De-centralised risk management: topic index page

For risk specialists

For the Australian Government

For risk specialists

Centralised or de-centralised risk management in your enterprise?

What is Enterprise Risk Management? What is a ‘risk management process’? Centralised and de-centralised approaches: ERM as an enterprise-level risk management process Centralised ERM Decentralised risk management processes throughout the enterprise Decentralised but standardised risk management processes through the enterprise. How you end up with one or the other The good and bad in each approach: The common problem is a long path from trigger event to enterprise outcome. ERM as a ‘top level’ risk management process is incomplete. Centralised ERM is ok, but has big problems. Decentralised risk management processes need an enterprise view created. Creating the enterprise view Decentralised but standardised risk management processes are not a solution. The bottom line: decentralised is smart, but there are conditions to meet.

Risk specialists Version 2.0 Beta

Examples of discrete risk management processes

The whole enterprise (Enterprise Risk Management) A work unit within the organisation A defined business process or system A project, programme, or portfolio A specific proposed change or initiative Security risk Fraud risk Health and safety Business continuity ‘Legal’ risk

What to read first: Centralised or de-centralised risk management in your enterprise?

Risk specialists Version 2.0 Beta

Integrating de-centralised risk management for enterprise risk management

Every part of an enterprise has objectives What every risk assessment must do Zoom in on one link What the pencil does From pencil to position Extending across the enterprise Thematic risk assessments Projects, Programmes, Portfolio Covering for missing risk assessments Some possible pain points Why you integrate rather than centralise

What to read first: Centralised or de-centralised risk management in your enterprise?

Risk specialists Version 2.0 Beta

For the Australian Government

De-centralised risk management in the Australian Government

The Commonwealth Risk Management Policy is silent on the subject of de-centralised risk management processes within an agency. Risk management is mandated for certain themes and activities. The expectation of the Commonwealth Risk Management Policy is substantially equivalent to enterprise risk management.

What to read first: Centralised or de-centralised risk management in your enterprise?

Australian Government Version 2.0 Beta