Risk Management Context
The risk management project must acknowledge the enterprise objectives that are relevant to the project. It must also consider the necessity of balancing costs, benefits and opportunities.
A project consists of a set of tasks entrusted to a team, which transforms a system or part of a system with the aim of achieving a given objective.
For more details on projects, see Risk Management Projects. The responsibility of management in relation to risks taken by their enterprise not only imposes the installation of control systems to enable risk management, but also their demonstration at audit and attachment to the corresponding paragraphs of regulations.
The control systems imposed by regulations (Sarbanes-Oxley Act, etc.), by clients (ISO 9000 certification), or by sectorial control systems (Basel II in the banking sector, etc.) can be superimposed on the control systems implemented in an enterprise
A control system is a set of controls that ensure risk prevention and management, application of internal operating rules, respect a law or regulation, or work towards achievement of an objective as defined by company strategy. Examples: quality control system, control system relating to IT and Privacy, management control system, internal audit systemLast but not least, the description of the internal context in which the risk management process operates can be supplemented by the description of existing control systems.
During risk management projects, existing control systems will be reviewed and new control systems may be created.
For more details on control systems, see Control Systems.