internal Audit Activity’s Role in Governance, Risk, and Control (IIA Certified Internal Auditor – Part 1) (examcertifytraining.wordpress.com)