Effectiveness of Internal Control and Risk Management Risk management framework

Risk management framework.

Review of risk management regulations adopted at the central government level. The criteria below are based on COSO 2017 ERM Framework, ISO 31000:2018, ISO 37301:2021, ISO 37001:2016, and ACFE 2016 Fraud Risk Management Framework.

Subindicators fulfilled per country

A risk management framework exists.

Public integrity risks are explicitly addressed in the risk management framework.

The risk management framework explicitly delegates responsibility for conducting risk assessments to management, not internal auditors.

Entity-wide risk registers or fraud risk profiles must be prepared in each public body.

Processes and procedures are established for addressing the risks and actions that management must take, including reporting procedures or addressing weaknesses in the internal control system.