Risk management process
There are steps that any organization can take in risk management process. For example, organizations can:
• Adopt a common risk language.
• Conduct an enterprise risk assessment to identify and prioritize the organization’s critical risks.
• Perform a gap analysis of the current and desired capabilities around managing the critical risks.
• Articulate the risk management vision, goals and objectives, along with a compelling value proposition to provide the economic justification for going forward.
• Advance the risk management capability of the organization for one or two critical risks, i.e., start with a risk area where senior management knows improvements are needed to successfully execute the business strategy.
• While there are other possible steps, the above are an excellent beginning and provide a simplified view for getting started with ERM implementation.
It is also important to inventory what has already been done and to achieve visible early successes. The key is to keep the effort simple and focused by integrating the ERM related activities into the business strategy and plan.
Risk management process relate alot to COSO and internal audit process