Prepare risk management and insurance budgets and allocate claim costs and premiums to departments and divisions. Provide for the establishment and maintenance of records including insurance policies, claim and loss experience.
In cooperation with General Counsel, maintain control over the claims process to assure that claims are being settled fairly, consistently, and in the best interest of the entity. Role of other managers The Risk Manager cannot be successful without the assistance of other groups within the organization. Now therein lies the rub, if that event does occur, is it because of the incompetence or negligence of the risk owner? Probably not.
What we need to understand is that a risk has a chance of happening. We have taken all the steps to control it but that chance, although it be lower, is still there.
And then we do our post event analysis which was the subject of another blog which you might want to go on and have a look at. Remember, everything that happens is a system failure.
There is no such thing as a one cause failure, it is a systemic issue and so how can the risk owner be held accountable for what occurs. So responsibility yes, accountability for the management of the risk, yes. An asset owner is the person responsible for the day-to-day management of assets.
This includes not only electronic and hard-copy information but also hardware, software, services, people and facilities. An asset owner is generally lower in the organisational hierarchy than the risk owner because any issues they discover should be directed upwards and addressed by a more senior person.
To continue our earlier example, if the owner for risks associated with IT infrastructure is the head of the IT department, then the asset owner for the servers on which the at-risk information is held would be an IT administrator.
Organisations must determine separate risk owners and asset owners when implementing ISO Annex 8. It states that asset owners can be different to legal owners and individuals or whole departments. However, we recommend selecting a specific person, otherwise the responsibility could fall between various people, with tasks left incomplete.
Meanwhile, risk ownership should be selected when you create your risk treatment plan.
0コメント