74

SET determines the risk management framework according to Committee of Sponsoring Organizations of the

Treadway Commission (COSO) and ISO31000: 2009 Risk Management-Principles and Guidelines. SET designs

risk management procedure to keep the risk at acceptable level by identifying incidents that may happen

and affect the organization and stakeholders. Risk management protocol consists of the following steps:

4

Risk management process

Risk management protocol of COSO

1

2

3

4

5

6

7

8

Internal

organizational

environment

Information and

communication

Monitoring and

evaluation

Identify

objectives

Risk

analysis

Identify

incidents

Risk-responding

method

Define working

process

risk management context and policy such as risk

management philosophy, acceptable risk level,

ethics and work environment, etc.

Use information and communication to manage

risks enterprise-wide and effectively.

Follow up and evaluate risk management

on a continuous basis.

Define the vision, mission, strategy and

organization’s goals.

Analyze risk by taking into account its possibility

and impact.

Identify both inside and outside incidents

which may affect the organization’s objectives.

Choose risk-responding method such as managing,

transferring, accepting or stopping risks by the level

of risk appetite and risk tolerance.

Determine the policy and working process to ensure

the operational protocol effectively responds to risks.