Discrete risk management processes within an enterprise: Index page

Discrete risk management processes within an enterprise

Discrete risk management processes within an enterprise (Everyone)

Risk management happens across the whole of any enterprise, whether or not it is formalised and explicit. Any discrete risk management process needs to have a definite scope. There may be multiple discrete risk management processes across the enterprise. Discrete and independent risk management processes are the work-horses within formal risk management, even if they are not recognised at all in ISO 31000 or COSO ERM.

Shapes for discrete risk management processes (Everyone)

A discrete risk management process is generally tied to an area of activity or to a theme.

Examples of discrete risk management processes (Everyone)

The whole enterprise (Enterprise Risk Management) A work unit within the organisation A defined business process or system A project, programme, or portfolio A specific proposed change or initiative Security risk Fraud risk Health and safety Business continuity ‘Legal’ risk

Risk ‘to’ an area of activity and risk ‘from’ the activity (Everyone)

There is risk ‘to’ any given activity within an enterprise, and there is risk to the enterprise ‘from’ that same activity. The same applies to theme-based risk.

Discrete risk management processes within an enterprise (Risk Specialists)

Vocabulary for ‘risk management process’ (Risk Specialists)

This blog uses the term ‘discrete risk management process’ to refer to an identifiable application of risk management that has a defined context and scope. A discrete risk management process would typically have its own risk register. It may also have its own risk criteria.

COSO and ISO 31000 on discrete risk management processes (Risk Specialists)

COSO ERM and ISO 31000 do not recognise discrete risk management processes within an enterprise.

ERM and discrete risk management processes (Risk Specialists)

ERM may try to recognise all risks everywhere, or just high level risks. Trying to recognise all risks in ERM may be easier with many discrete risk management processes.

Discrete risk management processes within an enterprise (Executives)

Find out about the separate risk management activities in your organisation.

Risk management processes within an enterprise (Australian Government)

The Commonwealth Risk Management Policy is silent on the subject of discrete risk management processes within an agency. Risk management is mandated for certain themes and activities. The expectation of the Commonwealth Risk Management Policy is substantially equivalent to enterprise risk management.

Risk management processes within an enterprise (CRMA)

The CRMA Study Guide does not recognise the possibility of discrete risk management processes within a single enterprise.

Risk management processes within an enterprise (CRISC)

The CRISC Review Manual does not discuss the possibility of discrete risk management processes within a single enterprise. There is implicit support for a discrete risk management process for ICT, which may be independent of enterprise or business risk management.

Leave a Reply

Your email address will not be published. Required fields are marked *