Practical ideas: Update existing policies and procedures to include elements of risk management

Most modern-day risk managers are familiar with developing a risk management framework or procedure documents. These documents capture risk management roles and responsibilities, outline risk management processes as well as other aspects of risk managementRisk management framework documents became so common, that nowadays they don’t require much effort to develop and there are plenty of free templates available online. The only problem is that nobody in the organisation, except the risk manager and the internal auditor, reads them. Clearly, something is not right.

Over the years, we have discovered a much better way to document risk management frameworks, procedures and methodologies. Instead of writing a separate risk management framework, companies should upgrade its existing policies and procedures to include elements of risk management where appropriate. One investment company that we interviewed documented risk management methodology in the investment management procedure instead of creating any new risk management documents. This essentially changed how the investment process works, made risk management a critical step in investment decision making, gave investment managers a sense of ownership and had a huge positive impact on the risk culture within the organisation.

The same approach can also be used for any other business process. Instead of creating a single, centralised risk management framework or procedure document, risk managers should review and update existing policies and procedures to include elements of risk management. Some procedures may require a minor update, with only a sentence or two added while others may need whole appendices written to include risk management methodologies. This approach also reinforces the need to create separate risk management tools and methodologies for different business processes.

Alex has created a short bootcamp designed to help companies implement quantitative risk management. Imagine saving the company so much money that investing in risk management competencies and resources becomes a no brainer for the executives. That's exactly what Alex Sidorenko did at a global $10B chemical company and he has been kind enough to share his top tips and lessons learned with you each week. Sign up now!



Identify existing policies and procedures associated with high uncertainty

Review policies and procedures to determine if risk management is already adequately integrated

Develop a timeline for updating existing policies and procedures to include elements of risk management



Alex Sidorenko from RISK-ACADEMY shares some of his practical suggestions to build risk management culture.
What should a typical risk management framework include? Should an organisation develop a single integrated risk management framework document or is there a better way to integrate risk management into business processes and corporate culture?


RISK-ACADEMY offers online courses

+ Buy now

Informed Risk Taking

Learn 15 practical steps on integrating risk management into decision making, business processes, organizational culture and other activities!

+ Buy now

ISO31000 Integrating Risk Management

Alex Sidorenko, known for his risk management blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization.

+ Buy now

Управление рисками

В этом коротком и очень увлекательном курсе, Алексей Сидоренко расскажет о причинах внедрения риск менеджмента, об особенностях принятия управленческих решений в ситуации неопределенности и изменениях в новом стандарте ИСО 31000:2018.


2 thoughts on “Practical ideas: Update existing policies and procedures to include elements of risk management

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.