The risk management framework typically includes:
- the organization’s rationale for managing risk;
- links to the organization’s objectives and other policies;
- accountabilities and responsibilities;
- risk criteria and guidance for decision makers;
- commitment to make the necessary resources available;
- the way in which conflicting interests are dealt with;
- an escalation process;
- performance measurement and reporting; and
- commitment to review and improve the risk management policy and framework.
Most modern-day risk managers are familiar with developing a risk management framework or procedure documents. These documents capture risk management roles and responsibilities, outline risk management processes as well as other aspects of risk management. Alex will develop a tailor-made risk management framework document that will satisfy the regulators in your industry as well as your company stakeholders.
There is a better way
Over the years, we have discovered a much better way to document risk management frameworks, procedures and methodologies. Instead of writing a separate risk management framework, companies should upgrade its existing policies and procedures to include elements of risk management where appropriate. One investment company that we interviewed documented risk management methodology in the investment management procedure instead of creating any new risk management documents. This essentially changed how the investment process works, made risk management a critical step in investment decision making, gave investment managers a sense of ownership and had a huge positive impact on the risk culture within the organisation.
The same approach can also be used for any other business process. Instead of creating a single, centralised risk management framework or procedure document, risk managers should review and update existing policies and procedures to include elements of risk management. Some procedures may require a minor update, with only a sentence or two added while others may need whole appendices written to include risk management methodologies. This approach also reinforces the need to create separate risk management tools and methodologies for different business processes.