Key to ISO 31000 Success – Theme 5: Build on Existing Risk Management Activities
Any organization with current operations has some form of risk management activities or risk related activities already in place. These might include activities such as risk assessments performed by the internal audit, insurance or compliance functions, fraud prevention or detection measures, or certain credit or treasury activities.
By leveraging, aligning and subsequently enhancing these existing risk related activities, the organization can achieve immediate and tangible benefits. For example, a company might implement a common set of risk definitions or a common risk framework across the organization. Others have conformed their risk assessment methodologies so that all areas of the organization performing a risk assessment do so using the same methodology.
Although it makes sense to build upon existing risk related activities, it must be done with the recognition that the existing activities probably do not constitute ERM. ERM requires risk management processes that ultimately are applied across the enterprise and represent an entity-wide portfolio view of risk, which is often missing from these existing functions.