Please enable JavaScript.
Coggle requires JavaScript to display documents.
ISO 31000 Enterprise Risk Management (ERM) - Coggle Diagram
ISO 31000 Enterprise Risk Management (ERM)
Implementation summary
Implementing and benchmarking
Establish risk significance benchmarks and undertake risk assessments
Determine risk appetite and risk tolerance levels, and evaluate the existing controls
Adopt suitable risk assessment procedures and an agreed risk classification system
Measuring and monitoring
Ensure cost-effectiveness of existing controls and introduce improvements
Embed risk aware culture and align risk management with other management tasks
Planning and design
Plan the scope of the ERM initiative and develop common language of risk
Establish the risk management strategy, framework, and the roles and responsibilities
Identify intended benefits of the ERM initiative and gain Board mandate
Learning and reporting
Monitor and review risk performance indicators to measure ERM contribution
Report risk performance in line with legal and other obligations, and monitor improvement
Risk management responsibilities
Business unit manager
build risk aware culture within the unit - agree risk management performance targets - ensure implementation of risk improvement recommendations - identify and report changed circumstances
Individual employee
understand, accept and implement RM processes - report inefficient, unnecessary and unworkable controls - report loss events and near miss incidents - co-operate with management on incident investigations
CEO / Board
determine strategic approach to risk and set risk appetite - establish the structure for risk management - understand the most significant risks - manage the organisation in a crisis
Risk manager
develop the risk management policy and keep it up to date - document the internal risk policies and structures - co-ordinate the risk management activities - compile risk information and prepare reports for the Board
Specialise risk management functions
assist the company in establishing specialist risk policies - develop specialist contingency and recovery plans - keep up to date with developments in the specialise area - support investigations of incidents and near misses
Internal audit manager
develop a risk-based internal audit programme - audit the risk processes across the entity - receive and provide assurance on the management of risk - report on the efficiency and effectiveness of internal controls