Discrete risk management processes within an enterprise (supplement for risk specialists)

What to read first: Discrete risk management processes within an enterprise

Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.

The main messages are in the Everyone articles. There are three drill-downs for risk management specialists. Two are quite dry and technical, Vocabulary for ‘risk management process’ and COSO and ISO 31000 on discrete risk management processes. The third drill-down article assumes an understanding of Enterprise Risk Management, and further explores the relationship between ERM and discrete risk management processes.


Drill-down articles

Vocabulary for ‘risk management process’

Clear Lines on Audit and Risk uses the term ‘discrete risk management process’ to refer to an identifiable application of risk management that has a defined context and scope. A discrete risk management process would typically have its own risk register. It may also have its own risk criteria.

Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.

COSO and ISO 31000 on discrete risk management processes

COSO ERM and ISO 31000 do not recognise discrete risk management processes within an enterprise.

Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.

ERM and discrete risk management processes

ERM may try to recognise all risks everywhere, or just high level risks. Trying to recognise all risks in ERM may be easier with many discrete risk management processes.

Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.

Discrete risk management processes within an enterprise (CRMA)

The CRMA Study Guide does not recognise the possibility of discrete risk management processes within a single enterprise.

For CRMA candidates (IIA): This series assumes you have specialist interest in risk management theory, and that you have a copy of the CRMA Study Guide.

Discrete risk management processes within an enterprise (CRISC)

The CRISC Review Manual does not discuss the possibility of discrete risk management processes within a single enterprise. There is implicit support for a discrete risk management process for ICT, which may be independent of enterprise or business risk management.

For CRISC candidates (ISACA): This series assumes you have specialist interest in risk management theory, and that you have a copy of the CRISC Study Guide.

Parent articles

Discrete risk management processes within an enterprise

Risk management happens across the whole of any enterprise, whether or not it is formalised and explicit. A risk management process has a scope and objectives. There may be multiple discrete risk management processes across the enterprise. Any discrete risk management process needs to have a definite scope. Discrete and independent risk management processes are the work-horses within formal risk management, even if they are not recognised at all in ISO 31000 or COSO ERM.

For Everyone: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first. Stream supplements are available as drill-downs.

Index to the topic Discrete risk management processes within an enterprise

Leave a Reply

Your email address will not be published. Required fields are marked *