Category: ISO 31000 Initial Actions

Step 7: Develop the Next Phase of Action Plans & Ongoing Communications The implementation of Enterprise Risk Management is an evolutionary process that takes time to develop. In the spirit of continual improvement, once the initial Enterprise Risk Management action...

Step 6: Develop Your Initial Risk Reporting The organization next needs to develop its initial approach to risk reporting including its communication processes, target audiences, and reporting formats. Organizations should start by keeping things simple, clear and concise. Make it...

Step 5: Inventory the Existing Risk Management Practices During the risk assessment process, the organization should also be taking an inventory of its current risk management practices to determine areas of strength to build upon and areas of weakness to...

Step 4: Conduct the Initial Enterprise-wide Risk Assessment & Develop an Action Plan In many ways, this step is the heart of the initial Enterprise Risk Management process. The focus here is to gain an understanding of and agreement on...

Step 3: Establish a Management Risk Committee or Working Group To provide strong backing for its Enterprise Risk Management effort, an organization should consider creating a senior-level Risk Management Committee or Working Group as the vehicle through which the designated...

Step 2: Select a Strong Leader to Drive the Enterprise Risk Management Finding a leader to head the initial Enterprise Risk Management project is also critical for success. BOD should identify a leader with the right attributes to head the...

Step 1: Seek Board of Directors (BOD) and Senior Management leadership, Involvement and Oversight The BOD and senior management set the tone for the organization’s risk culture. Their involvement, leadership and oversight are essential for the success of any Enterprise...