RISK MANAGEMENT PRACTICES VIS--VIS THE COSO MODEL

Risk Management Practices In-Line the COSO Model
Risk Management Practices Deviating from the COSO
Model
1. The respondent companies do not have estabCore values
are nocommunicated and clear guidance
2. Individuals know how their actions interrelate and
contribute to achievement to achievement of companys
objectives

3. Reporting objectives of the company enables it to produce
reliable reports which support managements decision making
and monitoring of the entitys activities and performance
4. Lack of Diversification in Business Ventures-vision
mission pud -All personnel at all level personal
understanding of the companys objectives
5. All personnel at all levels
6. Often engages in different business ventures-Chosen
strategic objectives consistent with entitys risk appetite

14. Business model that the company employs is defective-

7. Process of operations affects achievement of goals
8. Uses process flow analysis that considers the combination of
input, output, tasks, and responsibilities and maps these to form
a process
9. Performs process analysis
10. Re-identifies and re-prioritizes business risks identified in order
to keep them up to date with the current business and market
activities
11. Competitors undesirably affects the company
12. Company estimates the likelihood and impact of the identified
risks on the organization and identifies which risks have to be
given utmost attention
assessess risk in a continuous and iterative interplay of
actions-qualitative techniques SWOT
15. Actions of existing competitors negatively impacts-social
factors of cebu Philippines affects the companys
achievement of its goals-risk profile is affected by social
something-analyzes key indicators-self-assessment
methods-SWOT analysis kay old na baya KRA NA UG
KPI- able to identify risk and opportunities-relevant parts
of the company receives info from shared services
16. Identified all business-related risk not just financial risk-
considers deposit source of data of past event to identify
trends-observe that relevant persons attend workshops-
13. Considers future scenarios in evaluating risk response option to
be used
18. Able to communicate within the organization without
communication barriers
19. Companys Information System has current information
20. Information system generates accessible information
21. Uses bulletin board notices and disseminate critical information
throughout the organization
22. Uses departmental/divisional meetings to disseminate critical
information
26. Conducts monitoring of risk management policies implemented
through ongoing activities ,reviewing of reports, constant
communication with internal parties
27. Conducts monitoring of risk management policies implemented
through trainings and seminars
28. Conducts monitoring of risk management policies implemented
through separate evaluations
29. Monitors reported risks in the organization
process analysis to identify risks-analyzes key indicators-
identify deficiencies-re-identifies and re-prioritizes risk
17.
23. Incorporates technological means in capturing storing
generating financial non financial info appropriate
content at the right level of detail-uses emails to
dessiminate-webcasts videotape messages-
organizationwide meeting are included in the
communication process down to frontline
24. Management makes use of internal data sources-uses a
comprehensive code of conduct-departmental or divisional
meetings
25. Often able to communicate outside the organization without
communication barriers-uses webcasts and videotape
messages, employee orientation and training sessions are
included in communication process
30. Monitor reported risk constant communication with
external parties-conducts monitoring through the regular
provision of recommendations from internal external
auditors through planning sessions-personal discussion
31. Often monitor reported risks-communicated in a timely
manner to parties responsible for taking corrective action
32. Trainings-seminar