Please enable JavaScript.
Coggle requires JavaScript to display documents.
3 risk frameworks - Coggle Diagram
3 risk frameworks
-
ISO 31 000
Risk, risk management, and ISO 31000
-
-
-
-
-
King IV
Risk governance
The governing body should assume responsibility for the governance of risk by setting the direction for how risk should be approached and addressed
-
the potential positive and negative effects of the same risks on the achievement of organisational objectives.
The governing body should treat risk as integral to the way it makes decisions and executes its duties.
The governing body should approve policy that articulates and gives effect to its set direction on risk.
The governing body should evaluate and agree the nature and extent of the risks that the organisation should be willing to take in pursuit of its strategic objectives. It should approve in particular:
the organisation’s risk appetite, namely its propensity to take appropriate levels of risk;
-
The governing body should delegate to management the responsibility to implement and execute effective risk management.
The governing body should exercise ongoing oversight of risk management and, in particular, oversee that it results in the following:
An assessment of risks and opportunities emanating from the triple context in which the organisation operates and the capitals that the organisation uses and affects.
An assessment of the potential upside, or opportunity, presented by risks with potentially negative effects on achieving organisational objectives.
An assessment of the organisation’s dependence on resources and relationships as represented by the various forms of capital.
-
The establishment and implementation of business continuity arrangements that allow the organisation to operate under conditions of volatility, and to withstand and recover from acute shocks.
The integration and embedding of risk management in the business activities and culture of the organisation.
The governing body should consider the need to receive periodic independent assurance on the effectiveness of risk management.
The nature and extent of the risks and opportunities the organisation is willing to take should be disclosed without compromising sensitive information.
In addition, the following should be disclosed in relation to risk:
-
Key areas of focus during the reporting period, including objectives, the key risks that the organisation faces, as well as undue, unexpected or unusual risks and risks taken outside of risk tolerance levels.
-
-