Start with a solid foundation

Maximizing value from your lines of defense

  • Share

A solid foundation is essential to having an effective LOD operating model. Consequently, a framework consisting of the elements of EY's Risk Agenda has to form the base.

EY chart – The RISK Agenda: client issues

Start with a solid foundation

EY chart – The RISK Agenda: client issues ×

At a minimum, the following should be in place:

  • A strong risk culture across the organization.
  • A clear definition and communication of risk appetite by the board or executive management.
  • A standard language or methodology for identifying, evaluating, measuring and reporting risk.
  • A robust governance risk and compliance (GRC) system to support risk identification, assessment, issue tracking, monitoring, assurance and reporting.
  • A standardized enterprise-wide risk assessment process that produces a key business risk universe or register linked to business objectives and value drivers.
  • Responsibility for coordinating and reporting all risk, control and assurance activities assigned to one person or function.
  • Risk owners (overall responsibility) assigned to each risk — this should not create an additional layer within the organization. The most obvious choice for risk owners are those responsible for managing a particular risk as part of their everyday jobs.