Step 5: Inventory the Existing Risk Management Practices
During the risk assessment process, the organization should also be taking an inventory of its current risk management practices to determine areas of strength to build upon and areas of weakness to address. This inventory becomes valuable information for management to assist in enhancing the risk management processes.
First, it enables the organization to identify gaps in its current risk management processes relative to its most important and significant risks as they are identified. Often, risk management activities are focused on existing operations and compliance risks, as opposed to significant external, emerging or strategic risks. As new risks are identified in the risk assessment process, the knowledge gained from a comprehensive inventory of existing risk management activities will help the organization assess the connections between existing risk management processes and the most critical enterprise level risks so that management can determine if there are any gaps in how they are managing the most important risks. Further, it assists the organization in mapping risks to underlying objectives.
Second, the inventory forms a baseline for the organization as it continues to develop and enhance its Enterprise Risk Management processes. It helps management demonstrate progress and the benefits of Enterprise Risk Management by serving as a point of comparison as the processes matures.
