Practical ideas: Develop a high-level Risk Management Policy

It is generally considered a good idea to document an organisation’s attitude and commitment to risk management in a high-level document, such as a Risk Management Policy. The policy may describe the general attitude of the company towards risks, risk management principles, roles and responsibilities, risk management infrastructure as well as resources and processes dedicated to risk management. Section 4.3.2 of the ISO31000:2009 also provides guidance on risk management policy.

An article published by Michael Rasmussen back in October 2010 ‘Enterprise Risk Management Policy Structure’ provides an outline of what should be included in a risk management policy and notes that the organisation’s policy should not be “boilerplate.” The policy should reflect the actual activities undertaken by the company and its attitude and approach to managing its material business risks.

USE THE CHECKLIST PROVIDED BELOW TO TURN THIS SECTION INTO ACTIONS

Review ISO31000:2009 section 4.3.2

Download a free sample Risk Management Policy from http://www.risk-academy.ru/en/download/risk management-policy-detailed/

Adjust the sample Risk Management Policy to reflect organisational maturity and specific details

Validate the policy with the stakeholders

Approve it then publish it on the company website and make it accessible to employees and contractors

USEFUL VIDEOS

What should a typical risk management framework include? Should an organisation develop a single integrated risk management framework document or is there a better way to integrate risk management into business processes and corporate culture?https://www.youtube.com/watch?v=KMuhcmeJRgE

Alex Sidorenko from RISK-ACADEMY talks about documenting and publishing a risk management policy. https://www.youtube.com/watch?v=iFc0CXdTYfs

USEFUL LINKS AND TEMPLATES

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.