RİSK MANAGEMENT PROCESES

The main processes of risk management relate to:
Risk analysis:
Risks (both current and emergent) must be identified and assessed for relevance to the organization, its context, and its objectives, and evaluated, leading to a determination of the key risks—the ones requiring most urgent attention by management.
Risk response:
There are a number of ways to respond to identified risks, depending on the risk appetite, available resources, and perceived priorities.
Risk Monitoring:
The potential for change requires routine monitoring with regard to:

• The system of internal controls and other responses to determine whether they remain relevant, and whether the required measures are in place and are having the intended effect with respect to the risks or opportunities (sometimes referred to as the control objectives).
• Changes to the internal and external environments that may alter the risk profile, making some less severe while raising the severity of others; or introducing new and previously unanticipated risks, each requiring a new response.
• Adjustments to the strategy of the organization, causing objectives and risks to change.

Risk Reporting: 
Management and the board (directly or via the audit committee or other similar body such as a risk committee or combined audit and risk committee) will require updates and assurance on the risk profile of the organization and its state of preparedness with respect to internal controls. Risk management does other things:It establishes and maintains a risk management framework that is aligned to organizational objectives as well as coordinated, integrated, and enterprise-wide (where “risk management framework” refers to the sum total of all elements of risk management). The framework helps less risk mature organizations to move toward this desired status.It helps management determine:

• Risk appetite.
• Responses to particular risks.
• The overall risk culture of the organization, enabling it to be progressively more risk mature.
• It enables organizations to prepare for risks and opportunities before they arise to maximize operational effectiveness and strategic gain.
• It allows organizations to deploy their resources according to need and potential for advantage.

While risk management can report on the risk profile, internal audit’s analysis of risks and internal control effectiveness provides independent and objective assurance by virtue of its unique role and position. The effectiveness of the risk management framework and processes is often reflected in terms of the organization’s overall risk maturity.