Professional Documents
Culture Documents
Risk Culture Assessment Questionnaire
Risk Culture Assessment Questionnaire
Risk Culture Assessment Questionnaire
9 Does management's evaluation reflect the input of the unique perspectives offered by different executives and stakeholders?
10 Is there a process in place for identifying emerging risks?
For example, is scenario analysis applied to understand the potential impact of risks emerging from changes in the external
10.a
environment?
11 Is there is a process for identifying emerging risks?
11.a Does it consider the perspectives offered by different executives and stakeholders?
11.b Does it result in consideration of response plans on a timely basis?
Does executive management openly support each line of defense (e.g., LOB leaders and process owners, independent risk and
12
compliance management functions, internal audit, and defined, effectively functioning escalation processes)?
12.a Does executive management have direct, quality contact with all lines of defense?
12.b Is there effective collaboration across the lines of defense regarding important risk issues?
12.c Are unexpected issues escalated to executive management handled effectively?
13 Can LOB management identify and understand their risks and risk appetite?
13.a Do they identify and report issues to executive management in a timely manner?
13.b Do they own the risks their activities create and are they accountable for results?
Are there important subcultures that exist and must be considered separately to ascertain whether they contribute to effective risk
14
management or present exposure to excessive risk-taking?
15 What is the risk management organizational structure, and how is it viewed among the LOBs and throughout the firm?
15.a Is there an element of "effective challenge" and a degree of comfort with creative, healthy tension?
Alternatively, is there an emphasis on harmony, "getting along" and conformity that can result in decision making that discourages or
15.b
ignores alternative views and salient contrary information and, as a result, reaches risk/reward decision that may miss the mark badly?
16 What infrastructure is in place to support risk identification, measurement, analysis reporting, monitoring and management?
17 What types of risk culture training, awareness programs or other support are available within the organization?
Do these programs and initiatives emphasize elements of continuous learning and improvement (e.g., process improvement,
17.a
measurement and quantification, monitoring against expectations, and innovations to improve productivity, among other things)?
Page 1
Risk Oversight and Risk Management Questionnaire
Page 2
Risk Oversight and Risk Management Questionnaire
Page 3