Clear Lines on Audit and Risk uses the term ‘discrete risk management process’ to refer to an identifiable application of risk management that has a defined context and scope. A discrete risk management process would typically have its own risk register. It may also have its own risk criteria.
- This usage of ‘risk management process’ appears in ISO 31000, for instance at 5.3.1. It is not exactly the same as the definition of ‘risk management process’ given in ISO Guide 73:2009 3.1, which suggests (though not clearly) that a ‘process’ is something generalizable across varying risk management exercises. Within an organisation, a ‘process’ may be prescribed by a set of rules, for repeated application to different risk assessments. That would be the other meaning of ‘process’.
- A ‘discrete risk management process’ is very close to, but not identical with, the concept of a ‘risk management activity’ in HB 436. HB 436 (at 220.127.116.11) is talking about a breakdown within ‘a’ risk management activity, whereas Clear Lines is talking about discrete and independent areas of risk management within an organisation (on any scale).
- If we are talking about an ‘application of risk management’ we are necessarily assuming some level of formality in the process and some use of theory specific to ‘risk management’. The real-world choices for responding to the effects of uncertainty are not necessarily made through the ‘application of risk management’ in this narrower sense.
Main articles on the topic: 1. Discrete risk management processes within an enterprise (Everyone) 2. Shapes for discrete risk management processes (Everyone) 3. Examples of discrete risk management processes (Everyone) 4. Risk ‘to’ an area of activity and risk ‘from’ the activity (Everyone)
Recommended next articles:
|COSO and ISO 31000 on discrete risk management processes (Risk Specialists)|
Some other main topics
Coming soon: Scoping a risk management activity; ERM and RM; RM across an organisation, without a central register; Context setting, Objectives, expected and acceptable outcomes, priorities and tradeoffs.
All pages on ‘Discrete risk management processes within an enterprise’