How do I make a well-founded report on the effectiveness of my risk management system and internal controls in my annual report?
A well-founded conclusion on the effectiveness of your risk management and internal controls begins with a systematic approach. In practice several risk and control frameworks are already available. The best known is the COSO framework.
Important elements for the implementation of such a framework are:
- Risk awareness
- A common language
- A uniform system for the execution of risk and management analysis
- Uniform reporting
- An explicit assignment of tasks and responsibilities for risk and control
- Clear lines for the accountability for risks and the related management