Article 23
|
(Risk evaluation)
The purposes of risk evaluation are to provide an enterprise with a basis for decision making, whereby risk events which shall be addressed on a priority basis are determined through a comparison of the results of risk analysis to the risk appetite, and to serve as reference for subsequent formulation of response options.
An operating unit shall devise and enforce risk response proposals by the level of risk based on the results of risk analysis vis-a-vis the risk appetite approved by the risk management committee.
Results of risk analyses and assessments shall be documented accuratelyand reported to the risk management committee for approval.
|