Develop a risk management strategy
Overview
This standard is about developing a risk management strategy in line with your organisation’s products and services, objectives and business plans. It includes identifying all associated types of risks and assessing them; analysing and evaluating trends and events that could impact on the organisation. Risk Management strategy involves a continuous cycle of identification, assessment, responding to and monitoring the risks. It also involves consulting with external stakeholders and internal decision-makers. This standard is for risk management professionals and others who are responsible for developing a risk management strategy.
Performance criteria
You must be able to:
1. identify trends, events and associated risks in relation to your organisation’s products and services, objectives and business plans
2. define the strategic, tactical and operational objectives for a risk management strategy
3. ensure that the strategy is aligned with organisational objectives and activities
4. identify risk factors that may have an impact on your organisation
5. assess the vulnerability of your organisation’s activities
6. analyse and evaluate the scope of risk implications for the organisation
7. propose risk management solutions and ensure these are appropriate
8. develop the mitigation actions in accordance with probability and impact severity of the risks identified
9. define how the risks and outcomes of risk assessment are documented
10. seek advice and guidance on development of risk management strategy from recognised sources of expertise
11. consult with external stakeholders and adjust the strategy in line with their feedback
12. discuss and agree the strategy with internal decision-makers and seek their approval
13. review the risk management strategy on a regular basis in accordance with outcomes and lessons learned
Knowledge and Understanding
You need to know and understand:
1. your organisation’s aims, objectives and business plans
2. the structure of your organisation and its products and services
3. the business environment and market within which your organisation operates
4. the culture of your organisation and the scope of risks associated with it
5. the strategic, tactical and operational objectives for a risk management strategy
6. the current legal and regulatory requirements and standards that apply to risk management
7. the principles of good governance, environmental and social responsibility and ethical practice that apply to risk management
8. the concepts of risk management and risk awareness
9. the principles and methods of writing a risk management strategy
10. the scope and focus of risk assessment
11. the methods of assessment, analysis and evaluation of risks that may affect your organisation
12. the importance of developing the mitigation actions in accordance with risk probability and impact severity
13. how to ensure that the risk strategy is aligned with organisational objectives and business plans
14. the experts to be consulted about the risk management strategy
15. how a range of relevant sources of risk management information can be identified and obtained
16. the roles and responsibilities of external stakeholders and internal decision-makers involved in the management of risks
17. your organisational governance procedures which underpin the risk management strategy