MODULE 5

Risk Management Framework and Documentation

This module covers the advanced application of risk management principles and practices. The objective of this module is to provide the knowledge and skills to plan and implement an enterprise-wide risk management framework within an organisation and to identify, develop and maintain adequate supporting documentation.

This module also introduces the key elements that comprise a risk management framework, the documentation that underpins the successful implementation and the manner in which the framework should be implemented.

Section 1: Risk Management Framework, Planning, Implementation and Documentation—an Overview

This section provides an overview of the reasons a risk management framework may be introduced into an organisation, the benefits it will derive from doing so and the linkages to some of the core organisational functions (compliance, corporate governance etc.).

The module also introduces the key elements that comprise a risk management framework, the documentation that underpins the successful implementation and the manner in which the framework should be implemented.

Learning outcomes

Understand the links between risk management and allied activities such as: compliance, internal audit, assurance and corporate governance
Describe the principles and benefits of risk management
Describe the benefits of developing a risk management framework
Outline the differences between a number of the risk management frameworks detailed in risk management standards throughout the world
Understand the elements that go into developing a risk management framework.

Section 2: Developing a Risk Management Framework

This section provides greater detail in relation to the elements of a risk management framework introduced in section one. The points discussed in this section are:

Ensuring the support of senior management from the outset
Integrating risk management into strategic and business planning
Reviewing the current risk management systems (if any exist)
Determining how risk exposures will be managed at each level of the organisation
Communicating risk matters with relevant stakeholders
Establishing responsibilities, accountability and authority
Customizing the risk management process for the organisation
Providing training to staff
Resourcing risk management within the organisation
Establishing how the will be monitored and reviewed (including post-event analysis)
Establishing how risk management will be reported within the organisation.

Learning outcomes

Identify the key elements of a risk management framework
Describe the important requirements for implementing a risk management framework
Analyse the effectiveness of an existing risk management framework.

Section 3: Documenting The Risk Management Framework Within An Organisation

This section provides an overview of some of the documentation that is necessary to establish, implement and maintain an effective risk management framework, such as:

A risk management policy
A risk management manual or plan
A risk register containing details of all the identified risk exposures
Risk treatment plans
Monitoring, reviewing and auditing documents
An incident database

Learning outcomes

Describe the contents of an effective risk management policy
Describe the contents of an effective risk management manual/plan
Identify the content requirements of an effective risk register within an organisation
Identify the format for risk treatment plans
Identify the types of monitoring, reviewing and auditing documents
Describe the format and information found within an incident database.

Section 4: Analysing and Treating Operational Risks

This section provides an overview of some of the documentation that is necessary to establish, implement and maintain an effective risk management framework, such as:

An initial phase where the implementation plan is developed and board and senior management support is generated

Learning outcomes

Describe the different phases in the implementation of the risk management framework
Identify the information requirements for an implementation plan
Describe the communications requirement for the implementation plan
Identify the potential barriers to the successful implementation of the framework
Apply some of the methodologies that can be employed to overcome resistance to change.