Risk Management Roles and Responsibility according to Institute of Risk Management (IRM)

Risk Management Roles and Responsibility according to Institute of Risk Management (IRM). This job description templates can be used to design the Risk Management and Internal Audit functions.

Role of the Board
- The Board has responsibility for determining the strategic direction of the organisation and for creating the environment and the structures for risk management to operate effectively.
- The nature and extent of downside risks acceptable for the company to bear within its particular business
- The likelihood of such risks becoming a reality
- How unacceptable risks should be managed
- The company’s ability to minimise the probability and impact on the business
- The costs and benefits of the risk and control activity undertaken
- The effectiveness of the risk management process
- The risk implications of board decisions

Role of the Business Units
- The business units have primary responsibility for managing risk on a dayto-day basis
- Business unit management is responsible for promoting risk awareness within their operations; they should introduce risk management objectives into their business
- Risk management should be a regular management-meeting item to allow consideration of exposures and to reprioritise work in the light of effective risk analysis
- Business unit management should ensure that risk management is incorporated at the conceptual stage of projects as well as throughout a project

Role of the Risk Management Function
- Setting policy and strategy for risk management
- Primary champion of risk management at strategic and operational level
- Building a risk aware culture within the organisation including appropriate education
- Establishing internal risk policy and structures for business units
- Designing and reviewing processes for risk management
- Co-ordinating the various functional activities which advise on risk management issues within the organisation
- Developing risk response processes, including contingency and business continuity programmes
- Preparing reports on risk for the board and the stakeholders

Role of Internal Audit
- Focusing the internal audit work on the significant risks, as identified by management, and auditing the risk management processes across an organisation
- Providing assurance on the management of risk
- Providing active support and involvement in the risk management process
- Facilitating risk identification/assessment and educating line staff in risk management and internal control
- Co-ordinating risk reporting to the board, audit committee, etc