The Institution's internal environment is the foundation of risk management, providing discipline and structure. The internal environment influences how strategy and objectives are established, institutional activities are structured, and risks are identified, assessed and acted upon. It influences the design and functioning of control activities, information and communication systems, and monitoring activities.
The internal environment comprises many elements, including an institution's ethical values, competence and development of personnel, management's operating style and how it assigns authority and responsibility.
The internal environment:
· Establishes a philosophy regarding risk management. It recognizes that unexpected as well as expected events may occur. This includes activities like a risk management policy, setting of risk appetite and risk tolerance levels.
· Establishes the institution's risk culture.
· Considers all other aspects of how the institution's actions may affect its risk culture. This typically includes activities such as risk management reporting lines.