Risk management is an increasingly important business driver and stakeholders have become much more concerned about risk. Risk may be a driver of strategic decisions, it may be a cause of uncertainty in the organization or it may simply be embedded in the activities of the organization. An enterprise-wide approach to risk management enables an organization to consider the potential impact of all types of risks on all processes, activities, stakeholders, products, and services. Implementing a comprehensive approach will result in an organization benefiting from what is often referred to as the ‘upside of risk’.
The global financial crisis in 2008 demonstrated the importance of adequate risk management. Since that time, new risk management standards have been published, including the international standard, ISO 31000 ‘Risk management – Principles and guidelines’. This guide draws together these developments to provide a structured approach to implementing enterprise risk management (ERM).
For all types of organizations, there is a need to understand the risks being taken when seeking to achieve objectives and attain the desired level of reward. Organizations need to understand the overall level of risk embedded within their processes and activities. It is important for organizations to recognize and prioritize significant risks and identify the weakest critical controls.
When setting out to improve risk management performance, the expected benefits of the risk management initiative should be established in advance. The outputs from successful risk management include compliance, assurance and enhanced decision-making. These outputs will provide benefits by way of improvements in the efficiency of operations, effectiveness of tactics (change projects) and the efficacy of the strategy of the organization.
Download also:
Download also:
Purpose of this guide:
A successful enterprise risk management (ERM) initiative can affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed strategic decisions, successful delivery of change and increased operational efficiency. Other benefits include reduced cost of capital, more accurate financial reporting, competitive advantage, improved perception of the organization, better marketplace presence and, in the case of public service organizations, enhanced political and community support.
This guide provides a brief commentary on ISO 31000 as well as setting out advice on the implementation of an ERM initiative. The purpose of the guide is to:
- describe the principles and processes of risk management
- provide a brief overview of the requirements of ISO 31000
- give practical guidance on designing a suitable framework
- give practical advice on implementing enterprise risk management
0 Comment: