Find out about the separate risk management activities in your organisation.
If your risk leader is talking about enterprise risk management, or is simply assuming that ERM is necessary, try to clarify whether there is an intention to have the total risk management effort distributed through the management hierarchy, or whether the risk management program is to be centralised. If there is an intention to distribute the effort, get a clear statement on whether there will be discrete risk assessments for work units, projects, etc.
It is also healthy to challenge your risk leader to list the existing discrete risk management activities in the enterprise. You might then compare the list with the activities you know about from direct involvement.
Main articles on the topic: 1. Discrete risk management processes within an enterprise (Everyone) 2. Shapes for discrete risk management processes (Everyone) 3. Examples of discrete risk management processes (Everyone) 4. Risk ‘to’ an area of activity and risk ‘from’ the activity (Everyone)
Some other main topics
Coming soon: Scoping a risk management activity; ERM and RM; RM across an organisation, without a central register; Context setting, Objectives, expected and acceptable outcomes, priorities and tradeoffs.
All pages on ‘Discrete risk management processes within an enterprise’