Capacity Building Toward Enterprise Risk Management Implementation Using ISO 31000
Capacity Building Toward Enterprise Risk Management Implementation Using ISO 31000 Capacity building to implement Enterprise Risk Management using ISO 31000 may start with building the right understandings about Enterprise Risk Management and ISO 31000 fundamentals, and at the same time to acquire some relevant competencies, both hard competencies and soft competencies for a group of people who will lead Enterprise Risk Management implementation in the organization.
Read moreStep 7: Develop the Next Phase of Action Plans & Ongoing Communications
Step 7: Develop the Next Phase of Action Plans & Ongoing Communications The implementation of Enterprise Risk Management is an evolutionary process that takes time to develop. In the spirit of continual improvement, once the initial Enterprise Risk Management action plan has been completed, the working group or risk leader should conduct a critical assessment of the accomplishments to date and develop a series of action plans for the next stage of implementation.
Read moreStep 6: Develop Your Initial Risk Reporting
Step 6: Develop Your Initial Risk Reporting The organization next needs to develop its initial approach to risk reporting including its communication processes, target audiences, and reporting formats. Organizations should start by keeping things simple, clear and concise. Make it a point, however, that regardless of what specific reporting format employed, the reporting must reflect clearly the relative importance or significance of each risk.
Read moreStep 5: Inventory the Existing Risk Management Practices
Step 5: Inventory the Existing Risk Management Practices During the risk assessment process, the organization should also be taking an inventory of its current risk management practices to determine areas of strength to build upon and areas of weakness to address. This inventory becomes valuable information for management to assist in enhancing the risk management processes.
Read moreStep 4: Conduct the Initial Enterprise-wide Risk Assessment & Develop an Action Plan
Step 4: Conduct the Initial Enterprise-wide Risk Assessment & Develop an Action Plan In many ways, this step is the heart of the initial Enterprise Risk Management process. The focus here is to gain an understanding of and agreement on the organization’s top risks and how they are managed. The assessment is a top-down look at the risks that could potentially be most significant to the organization and its ability to achieve its business objectives. While any organization faces many risks, the starting point is to get a manageable list of what are collectively seen as the most significant risks. Here, members of the risk committee or working group can be most helpful by sharing their views or identifying people in the organization who should be involved in the risk assessment.
Read moreStep 3: Establish a Management Risk Committee or Working Group
Step 3: Establish a Management Risk Committee or Working Group To provide strong backing for its Enterprise Risk Management effort, an organization should consider creating a senior-level Risk Management Committee or Working Group as the vehicle through which the designated risk leader can implement the Enterprise Risk Management initiative.
Read moreStep 2: Select a Strong Leader to Drive the Enterprise Risk Management Initiative
Step 2: Select a Strong Leader to Drive the Enterprise Risk Management Finding a leader to head the initial Enterprise Risk Management project is also critical for success. BOD should identify a leader with the right attributes to head the Enterprise Risk Management effort. This person does not need to be a “CRO” (Chief Risk Officer).
Read moreStep 1: Seek Board of Directors (BOD) and Senior Management leadership, Involvement and Oversight
Step 1: Seek Board of Directors (BOD) and Senior Management leadership, Involvement and Oversight The BOD and senior management set the tone for the organization’s risk culture. Their involvement, leadership and oversight are essential for the success of any Enterprise Risk Management effort. The BOD and senior management should agree on their initial objectives regarding Enterprise Risk Management, its benefits and their expectations for successful Enterprise Risk Management.
Read moreInitial Actions toward ISO 31000 success
Initial Actions toward ISO 31000 success Building off the theme of “Keys to Success,” above, we need to plan the initial actions, and steps to support the development of a tailored Enterprise Risk Management initiative. The plan reflects some simple, basic steps for implementing Enterprise Risk Management, including the key step of performing an initial risk assessment.
Read moreKey to ISO 31000 Success – Theme 7: Provide Ongoing Enterprise Risk Management Updates and Continuing Education for Directors and Senior Management
Key to ISO 31000 Success – Theme 7: Provide Ongoing Enterprise Risk Management Updates and Continuing Education for Directors and Senior Management Enterprise Risk Management practices, processes and information continue to evolve. Thus, it is important for directors and senior executives to ensure that they are receiving appropriate updates, new releases and continuing education on Enterprise Risk Management, including information about regulatory requirements and best practices.
Read more