Featured Article

Featured Article 

Sign up for our free BSA/AML Webinar

Click Here

 

Newsletter Signup

 

Comp Survey
 

2011 Independent Bank Compensation Survey


Have A Question?

We'll get right back to you.

Name:
Company:
Email:
Phone:
Interest:
Question:
TypeCode:* Security Image
Follow Us:
Home > Library > Accounting > Risk Evaluation and Response
Bookmark and Share

Risk Management: Risk Evaluation and Response

9/29/2011

By Lindsey Hengeli, CPA

Editor's Note: This is the third article in a series on Risk Management.

In a 2010 survey, the Committee of Sponsoring Organizations of the Treadway Commission (COSO) determined that despite the growing complexities in the risk environments of most organizations, “the level of risk management sophistication still remains fairly immature.” A thorough risk assessment is often the easiest way to increase the sophistication of an entity’s risk management process.

The risk assessment is a top-down look at the most important risk exposures across an organization.

The first step in this process is to define the most significant risk exposures (credit risk, market risk, operational risk, etc.) as well as significant functional areas of the organization (lending, asset/liability management, accounting & financial reporting, etc). Once these have been identified, a risk scoring matrix can be used to identify the impact each risk has on each functional area.

When assessing these risks, consideration should be given to various risk factors such as likelihood, impact, and direction of the risk. Gathering this data can be accomplished through interviews, surveys, and during various committee meetings. A listing of other risk considerations can be found here.

After the key risks and their impacts on the organization have been identified, management can work on determining how to respond to the risks presented. Some responses, such as accepting the inherent nature of the risk or deciding to eliminate or avoid the source of the risk, are fairly straightforward. Other common responses include reducing or sharing risk or requiring a specific action plan to address any gaps that are beyond those considered acceptable. Development of these action plans, specifically development of a strong system of internal controls, will be discussed at a later time.

Keep in mind, an entity’s risk assessment should be considered a living document that is to be continually edited and refined. Those individuals responsible for risk oversight should periodically review and update the risk assessment in order to identify new and emerging risks.

Please feel free to contact us if you have any questions or would like a risk assessment template to get you started.