Elements and Performance Criteria
- Establish the risk management context
- Establish the nature and extent of business unit activity, its objectives and outcomes within the organisational context.
- Identify the strategic and risk management context.
- Identify and consult stakeholders to ensure their views, concerns and needs are taken into account in the risk management process.
- Determine criteria for risk assessment.
- Determine risk management criteria to provide guidance on balancing risk, costs, benefits and opportunities.
- Monitor, review and adjust risk management criteria to ensure opportunities and current and emerging trends are reflected.
- Plan for risk management
- Investigate sources of risk and identify and consult upon potential, perceived and actual risks to ensure full coverage.
- Analyse risks and document in consultation with stakeholders, and determine levels of risk as the basis for risk management planning.
- Select risk management methods and modify as necessary to determine risks that are acceptable or unacceptable.
- Identify risk treatment options for unacceptable risks and determine preferred risk treatment approaches.
- Develop and communicate risk management plan to key stakeholders to ensure clarity and achievement of objectives throughout the activity’s life cycle.
- Manage risk
- Evaluate the risk management plan
- Develop and implement an evaluation methodology.
- Review and analyse outcomes to assess the effectiveness of current risk management strategies.
- Monitor existing risks, identify new risks and identify any trouble spots.
- Seek and use a variety of information, including the perspectives of key stakeholders.
- Formulate and act upon recommendations on enhancements to the plan.
- Communicate the outcomes of evaluation to relevant personnel.
- Establish the risk management context
- Establish the nature and extent of business unit activity, its objectives and outcomes within the organisational context.
- Identify the strategic and risk management context.
- Identify and consult stakeholders to ensure their views, concerns and needs are taken into account in the risk management process.
- Determine criteria for risk assessment.
- Determine risk management criteria to provide guidance on balancing risk, costs, benefits and opportunities.
- Monitor, review and adjust risk management criteria to ensure opportunities and current and emerging trends are reflected.
- Plan for risk management
- Investigate sources of risk and identify and consult upon potential, perceived and actual risks to ensure full coverage.
- Analyse risks and document in consultation with stakeholders, and determine levels of risk as the basis for risk management planning.
- Select risk management methods and modify as necessary to determine risks that are acceptable or unacceptable.
- Identify risk treatment options for unacceptable risks and determine preferred risk treatment approaches.
- Develop and communicate risk management plan to key stakeholders to ensure clarity and achievement of objectives throughout the activity’s life cycle.
- Manage risk
- Evaluate the risk management plan
- Develop and implement an evaluation methodology.
- Review and analyse outcomes to assess the effectiveness of current risk management strategies.
- Monitor existing risks, identify new risks and identify any trouble spots.
- Seek and use a variety of information, including the perspectives of key stakeholders.
- Formulate and act upon recommendations on enhancements to the plan.
- Communicate the outcomes of evaluation to relevant personnel.