Please enable JavaScript.
Coggle requires JavaScript to display documents.
ISO 31000 - Coggle Diagram
ISO 31000
Mandate and Commitment
Design of Framework
Implement risk managment
-
-
Determine risk appetite and risk tolerance levels, and evaluate the existing controls
-
Improve framework
-
-
Report risk performance in line with legal and other obligations, and monitor improvement
-
-
-
Establish the risk management strategy, framework, and the roles and responsibilities
-
Risk management policy must always be up to date because this demonstrates that risk management is a dynamic activity fully supported by the board
Risk management policy should contain the following sections:
- Risk management and internal control objectives (governance)
- Statement of the attitude of the organization to risk (risk strategy)
- Description of the risk aware culture or control environment
- Level and nature of risk that is acceptable (risk appetite)
- Risk management organization and arrangements (risk architecture)
- Details of procedures for risk recognition and ranking (risk assessment) q List of documentation for analyzing and reporting risk (risk protocols)
- Risk mitigation requirements and control mechanisms (risk response)
- Allocation of risk management roles and responsibilities
- Risk management training topics and priorities
- Criteria for monitoring and benchmarking of risks
- Allocation of appropriate resources to risk management
- Risk activities and risk priorities for the coming year