Risk IdentificationList the risks associated with a business, project, strategy, plan, decision, product or service. All stakeholders are given an opportunity to contribute. | Risk AssessmentAssess the probability and impact of risks. |
Risk TreatmentAccept, avoid, mitigate, transfer or share risks. Also known as a risk response. | Risk MonitoringMonitor change to risk and identify risks that actually occur as issues. |
Risk ToleranceIdentify the level of risk that is acceptable to risk owners and stakeholders. | Accept RiskStakeholders sign off on the risk that remains after risk treatment. This includes secondary risk created by the risk treatments themselves. |
Risk CommunicationRisks, risk treatments, residual risks and secondary risks are clearly communicated to all stakeholders. | Risk AuditsRegularly evaluate compliance to your risk management policies and processes and measure their effectiveness. |
Risk ReportingCalculate important metrics such as risk exposure and communicate them as reports and dashboards. | Risk RegistersTrack risks and all related information such as risk treatments and sign-offs. |
Risk StakeholdersEach risk is assigned to an accountable person or team that owns the risk. Each risk may have additional stakeholders who are consulted or informed. | Risk Contingency PlanningPlan what you will do if a risk actually occurs. |
Risk Scenario PlanningIdentify and plan for different ways that risks may occur. This may include an examination of moment of risk and risk triggers. | Risk Management ManualDocument practices and processes for managing risk across an organization. |
Risk CultureTraining and development programs to create a culture of managing risk. This is particularly important to health & safety risk where everyone may be involved in mitigating risk. | Risk Management GovernanceOversight of the risk management practice that ensures compliance and protection of the interests of stakeholders such as investors and employees. |
Risk Management StrategyPlanning improvements to risk management. | Risk ControlsImplementing internal controls designed to prevent risk. |
Risk ResilienceDesigning systems to be fundamentally resilient to risk. This can be viewed as preventing risks before they can even be identified. |