Who is responsible for establishing a system for risk assessment in a credit union?

Management is responsible for establishing a system for risk assessment in a credit union because it is their duty to ensure that the organization identifies, assesses, and mitigates risks associated with its operations. This involves implementing processes and controls that help in evaluating potential threats to the credit union’s objectives. Management's role is to create a structured approach to risk management that aligns with the strategic goals of the credit union and complies with regulatory requirements.

The internal audit committee, although vital in assessing the effectiveness of risk management processes, primarily focuses on evaluating and reviewing the system that management has put in place rather than establishing the system itself. The Board of Directors provides oversight and guidance but delegates the operational aspects of risk management to management. External auditors conduct independent assessments of financial statements and compliance but do not establish risk assessment systems within the organization. Therefore, management holds the primary responsibility for building and maintaining the risk assessment framework in a credit union.