QUESTIONNAIRE

S.N Items S. D N A S.
o D A
1 Compensation policies intended to align the long-term
interests of managers and shareholders.
2 Formally defined remuneration policies of executive
management.
3 Internal risk assessment group or internal audit function
given the responsibility to evaluate the on-going
effectiveness of the organization's risk management.
4 Allocated risk owners who have primary responsibility
and accountability for managing risks within their
respective areas.
5 Centralized department or staff function dedicated to
risk management.
6 Frequent and structured updates of risk-related
information.
7 Communication to all stakeholders, internal and
external, of the importance of risk management.
8 Risk response plans for all of the significant events the
organization has identified.
9 Formal policies and procedures about how risks should
be managed.
10 Centralized technology-enabled process to obtain risk-
related information.
11 Formal report submitted to the board level at least
annually on the current state of risk and effectiveness of
risk management.
12 Consideration of different types of risk and opportunity
events prior to strategic decisions.
13 Consideration of the likelihood and potential impact of
financial risks and opportunities affecting the
achievement of strategic objectives.
14 Monitoring of the organization's internal environment,
processes, and control activities.
15 Consideration of financial risks and opportunities.
16 Channels of communication to report suspected
breaches of code of conduct/ethics, laws, regulations,
and other improprieties.
17 Authorization procedures in place to ensure appropriate
individuals review the use of policies and procedures.
18 System to ensure that policies and procedures that are
in place to manage the achievement of the
organization's objectives/plans are functioning and
effective.
19 “To what degree does the organization consider
significant events (risks and opportunities) prior to
 strategic decisions such as investment in new projects,
products or new merger & acquisition.” This dimension
helps to get an insight to what degree is risk
management embedded into strategic planning.
20 “The potential impact that financial risks and/or
opportunities will have on the organization’s ability to
achieve its objectives.”
21 “The likelihood that financial risks and/or opportunities
will affect the organization’s ability to achieve its
objectives.”
22 “Formally defined standards for hiring and firing of
executive management.”
23 “Formal mission (vision/purpose) statement.”
24 “Formal strategy to pursue the mission.”
25 “Formal business objectives/plan in place to execute the
strategy to pursue the mission” were combined in to
one dimension.
26 “Channels of communication with customers, vendors,
and other external parties.”
27 “Documentation and record to verify the use of policies
and procedures.”
28 “Alternative risk responses for each significant event.”
29 “Risk tolerances: formal guidelines or measures used at
appropriate levels to assess whether the organization
will accept risk.”
30 “Which of the following risks and/or opportunities does
the organization consider? (The extent of liquidity,
Interest rate, Foreign exchange rate, The cost of capital,
Access to capital markets, The use of long-term debt).
31 “Which of the following risks and/or opportunities does
the organization consider? (Customer concentration,
Product expansion, Acquisition aggressiveness,
Manufacturing location concentration).
32 “Which of the following risks and/or opportunities does
the organization consider? (Compliance with
regulations, industry codes, voluntary codes,
recommendation of Corporate-Governance).
33 “Which of the following risks and/or opportunities does
the organization consider? (Data management systems
(software), Computer systems (hardware) and the
privacy of information held on customers).
34 “Which of the following risks and/or opportunities does
the organization consider? (Environment, Ethics,
Health and safety).