2.3 The risk management cycle Controls assurance Controls assurance is the process whereby controls are reviewed by management and staff. There are various ways to conduct these exercises, from highly interactive workshops based on behavioural models at one end of the spectrum to pre-packaged self audit internal control questionnaires at the other. These models all include monitoring and risk assessment among their principal components.
The risk management cycle is an interactive process of identifying risks, assessing their impact, and prioritising actions to control and reduce risks. A number of iterative steps should be taken: 1 2 3 4 5 6 7
Establish a risk management group and set goals. Identify risk areas. Understand and assess the scale of risk. Develop a risk response strategy. Implement the strategy and allocate responsibilities. Implement and monitor the suggested controls. Review and reďŹ ne the process and do it again.
Figure 3 The CIMA risk management cycle
Establish risk management group and set goals
Identify risk areas
Review and reďŹ ne process and do it again
Understand and assess scale of risk Information for decision making
Implementation and monitoring of controls
Develop risk response strategy
Implement strategy and allocate responsibilities
19