TAGS: System deviations; Risk management plan; Context Changes; Feedback.

 

In order to ensure that the risk management system is effective and continues to support organizational performance, an organization should:

1.      Periodically measure progress against and deviation from the risk management policy and plan: the framework and processes should be fit-for purpose, and aligned to the objectives/priorities of the organization, and relevant stakeholders should receive adequate reporting that enables them to fulfil their roles and responsibilities within the governance structure;

2.      Periodically review whether the risk management framework, policy and plan are still appropriate, given the organization's external and internal context: the organization should ensure that changes to the context, or changes to other factors affecting the suitability or cost of risk management, are identified and addressed;

3.      Periodically review the risk management process: the risk management resources should be sufficient, and people across the organization should have adequate risk management skills, knowledge and competence, in line with the risk role they are required to perform on a daily basis;

4.      Periodically review the risk management maturity level : With a view to achieving continuous improvement, an organization should self-assess the level of its risk management development, to point out strengths and weaknesses and design and/or review a lasting path of growth for the risk management system itself;

Periodically report on the results of monitoring to the board: based on the results from monitoring and review, decisions should be made to improve the organization's management of risk and its culture, ensuring that the organization is able to learn from risk events.

  • No labels