Discrete risk management processes within an enterprise – index page

For everyone

Supplements for risk specialists

Supplement for executives and managers

Supplement for the Australian Government

Supplement for CRMA candidates

Supplement for the CRISC candidates


For everyone

Discrete risk management processes within an enterprise

Risk management happens across the whole of any enterprise, whether or not it is formalised and explicit. A risk management process has a scope and objectives. There may be multiple discrete risk management processes across the enterprise. Any discrete risk management process needs to have a definite scope. Discrete and independent risk management processes are the work-horses within formal risk management, even if they are not recognised at all in ISO 31000 or COSO ERM.

What to read first:

For Everyone: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first. Stream supplements are available as drill-downs.

Shapes for discrete risk management processes

A discrete risk management process is generally tied to an area of activity or to a theme.

What to read first: Discrete risk management processes within an enterprise

For Everyone: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first. Stream supplements are available as drill-downs.

Examples of discrete risk management processes

The whole enterprise (Enterprise Risk Management) A work unit within the organisation A defined business process or system A project, programme, or portfolio A specific proposed change or initiative Security risk Fraud risk Health and safety Business continuity ‘Legal’ risk

What to read first: Shapes for discrete risk management processes Discrete risk management processes within an enterprise

For Everyone: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first. Stream supplements are available as drill-downs.

Risk ‘to’ an area of activity and risk ‘from’ the activity

There is risk ‘to’ any given activity within an enterprise, and there is risk to the enterprise ‘from’ that same activity. The same applies to theme-based risk.

What to read first: Examples of discrete risk management processes Discrete risk management processes within an enterprise

For Everyone: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first. Stream supplements are available as drill-downs.
Supplements for risk specialists

Discrete risk management processes within an enterprise (supplement for risk specialists)

What to read first: Discrete risk management processes within an enterprise

Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.

Vocabulary for ‘risk management process’

Clear Lines on Audit and Risk uses the term ‘discrete risk management process’ to refer to an identifiable application of risk management that has a defined context and scope. A discrete risk management process would typically have its own risk register. It may also have its own risk criteria.

What to read first: Discrete risk management processes within an enterprise (supplement for risk specialists)

Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.

COSO and ISO 31000 on discrete risk management processes

COSO ERM and ISO 31000 do not recognise discrete risk management processes within an enterprise.

What to read first: Vocabulary for ‘risk management process’ Discrete risk management processes within an enterprise (supplement for risk specialists)

Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.

ERM and discrete risk management processes

ERM may try to recognise all risks everywhere, or just high level risks. Trying to recognise all risks in ERM may be easier with many discrete risk management processes.

What to read first: COSO and ISO 31000 on discrete risk management processes Discrete risk management processes within an enterprise (supplement for risk specialists)

Seen it all: This series assumes you know risk terms and concepts. It includes references to standards.
Supplement for executives and managers

Discrete risk management processes within an enterprise (supplement for executives)

Find out about the separate risk management activities in your organisation.

What to read first: Discrete risk management processes within an enterprise

For executives and managers: This series assumes you have no prior knowledge. It does not use technical terms without explaining them first.
Supplement for the Australian Government

Discrete risk management processes within an enterprise (supplement for the Australian Government)

The Commonwealth Risk Management Policy is silent on the subject of discrete risk management processes within an agency. Risk management is mandated for certain themes and activities. The expectation of the Commonwealth Risk Management Policy is substantially equivalent to enterprise risk management.

What to read first: Discrete risk management processes within an enterprise

For the Australian Government: This series assumes you work within the Australian Government, but have no prior knowledge of the subject. It does not use technical terms without explaining them first.
Supplement for CRMA candidates

Discrete risk management processes within an enterprise (CRMA)

The CRMA Study Guide does not recognise the possibility of discrete risk management processes within a single enterprise.

What to read first: ERM and discrete risk management processes COSO and ISO 31000 on discrete risk management processes Vocabulary for ‘risk management process’ Discrete risk management processes within an enterprise (supplement for risk specialists)

For CRMA candidates (IIA): This series assumes you have specialist interest in risk management theory, and that you have a copy of the CRMA Study Guide.
Supplement for CRISC candidates

Discrete risk management processes within an enterprise (CRISC)

The CRISC Review Manual does not discuss the possibility of discrete risk management processes within a single enterprise. There is implicit support for a discrete risk management process for ICT, which may be independent of enterprise or business risk management.

What to read first: ERM and discrete risk management processes COSO and ISO 31000 on discrete risk management processes Vocabulary for ‘risk management process’ Discrete risk management processes within an enterprise (supplement for risk specialists)

For CRISC candidates (ISACA): This series assumes you have specialist interest in risk management theory, and that you have a copy of the CRISC Study Guide.