Getting started with ISO 31000-based Enterprise Risk Management
Any entity that is currently operational has some form of risk management activities in place. However, these risk management activities are often ad hoc, informal and uncoordinated. And, they are often focused on operational or compliance-related risks and fail to focus systematically on strategic and emerging risks, which are most likely to affect an organization’s success. As a result, they fall short of constituting a complete, robust risk management process. In addition, existing risk management activities often lack transparency.
The approaches described below are based on successful practices that organizations have used to develop an incremental, step-by-step methodology to start Enterprise Risk Management disregard their specific Enterprise Risk Management framework being used. Therefore, these approaches are also valid to be used as reference for organizations that intend to implement Enterprise Risk Management using ISO 31000.
While this is not the only way to start an Enterprise Risk Management initiative, this incremental approach is designed to be very adaptable, flexible, and budget friendly. The following are two sections that can be used by organization to get their Enterprise Risk Management started effectively:
- Keys to Success
- Initial Action Steps