Enterprise Risk Management
Best Practice in Risk Management is best demonstrated by an ERM Framework compliant with the International Risk Management Standard ISO/AS/NZS 31000. A formalised ERM Framework creates risk awareness, assigns responsibilities and promotes actions at all relevant levels within any organisation.
For risk management to be effective, ISO 31000 highlights three critical components: Principles; Framework and Process:
RMA conduct Risk Management Reviews which focus on ISO31000 requirements. The process involves working with organisations to develop or review their Risk Management Framework and Organisational Risk Profile either from the ground up as well as updating and refreshing existing risk information and assessment parameters.
Principles
Framework
Process
There are a total of eleven key principles that need to be followed (refer to items a-k in the diagram below). These principles are generally self-explanatory and their intention is to ensure risk management is engrained in the organisation and provides genuine value to the organisation and its stakeholders.
ISO 31000 recommends organisations develop a risk management framework to integrate and drive risk management throughout the governance, management and operational regime. Effective communication and consultation builds positive risk cultures & together with regular review & accurate monitoring ensure processes function effectively to mitigate risks to an “acceptable” tolerance.
The process of risk management involves identification, analysis and evaluation of risk combined with tailored Risk Action Plans outlining treatment options which underpin the business strategy, manage the achievement of organisational objectives and ensure the operational environment continues to achieved established goals and protocols.