4.
Risk Management Principles
- Develop an approach that is
structured and comprehensive.
- Make sure that your risk
management approach is dynamic.
- Make sure that your risk
management approach is customized.
5.
Risk Management Framework
5.1 Plan the
establishment of your risk
management framework.
5.2 Show leadership
by making a commitment to risk
management.
5.3 Make your
organization’s personnel responsible for managing risk.
5.4 Design your
organization's unique risk management framework.
5.4.1 Consider your
context
when you develop your framework.
5.4.2 Define your
organization's commitment to risk management.
5.4.3 Assign risk
management roles at all levels of the organization.
5.4.4 Allocate
resources to support your risk management activities.
5.4.5 Support your
framework by sharing and receiving information.
5.5 Implement your
organization's risk management framework.
5.6 Evaluate the
performance of your risk management framework.
5.7 Improve the
performance of your risk management framework.
5.7.1 Monitor and
modify your organization's risk management framework.
5.7.2 Enhance the
overall performance of your risk management framework.
6.
Risk Management Process
6.1 Plan the
establishment of a risk
management process.
6.2 Discuss risks
and get feedback from your stakeholders.
6.3 Define scope,
context, and the criteria you intend to use.
6.3.1 Consider how
you plan to create a process that meets your unique needs.
6.3.2 Define the
overall scope of your organization's risk management process.
6.3.3 Clarify the
external and internal context of your risk management process.
6.3.4 Specify the criteria
that you plan to use to evaluate
your organization's risks.
6.4 Conduct
systematic risk
assessments on a regular basis.
6.4.1 Assess the
risks that could influence the achievement of your objectives.
6.4.2 Identify
the risks that could influence the achievement of your
objectives.
6.4.3 Analyze
the risks that could influence the achievement of your
objectives.
6.4.4 Evaluate
the risks that could influence the achievement of
objectives.
6.5 Treat the risks
that affect the achievement of objectives.
6.5.1 Establish your
organization's risk
treatment process.
6.5.2 Choose the
most appropriate risk treatment options.
6.5.3 Prepare and
implement your risk
treatment plans.
6.6 Evaluate and
improve your risk
management process.
6.7 Record and
report on risk management activities.
|