100%(2)2 out of 2 people found this document helpful
This preview shows page 19 - 22 out of 36 pages.
how their presence in an organization can affect the reliability of controls and communication of strategies and risk appetitePerception layering is an organisational human factor risk, which occurs when one layer of management e.g. the board, the executive or both has performance expectations out of step with operational reality. This is of particular concern for strategy risk and risk appetite.感知分层是一种组织的人为因素风险，当管理层(如董事会、高管或两者)的绩效预期与实际操作不一致时，就会发生这种风险。这对战略风险和风险偏好特别重要。
Question 2Critique the following statement:“In all risk assessments it is necessary to consider the extent to which controls modify risk and the level of risk that is being modified.” 在所有风险评估中，都有必要考虑控制、修改风险的程度以及修改的风险水平a) Risk assessment is the process of risk identification, analysis and evaluation.b) In analysing likelihood and consequence (and therefore risk level) it is necessary to understand the effectiveness of existing controls (i.e. how are they modifying the risk?). Effectivemeans available and reliable.c) Understanding how controls affect likelihood and consequence requires a systematic approachto analyse causes and consequences. A bow-tie diagramis one tool to assists in quantifying impacts and identifying controls that work pre-event, post-event, independently, in common, areredundant or missing. Tracking intrinsic risk levels helps to prioritise review and assurance of critical controls – rated by reference to intrinsic and residual risk.d) Note there are three tools: Bow-Tie, FTA, ETA. If asked remember to quote three and not just Bow-Tie解释：Fault tree analysis (FTA)is a systematic top-down analysisof a system to assess likelihood of failure.Event tree analysis (ETA)is a forward, bottom-up, logical modeling technique for both success and failure that explores responses through a single initiating event and lays a path for assessing probabilities of the outcomes.ETA is a powerful tool that will identify all consequences of a system that have a probability of occurring after an initiating eventthat can be applied to a wide range of systems.The Bow tie diagramlinks together FTA (on left) and ETA (on right). More than one independent control on an event mechanism path increases reliability (i.e. “overlapping control”).Unlike FTA and ETA alone, Bow tie diagramsreveal the complete set of path(s) through which anevent with consequences can occur (left hand side) and the range of consequences which could result (right hand side) including documenting the complete set of controls pre- and post- event and how they are related to each other.
Question 3a) Explain why monitoring is critical to effective governance; 解释为什么监视对有效治理至关重要b) Describe the role of independent audit in the risk process;