I have just updated a risk management implementation roadmap/action plan. A risk management roadmap is a concise document which describes the key actions required to implement risk management within a non-financial organization. The actions are divided into 4 categories: risk management 1 (the necessary evil, because many stakeholders still don’t get risk management, try and spend… Continue reading FREE risk management implementation roadmap
Risk management should be inclusive. Appropriate and timely consultation and involvement of stakeholders enables their knowledge, views and perceptions to be taken into account which results in improved awareness and informed risk management and decision making. Recording and reporting provide a means of communication that facilitates the integration of risk management across organizational boundaries and… Continue reading RISK MATURITY: How to establish communication and consultation? (part 2)
Risk management should be inclusive. Appropriate and timely consultation and involvement of stakeholders enables their knowledge, views and perceptions to be taken into account which results in improved awareness and informed risk management and decision making. Recording and reporting provide a means of communication that facilitates the integration of risk management across organizational boundaries and… Continue reading RISK MATURITY: How to establish communication and consultation? (part 1)
While the management needs to ensure that the necessary resources are allocated to the integration of risk management into decision making and core processes, considerations of the internal and external context should apply, and in particular: People responsible for managing risk should: Have sufficient industry, business, and technical knowledge and experience Have strong facilitation, risk… Continue reading RISK MATURITY: Are necessary resources allocated to managing risk?
The ultimate goal of risk management 2 is to integrate risk analysis into decision-making processes and the overall management of the organization. Mature organizations ensure that appropriate risk assessment and decision-making techniques/tools are used, for example: The effect of uncertainty on cash flows, budgets, business plans and production forecasts may be analyzed by running Monte-Carlo… Continue reading RISK MATURITY: Choosing the most appropriate risk assessment technique
Most mature organizations have already documented their appetites for different risks to objectives. Segregation of duties, financing and deal limits, procurement criteria, investment criteria, zero tolerance to fraud or safety risks – are all examples of how organizations set risk appetites. Sometimes risk appetite is driven by legal or regulatory requirements, industry practices, sometimes by… Continue reading RISK MATURITY: How to document risk appetite
A critical component of risk management integration is including responsibility and accountability (authority, resources and competence) for managing risks into all business activities. Top management should ensure that the responsibilities and authorities for relevant roles with respect to risk management are assigned and communicated at all levels of the organization. It is quite common to… Continue reading RISK MATURITY: How to integrate risk management into roles and responsibilities
Most modern-day risk managers are familiar with developing a risk management framework or procedure documents. These documents capture risk management roles and responsibilities, outline risk management processes as well as other aspects of risk management. Risk management framework documents became so common, that nowadays they don’t require much effort to develop and there are plenty… Continue reading RISK MATURITY: How to build a risk management framework
In our first two webinars, our panel discussed the pros and cons of the updated COSO and ISO guidance on effective risk management. They left us with the idea that while both updates are improvements on their prior versions, neither is fully satisfying. In this, the third webinar in the Great Debate series, our panel… Continue reading The Great Debate Part III: Can ERM Realize its Potential in the Real World?
Can one of the documents be more useful than the other? And if yes, useful for whom, risk practitioners, regulators, auditors or consultants? Or have both documents failed to account for the actual growth in the risk management maturity and will be looked at with disappointment by risk professionals? Should you, as a risk practitioner,… Continue reading COSO ERM 2017 vs ISO31000:2018