Start with a solid foundation
Maximizing value from your lines of defense
A solid foundation is essential to having an effective LOD operating model. Consequently, a framework consisting of the elements of EY's Risk Agenda has to form the base.
Start with a solid foundation×
At a minimum, the following should be in place:
- A strong risk culture across the organization.
- A clear definition and communication of risk appetite by the board or executive management.
- A standard language or methodology for identifying, evaluating, measuring and reporting risk.
- A robust governance risk and compliance (GRC) system to support risk identification, assessment, issue tracking, monitoring, assurance and reporting.
- A standardized enterprise-wide risk assessment process that produces a key business risk universe or register linked to business objectives and value drivers.
- Responsibility for coordinating and reporting all risk, control and assurance activities assigned to one person or function.
- Risk owners (overall responsibility) assigned to each risk — this should not create an additional layer within the organization. The most obvious choice for risk owners are those responsible for managing a particular risk as part of their everyday jobs.