Monitor and review risk management strategies, policies and processes
Overview
This standard is about monitoring and reviewing risk management strategies, policies and processes. It includes confirming the criteria by which the strategy should be monitored and reviewed, establishing and agreeing a review framework, methodology and resources, collecting valid, reliable and comprehensive data and evaluating qualitative and quantitative data. It is for risk management professionals and others who are responsible for monitoring and reviewing risk management strategies, policies and processes.
Performance criteria
You must be able to:
1. confirm the criteria by which the risk management strategy should be monitored and reviewed
2. assign the risks for review and monitoring to internal staff and external stakeholders
3. establish a review framework and seek approval with appropriate internal decision-makers
4. agree the review methodology and associated resources with internal decision-makers and external stakeholders
5. collect valid, reliable and comprehensive data, including feedback from external stakeholders
6. use agreed methods to review quantitative and qualitative data against agreed criteria
7. identify the reasons for variances in performance against expectations
8. report the findings of the review to the relevant staff and external stakeholders
9. provide assurance to appropriate organisational groups in respect of the effectiveness of the risk management process
10. take appropriate actions depending on the outcomes of the review
11. ensure that the risk management strategies, policies and processes are compliant with legal and regulatory requirements and standards
Knowledge and Understanding
You need to know and understand:
1. your organisation’s aims, objectives and business plans
2. the structure of your organisation and its products and services
3. the culture of your organisation and the scope of risks associated with it
4. the business environment and market within which your organisation operates
5. the current legal and regulatory requirements and standards that apply to risk management
6. the principles of good governance, environmental and social responsibility and ethical practice that apply to risk management
7. the concepts of risk management and risk awareness
8. your organisation’s policies and procedures for risk management, and associated supporting documentation
9. the content of a review framework and how to develop this
10. the review methods and procedures in relation to risk management
11. the sources of valid and reliable data
12. the assurance mechanisms and rationale
13. how to use evidence from the review to make decisions on appropriate action