Report, treat and monitor risks
Overview
This standard is about reporting, treating and monitoring risks. It includes the types of reporting and communication, identifying appropriate risk treatment, monitoring and reviewing the risk management processes. It is for risk management and other professionals who are responsible for reporting, treating and monitoring risks.
Performance criteria
You must be able to:
1. collate risks from the risk management plan to report to the relevant risk owners, managers and board of directors
2. collate the risks to report externally to the relevant stakeholders in accordance with corporate governance
3. prioritise and delegate or escalate risks as appropriate
4. assign risk ownership to appropriate internal staff and external stakeholders
5. identify control measures required to mitigate identified risks
6. identify any significant deficiencies and define remedial actions, where appropriate
7. identify appropriate risk treatments, working with internal risk owners, managers, board of directors and external stakeholders
8. monitor and review risk management activities and make appropriate amendments where appropriate
9. manage and maintain the risk register, ensuring that risks are properly captured and highlighting any inconsistencies in entries
10. manage issues arising from risk identification, taking action in accordance with risk management policies and procedures
11. complete and update appropriate documentation, in accordance with risk management policies and procedures
12. produce risk reports for decision-makers and ensure required actions are communicated to internal staff and, where appropriate, to external stakeholders
13. ensure risks and control measures are regularly reviewed and updated
14. ensure the risk management is compliant with legal and regulatory requirements and standards
Knowledge and Understanding
You need to know and understand:
1. your organisation’s aims, objectives and business plans
2. the structure of your organisation and its products and services
3. the culture of your organisation and the scope of risks associated with it
4. the business environment and market within which your organisation operates
5. the current legal and regulatory requirements and standards that apply to risk management
6. the principles of good governance, environmental and social responsibility and ethical practice that apply to risk management
7. the concepts of risk management and risk awareness
8. how to assign risk ownership to internal staff and external stakeholders
9. the internal and external channels of communication and reporting
10. the range of corporate roles and responsibilities in relation to risk management
11. the relevant control systems for managing the risks depending on their severity
12. the risk treatment processes and controls for different types of risks
13. the relevant review and monitoring systems
14. your organisation’s business continuity management procedures and how these link to risk management
15. your organisation’s policies and procedures for risk management and associated supporting documentation
16. how to manage issues arising from risk identification, including significant deficiencies