I
wrote in a previous post (here) about a pragmatic approach to implement ERM in
financial services.
This was partly about recognising the practical implications of what is often
said that ERM is a journey rather than a destination. The suggestions made included assessing
regularly the effectiveness of the ERM system to inform future improvements and
that internal audit teams be tasked with that assessment, given their independence from the business and risk function.
Someone suggested that I look up the report of a commission established by the UK's Chartered Institute of Internal Auditors to consider the effectiveness of internal audit in
financial services (here).
I was
pleasantly surprised to read one of the recommendations: “Internal
Audit should include within its scope an assessment of the adequacy and effectiveness
of the Risk Management …” (page 8 of the report).
It is
interesting that while the Chartered Institute of Internal Auditors and I were looking at this from different
perspectives – assurance and implementation, respectively – we both ended up
with the same conclusion about the importance of assessing how ERM is operating
in practice.
Leaving
this aside, the report is worth reading to see in practice how risk
considerations are affecting other parts of a financial services business. Wearing my economics hat, I particularly liked the Committee’s recognition
that mandating 'best practice' of application would not be appropriate (page 5). Indeed, there is a cost-benefit consideration
for each financial services business which should shape how these guidelines
are complied. Requiring best practice simply rules out this cost-benefit consideration, which can be more beneficial in the long-term. 
No comments:
Post a Comment