Assessment Criteria for Risk - Extracted from Guidance on Control, published by the Criteria of Control Board (COCO)
A person performs a task, guided by an understanding of its purpose (theobjective to be achieved) and supported by capability (information, resources, supplies and skills). The person will need a sense of commitment to perform the task well over time. The person willmonitor his or her performance and the external environment to learn about how to do the task better and about changes to be made. The same is true of any team or work group. In any organization of people,the essence of control is purpose, commitment, capability, and monitoring and learning.
(Exhibit B in the original document)
1. Objectives should be established andcommunicated.
2. The significant internal and external risks faced by an organization in the achievement of its objectives should be identified and assessed.
3. Policies designed to supportthe achievement of an organization's objectives and the management of its risks should be established, communicated and practised so that people understand what is expected of them and the scope oftheir freedom to act.
4. Plans to guide efforts in achieving the organization's objectives should be established and communicated.
5. Objectives and related plans should include measurableperformance targets and indicators.
1. Shared ethical values, including integrity, should be established, communicated and practised throughout the organization.
2. Human resourcepolicies and practices should be consistent with an organization's ethical values and with the achievement of its objectives.
3. Authority/responsibility and accountability should be clearly defined andconsistent with an organization's objectives so that decisions and actions are taken by the appropriate people.
4. An atmosphere of mutual trust should be fostered to support the flow of...
Lire le document complet
Veuillez vous inscrire pour avoir accès au document.