About the Process
Risk management is the process of implementing and maintaining appropriate management controls including policies, procedures and practices to reduce the effects of risk to an acceptable level. The principles of risk management can be directed both to limiting adverse outcomes and achieving desirable ones.
The process involves identifying, analysing, assessing, treating and monitoring risk in all areas of business operations. The formal process of risk management can be applied to decision-making in all areas and levels of business operations, including information management, security management, strategic, development and operational activities and (particularly) projects. Risk assessment can be applied throughout the life cycle of any activity, however a well constructed risk management program emphasises that everyone should be aware of risks and apply the basic principles to all decisions.
The process involves identifying, analysing, assessing, treating and monitoring risk in all areas of business operations. The formal process of risk management can be applied to decision-making in all areas and levels of business operations, including information management, security management, strategic, development and operational activities and (particularly) projects. Risk assessment can be applied throughout the life cycle of any activity, however a well constructed risk management program emphasises that everyone should be aware of risks and apply the basic principles to all decisions.
Risk Appetite
Risk appetite is the most misunderstood concept in risk management (how much risk is an organisation willing to accept).
Does the organisation have an appetite for risk?
How does this tie back to performance management?
Risk appetite and tolerance are often misunderstood and are therefore often not applied in practice. Most governance frameworks such as the King III, COSO, Cadbury etc. recommend that risk and audit committees be established. The Companies Act makes the audit committee a statutory requirement.
Does the organisation have an appetite for risk?
How does this tie back to performance management?
Risk appetite and tolerance are often misunderstood and are therefore often not applied in practice. Most governance frameworks such as the King III, COSO, Cadbury etc. recommend that risk and audit committees be established. The Companies Act makes the audit committee a statutory requirement.
KRI
A KRI is a measure used by management to indicate an activity's level of risk. It differs from a Key Performance Indicator (KPI) in that the monitored risk is specifically known and tracked; while the KPI is a more general measure of business performance.
Management commitment is an important factor in the establishment of a risk aware organisation. If implemented and managed correctly, the risk management process will not only identify and keep undesirable events from affecting business performance, but, may also identify opportunities that may lead to gain or advantage.
Management should ensure that an overarching framework is considered for the business such as the ISO31000 Standard which can be used to build a robust approach to managing risk.
Management commitment is an important factor in the establishment of a risk aware organisation. If implemented and managed correctly, the risk management process will not only identify and keep undesirable events from affecting business performance, but, may also identify opportunities that may lead to gain or advantage.
Management should ensure that an overarching framework is considered for the business such as the ISO31000 Standard which can be used to build a robust approach to managing risk.
