【正文】 blic these reviews establish whether the is ready to proceed to the next stage.Figure 2: Main stages of the process Where risks occurThe process should be most rigorously applied where critical decisions are being made.shows where risk can occur in an organisation. For convenience, these levels are described as: operational. In practice, the levels overlap。 ultimately customers’ confidence in the bank’s online service became a. This highlights the need for relevant information about risks to be shared throughout the organisation.shows examples of typical risks occurring at each organisational level.Table 1: related to organisational levelsLevel Examples of typical risks considered at this level Strategic/corporateCommercial, financial, political, environmental, directional, cultural, acquisition and quality risks. There is a focus on business survival, continuity and growth for the , and exceed set criteria – . not acceptable, outside agreed limits, could affect strategic objectives, information needs to be escalated to this level so that appropriate decisions can be taken./acquisition, funding, organisational, , security, safety, quality and business continuity and exceed set criteria – . not acceptable, outside agreed limits, could affect objectives, information needs to be escalated to this level so that appropriate decisions can be taken.Personal, technical, cost, schedule, resource, operational support, quality and provider issues/risks should be considered at this level as they affect the and how it needs to be run. Information on strategic and related risks should be municated to this level where they could affect objectives. Project managers should municate information on risks to other projects and operations as appropriate.Operations Personal, technical, cost, schedule, resource, operational support, quality, provider failure, environmental and infrastructure the higher levels have input to this level。 interdependencies, or links between and/or related issues, where the impact of one or more risks could affect others, possibly creating a ‘domino’ effect. You should ensure that any known interdependencies are identified and assessed so that appropriate action can be planned how risks are identified how risks are quantified how decisions on are made, such as further risk reduction how actions are evaluated for their effectiveness how are engaged throughout the process. (See for more information about the and supporting processes.) Risk ownershipFor the organisation, ownership of the framework lies with the Accounting Officer (or equivalent senior manager at Board level). Individual senior managers own the or and are responsible for the management of the overall risk of that activity. However, these roles do not own all the individual risks. Risk ownership must be clearly defined, documented and agreed with the individual owners at all levels, so that they understand their various roles, responsibilities and ultimate accountability with regard to the. The owner of a risk may not be the person tasked with the assessment or management of the risk, but he or she is responsible for ensuring the process is applied – there may be separate owners to actually deal with the risks.It is important to identify who owns: the process at the different levels – that is, strategic, , , operational levels implementation of the actual measures taken in response to the risks for example, through chairing the board or by developing strong mechanisms for reporting problems. Checklist: ownership of risk and the process Are the various roles and responsibilities associated with ownership well defined? Have the various roles and responsibilities been municated and understood? Is ownership reassessed on a periodic basis, or in the event of a change in the situation。 Do all risks, and where appropriate their mitigation actions, have clearly identified owners? Are these owners appropriate? Embedding the risk management cultureIdentifying appropriate policies, standards and practices is the first stage of creating a risk management culture. Once these are in place they need to be totally embedded in individuals through the enactment of their roles and associated responsibilities.Awareness of and responsibility for risk issues must be linked explicitly to key objectives, in order to build a sustainable culture. There should be delegated responsibility for risks at every level of objectives in the organisation. This is the major support to embedding risk management into the organisation and its culture, with seen as an intrinsic part of the way an organisation works. As the people in an organisation change, it is essential to ensure a continuing understanding of roles and responsibilities related to managing risk.The risk environment is constantly changing too. Your organisation’s priorities and the relative importance of risks will shift and change. Assumptions about risk have to be regularly revisited and reconsidered, perhaps by annual review of the risks associated with each of the key organisational objectives.Establishing appropriate petencies and behavioursAn important aspect of setting up a risk culture is to ensure it is relevant to the organisation. is a major facet of effective.Those responsible for need to have knowledge and understanding of: legal requirements munication techniques and information management education and continual professional development how the organisation is monitored and evaluated ensure that the situation is properly scoped create valid options for reducing risk to an acceptable level use sound reasoning when making a tradeoff between the costs and of managing a risk deciding on the likelihood of a specific event occurring assigning ownership of risks and actions, containment or contingent, to be deployed in a timely manner