Scope a review of your Risk Management Framework
I will scope a desktop review of your risk management framework against the International Risk Management Standard - ISO 31000.
The key areas of performance which will be focused on include:
1. Leadership and commitment, including:
• aligning risk management with the strategy, objectives and culture of the organisation;
• issuing a statement or policy that establishes a RM approach, plan or course of action
• making necessary resources available for managing risk; and
• establishing the amount and type of risk that may or may not be taken (risk appetite).
2. Integration, including:
• determining management accountability and oversight roles and responsibilities; and
• ensuring risk management is part of, and not separate from, all aspects of the organisation.
3. Design, including:
• understanding the organisation and its internal and external context;
• articulating risk management commitment and allocating resources; and
• establishing communication and consultation arrangements.
4. Implementation, including:
• developing an appropriate implementation plan including deadlines;
• identifying where, when and how different types of decisions are made, and by whom; and
• modifying the applicable decision-making processes where necessary
5. Evaluation, including:
• measuring framework performance against its purpose, implementation and behaviours; and
• determining whether it remains suitable to support achievement of objectives.
6. Improvement, including:
• continually monitoring and adapting the framework to address external and internal changes;
• taking actions to improve the value of risk management; and
• improving the suitability, adequacy and effectiveness of the RM framework
This review will highlight obvious opportunity areas where you will get the best return on investment.