Develop risk management policies and procedures
Overview
This standard is about developing risk management policies and procedures. These define the processes and methods to be followed in relation to risk management. Risk management policies and procedures should be systematically structured in accordance with organisational needs and must involve all stakeholders. It includes establishing an appropriate risk architecture and producing policies and procedures in accordance with the aims and objectives of your organisation. It is for risk management professionals and others who are responsible for developing risk management policies and procedures.
Performance criteria
You must be able to:
1. define the risk appetite and the levels of tolerance for your organisation
2. establish an appropriate risk architecture
3. allocate and assign roles and responsibilities of individuals and committees to the identified risks
4. identify the risk management methodology and processes to follow
5. set out communication channels, risk monitoring and reporting structures
6. ensure that risk management policies and procedures are developed in accordance with the risk management strategy
7. produce risk management policies and procedures in accordance with legal and regulatory requirements, current standards and frameworks for risk management
8. ensure that risk management policies and procedures are proportionate to your organisation’s needs and can be operated consistently across the organisation
9. negotiate and agree the risk management policies and procedures with internal decision-makers and seek their approval
10. communicate risk management architecture, policies and procedures to internal staff and external stakeholders, ensuring that they are understood
11. assign risk ownership and responsibility within your organisation
12. develop appropriate guidance documents for internal staff and external stakeholders to support the implementation of risk management architecture, policies and procedures
13. plan and implement measures to maximise compliance with risk management processes
14. identify the scope of improvements evaluate the risk management policies and procedures on a regular basis
Knowledge and Understanding
You need to know and understand:
1. your organisation’s size and its capacity
2. the business environment and market within which your organisation operates
3. your organisation’s aims, objectives and business plans
4. the structure of your organisation and its products and services
5. the culture of your organisation and its attitude to risks
6. the current legal and regulatory requirements in relation to risk management
7. the relevant standards and frameworks that apply to risk management
8. the principles of good governance, environmental factors, social responsibility and ethical practice that apply to risk management
9. the risk appetite and tolerance levels of your organisation
10. the types of risk architecture and appropriate resources to mitigate the impact
11. the types of risk ownership and responsibilities within your organisation
12. the roles and responsibilities for individuals and committees
13. the principles and methods of writing risk management policies and procedures
14. the elements of risk management policy and risk management processes
15. the internal supporting documents required for recording, monitoring and reporting the risks
16. the external supporting documents, policies and procedures applicable to the risks being managed and their potential impacts on your organisation
17. how to ensure that policies and procedures are proportionate to the needs of your organisation
18. the communication channels to ensure the risk management architecture, policies and procedures are understood
19. how to develop risk management guidance documents aligned with organisational activities
20. why it is important to review the risk policies and procedures on a regular basis