90%(30)27 out of 30 people found this document helpful
This preview shows page 6 out of 6 pages.
Check. Review the test, analyze the results and identify what you’ve learned.Act. Take action based on what you learned in the study step: If the change didnot work, go through the cycle again with a different plan. If you were successful,incorporate what you learned from the test into wider changes. Use what youlearned to plan new improvements, beginning the cycle again.d) What role can audit play in monitoring and reviewing risk treatment plans, and how canthis be conducted?Monitoring and review should be a planned part of the risk management process andinvolve regular checking or surveillance. The results should be recorded and reported externallyand internally, as appropriate. The results should also be an input to the review and continuousimprovement of the firm's risk management framework.Responsibilities for monitoring and review should be clearly defined. The firm'smonitoring and review processes should encompass all aspects of the risk management processfor the purposes of:Ensuring that controls are effective and efficient in both design and operationObtaining further information to improve risk assessmentAnalysing and learning lessons from risk events, including near-misses, changes,trends, successes and failuresDetecting changes in the external and internal context, including changes to riskcriteria and to the risks, which may require revision of risk treatments andpriorities.Identifying emerging risks.As part of the monitoring process, the thresholds for the risk criteria should be reviewedat the commencement of each risk assessment cycle to identify the processes that may be subjectto increased risks and, as such, would derive the greatest value from the risk assessment.