ISO 31000
business driver
stakeholders
processes
international standard
recognise and priotise significant risks
identify the weakest critical controls
successful delivery of change
increased operational efficiency
reduced cost of capital
more accurate financial reporting
competitive advantage
better marketplace presence
improved perception of the organisation
Risk recognition
Impact
Definition
short, medium, long term
related to operations, tactics and strategy
“effect of uncertainty on objectives”
negative (hazard risks)
positive (opportunity risks)
Risk ranking can be quantitative, semi-quantitative or qualitative
Risk management process
recognition or identification of risks
ranking or evaluation of risks
responding to significant risks
tolerate
treat
transfer
terminate
resourcing controls
reaction planning
reporting and monitoring
reviewing framework
Risk architecture
roles, responsibilities, communication and risk reporting structure
Risk strategy
Risk strategy, appetite, attitudes and philosophy
mandate and commitment
design of framework
implement risk management
monitor and review framework
improve framework
Drivers of risk management
External
Internal
accounting standards
interest rates
supply chain
Technology developments
Fraud
Liquidity
Recruitment
Board composition