A process model is developed for each administrative area to identify the potential points of failure, the internal or external events which can trigger risk, and the corrective measures to be implemented. There is ownership of responsibility for the potential points of failure.
Guideline code
GG_06600
Mechanism
Mechanism
- The management should review all process models on an ongoing basis. Process models should identify potential points of failure that impact upon the continuity of business operations. They should be stress-tested and challenged with other analyses and information.
- The management should supervise the development of coordinated responses for each type of risk.
- The management should calibrate risk response measures according to the expected impacts and effects on the institution, bearing in mind the following options:
- To transfer the risk, e.g. to an insurer;
- To tolerate risks that have low probability of occurrence or insignificant impact;
- To terminate the risk by dropping the activity associated with the risk; or
- To implement measures to manage the risk.
- Risk assessment through process models may be automated to provide the management with an early warning system.
- The management should monitor and review the effectiveness and cost efficiencies of the risk management measures.
Structure
Structure
- The management should identify and assess the potential risks faced by the institution over a given timeframe, using a process model for each of the relevant administrative areas.
- The management may have a core team to perform the task of risk assessment, with the internal auditor in a central role. External specialists in risk management may advise the management and the core team.
- The management should submit for board approval the proposed response measures to actively manage or prevent the risks faced by the institution, including recommendations to improve their effectiveness and cost efficiencies.
Title HTML
Guideline 50. Process model
Type
Guideline_1
Weight
70