Corporate Compliance

Tip: How to attack risks

Compliance Monitor, February 11, 2009

Develop you risk-assessment process based on your organization’s size and needs. Consider these eight strategies as you both assess your organization’s internal controls and indentify risks: 
  1. Shared risk language and measurements. Your organization must define risk-related terms (e.g., “serious risk”) and use them consistently. The organization also needs a scale with which to rank and measure risks.
  2. Link enterprise risk management to corporate strategy and competitive advantage. Show the board and CEO how the risk assessment will help the organization reach its goals by explaining how it will benefit the bottom line. Illustrate how doing so will give your organization a competitive advantage.
  3. Get management buy-in. Make sure managers participate in the risk-assessment process and take responsibility for their departments’ risk areas.
  4. Link enterprise risk management to control self-assessments. Enterprise risk management looks at the organization’s overarching strategies, and control self-assessments focus on people’s interests at the department level.
  5. Share risk reports. Make sure managers are able to access risk reports when making decisions.
  6. Assess technology. Make sure your organization has consistent methods for storing and reporting on information-system risk areas.
  7. Responsibility and accountability. Integrate enterprise risk-management activities with other organizational activities, such as reviews and bonuses.
  8. Link the effects of risk identification to good corporate governance. Show how this process enables directors to meet their corporate-governance responsibility. 
This tip was adapted from the Healthcare Auditor’s Handbook. For more information about this book or to order your own copy, visit the HCMarketplace.

Most Popular