What to read first: Discrete risk management processes within an enterprise
|For executives and managers: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first.|
Find out about the separate risk management activities in your organisation.
If your risk leader is talking about enterprise risk management, or is simply assuming that ERM is necessary, try to clarify whether there is an intention to have the total risk management effort distributed through the management hierarchy, or whether the risk management program is to be centralised. If there is an intention to distribute the effort, get a clear statement on whether there will be discrete risk assessments for work units, projects, etc.
It is also healthy to challenge your risk leader to list the existing discrete risk management activities in the enterprise. You might then compare the list with the activities you know about from direct involvement.
Risk management happens across the whole of any enterprise, whether or not it is formalised and explicit. A risk management process has a scope and objectives. There may be multiple discrete risk management processes across the enterprise. Any discrete risk management process needs to have a definite scope. Discrete and independent risk management processes are the work-horses within formal risk management, even if they are not recognised at all in ISO 31000 or COSO ERM.
|For Everyone: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first. Stream supplements are available as drill-downs.|