Risk IdentificationList the risks associated with a business, project, strategy, plan, decision, product or service. All stakeholders are given an opportunity to contribute.
Risk AssessmentAssess the probability and impact of risks.
Risk TreatmentAccept, avoid, mitigate, transfer or share risks. Also known as a risk response.
Risk MonitoringMonitor change to risk and identify risks that actually occur as issues.
Risk ToleranceIdentify the level of risk that is acceptable to risk owners and stakeholders.
Accept RiskStakeholders sign off on the risk that remains after risk treatment. This includes secondary risk created by the risk treatments themselves.
Risk CommunicationRisks, risk treatments, residual risks and secondary risks are clearly communicated to all stakeholders.
Risk AuditsRegularly evaluate compliance to your risk management policies and processes and measure their effectiveness.
Risk ReportingCalculate important metrics such as risk exposure and communicate them as reports and dashboards.
Risk RegistersTrack risks and all related information such as risk treatments and sign-offs.
Risk StakeholdersEach risk is assigned to an accountable person or team that owns the risk. Each risk may have additional stakeholders who are consulted or informed.
Risk Contingency PlanningPlan what you will do if a risk actually occurs.
Risk Scenario PlanningIdentify and plan for different ways that risks may occur. This may include an examination of moment of risk and risk triggers.
Risk Management ManualDocument practices and processes for managing risk across an organization.
Risk CultureTraining and development programs to create a culture of managing risk. This is particularly important to health & safety risk where everyone may be involved in mitigating risk.
Risk Management GovernanceOversight of the risk management practice that ensures compliance and protection of the interests of stakeholders such as investors and employees.
Risk Management StrategyPlanning improvements to risk management.
Risk ControlsImplementing internal controls designed to prevent risk.
Risk ResilienceDesigning systems to be fundamentally resilient to risk. This can be viewed as preventing risks before they can even be identified.