**4.1. Integrated risk management system - Part of the organization's management system**

Implementing an integrated risk management within the organization will allow the organization's management to focus its resources on those risks that affect the objectives achievement, in order to protect assets, ensure continuity of organization's activities and adopting the effective decisions.

Risk management function must be a defining function within the organization and provide a complete and coherent set of activities and actions that define decision-making of the organization if the risk materializes and to guide staff in risk management.

An effectively integrated risk management system must ensure the recovery of the organization in case of interruption in activity, by maintaining its essential functions, at least of minimal levels from event appearance until its remediation.

The decisive part in the functioning of an integrated risk management system is the plannification in order to ensure business continuity, because it contains measures of recovery for activities under risk event.

266 Risk Management – Current Issues and Challenges

performance across the organization.

a coherent risk strategy.

adopting the effective decisions.

**system** 

integration of measures to respond to risk.

h. *monitoring effects and reviewing formulated strategy.* It involves evaluating the efficiency and effectiveness of risk management process within the organization and conducted according to the results obtained to carry out the appropriate review of the risk strategy, in order to ensure the minimization of adverse events and appropriate

In our opinion, we believe that the implementation and operation of an integrated risk management is neccesary, it can be done through ongoing monitoring of risk and integration risk response measures, based on risk strategies, which ensure the objectives

The firm implementation of decision taken, as the effect of the effective operation of integrated risk management system, gives premises for further activities and obtaining

Knowing threats that affect the achievement of the goals will allow their classification according to the level of materialization, the extent of impact on the objectives and costs involved for the measures necessary in order to minimize risk effects. Establishing a

The conception, implementation and operation of an integrated risk management system must ensure ongoing monitoring of risk and the integration of the risk response measures in

Risk strategy should contain clear objectives on risk policy promoted and applied within the organization, to define exposure levels and response to risk in all circumstances where it is analyzed and evaluated. Also it should be set the terms and conditions for recovery of losses

**4.1. Integrated risk management system - Part of the organization's management** 

Implementing an integrated risk management within the organization will allow the organization's management to focus its resources on those risks that affect the objectives achievement, in order to protect assets, ensure continuity of organization's activities and

Risk management function must be a defining function within the organization and provide a complete and coherent set of activities and actions that define decision-making of the

An effectively integrated risk management system must ensure the recovery of the organization in case of interruption in activity, by maintaining its essential functions, at least

hierarchy of threats will lead to establish an order of priorities in resource allocation.

**4. Integrating risk management into the management sistem** 

whenever the risk is manifested and had or will have financial consequences.

organization if the risk materializes and to guide staff in risk management.

of minimal levels from event appearance until its remediation.

achievement and deliver the expected results, in case of an event causing loss.

The approach, implementation and functioning of an integrated risk management system in the organization is achieved depending on the processes undertaken, the organization situation and leadership style. However, to ensure process efficiency it needs to be taken into account primarily the following:


The role of integrated risk management system is to ensure the implementation of risk management function within the organization's management system. Its functions are activated while the organization's management system signals the existence of threat in achieving its objectives and deliver the expected results because of their activities.

**Figure 1.** The management system of an organization

From the scheme presented above it can be seen that developing and implementing an integrated risk management enables entity's management to focus efforts on the risks affecting the achievement of the objectives.

Integrated Risk Management System – Key Factor of the Management System of the Organization 269


Risk assessment depends on the probability of occurrence and severity of the consequences if the risk materializes, meaning the impact of risk and uses as tools the risk assessment criteria. These criteria should cover the purpose, in which risk was identified, in terms of

By prioritizing are selected medium and large risks on which will conclude responses to the

The risk assessment process includes the assessment of inherent risks existing before the implementation of control measures and residual risks, resulted after implementing control

a. *Assessing probability* is a qualitative element and is carried out by evaluating the potential for risk occurrence, by considering qualitative factors specific to the context in which goals are defined and achieved. This can be expressed on a scale of values on three levels as follows: *low probability, medium probability and high probability*. Illustration:

> LOW Rare modifications in the regulatory framework, over 3 years Less complexity of activities and actions

> > Average complexity of activities and actions

Rare changes of objectives and targets

HIGH Very frequent modifications in the regulatory framework High complexity of activities and actions Inexperienced staff and newly employed Frequent changes of objectives and targets Poorly designed processes and lead Insufficient and outdated information

b. *Assessing impact* is a quantitative element and is carried out by evaluating the effects of risk if it would materialize, by considering quantitative factors specific to the financial nature of the context of achieving objectives. This can be expressed on a scale of values on three levels as follows: *low impact, moderate impact and high impact*. Illustration:

Processes related to practice

Average level of employment and experience of staff

Existing information from many sources, but insufficient

Objectives and targets are not changed Reliable, adequate and updated information Processes well designed, formal and conducted MEDIUM Legal framework is relatively new or experienced significant

are going to be treated to reduce exposure levels;

**PROBABILITY If**

changes

Experienced staff

compliance and performance.

measures and have two phases, namely:

risk.

Also, the integrated risk management system reflects the integration of all activities and actions related to risk and risk management in a single system so that it can act upon them at one level. By it, the parallelism and dysfunction of action and communication are eliminated, occuring within organized systems operating independently of each other.

Implementing an integrated risk management system within the organization leads to the following:


Exercising risk management function, as defining function within an organization, involves making through integrated risk management system a coherent set of processes, activities and operations, by which it is ensured an effective risk management and defined the decision-making process if risk occurs.

However, depending on the types of risks identified, on the response to risk determined according to risk appetite, on the costs involved and the levels at which risks may be maintained after their treatment, integrated risk management system can guide organization to improve work according to the benefits of good risk management.
