Published online by Cambridge University Press: 12 August 2017
Introduction
The previous chapters have outlined the stages that comprise a risk management process. However, as well as following these stages a number of activities should be carried out on a continuous basis. These can be summarised as:
• documentation;
• communication; and
• audit.
Documentation refers to the process by which all aspects of the risk management process are recorded, whilst communication refers to collation and circulation of information, both within an organisation and between that organisation and outside agencies. The final process, audit, covers the ongoing validation of the risk management process.
Whilst the scope of documentation and audit are relatively straightforward, communication covers a wide range of overlapping areas. The systems used to keep track of information could be described as monitoring, whilst the circulation of key items of risk information is also referred to as reporting. However, rather than try to separate these items arbitrarily, they are included in the same section.
Documentation
Risk registers and their roles in the identification of risk have already been discussed in Chapter 8. However, it is important to document the risk management process much more broadly. This means that the reasoning behind the process as a whole should be documented. However, there should also be adequate documentation of all decisions taken, and the reasons for those decisions.
The development of all systems should also be documented in detail, so that any future development can be carried out more easily. This is also true for financial models, the assumptions that they use and the data employed in calculations. As well as recording this information, the reasons for the choices made should also be clearly set out.
Finally, information on risk management failures should also be recorded in a risk incident log. This should refer to the nature of the failure and the financial implication. Information on whether it was caused by a failure to follow process or despite the controls that were in place should also be recorded. This is partly to help assess the effectiveness of the risk management process, but also to inform future developments.
Not absolutely every detail can be recorded, but there should be sufficient information to understand the background to any decisions made.
To save this book to your Kindle, first ensure [email protected] is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about saving to your Kindle.
Note you can select to save to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be saved to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.
Find out more about the Kindle Personal Document Service.
To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Dropbox.
To save content items to your account, please confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your account. Find out more about saving content to Google Drive.