Featured Article

Featured Article 

Take Our 2012 Social Networking Survey

Click Here

 

Newsletter Signup

 

Comp Survey
 

2011 Independent Bank Compensation Survey


Have A Question?

We'll get right back to you.

Name:
Company:
Email:
Phone:
Interest:
Question:
TypeCode:* Security Image
Follow Us:
Home > Library > Accounting > Risk Management Process
Bookmark and Share

Risk Management Process

8/19/2010

By Lindsey Hengeli, CPA

Banks are in the risk business. The basics of lending and borrowing require a banking organization to use their balance sheet to facilitate a transaction and absorb the risks associated with it. The goal of effective risk management is not to eliminate risk, but to optimize the risk-return tradeoff. As such, risk management should be at the heart of every financial institution.

The Committee of Sponsoring Organizations of the Treadway Commission defined enterprise risk management as “a process, effected by an entity’s board of directors, management, and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

There are a few basic principles that should be incorporated into a bank’s risk management framework regardless of the size or complexity of the organization.

Board and Management Oversight

An organization’s board of directors is a key player in risk oversight. The board and management must have a shared understanding about an organization’s risk management philosophy when setting goals and evaluating risks. Risk management policies need not only be created but also clearly communicated across the organization. It is management’s responsibility to ensure these policies are embedded in the culture of an organization. Management must also ensure policies remain up to date with changes in both the internal and external environment.

Risk Evaluation and Response

Risk assessment allows an organization to understand the extent to which potential risks might impact business objectives. If risks are not assessed and measured, it will not be possible to control them. Analyzing risks, considering the likelihood and impact, is necessary before an organization can determine how to respond to the risks presented. The four commonly accepted responses to risk are as follows:

  1. Avoidance – avoiding or eliminating the source of the risk;
  2. Acceptance – accepting the inherent nature of the risk, often due to a cost-benefit analysis;
  3. Reduction – taking action to reduce the likelihood or impact of the risk; and
  4. Sharing – transferring or sharing a portion of the risk in order to reduce it.

Control Activities

A strong system of internal control is essential to effective risk management. Policies and procedures must be established and implemented to help ensure the risk responses are successfully carried out.

Effective risk management is a continuous process. As the risks to an organization change, whether due to internal or external influences, so must the risk management policies and risk responses. Integrating risk management into an entity’s everyday operations is essential to successfully executing its business strategies and optimizing on the risk-return tradeoff.