Follow up should be restricted to the recommendations and action plan
A.
True. Only follow-up on planned actions and controls.
B.
False. Follow-Up should target the underlying risk. If the planned actions and controls are working, then the follow-up should identify and recommend changes.
Follow-up should not be restricted to the recommendations and action plan alone. It should also target the underlying risk to ensure that the actions and controls implemented are effectively mitigating the identified risks. If the follow-up reveals that the planned actions and controls are not working as intended, it is essential to identify and recommend necessary changes to address the underlying risk adequately. This approach ensures that the root causes of issues are addressed and that the organization is protected against potential risks.References:
ISO 31000:2018 - Risk management – Guidelines
COSO Enterprise Risk Management – Integrating with Strategy and Performance
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit