MODULE 5

Risk Management Framework and Documentation

This module covers the advanced application of risk management principles and practices. The objective of this module is to provide the knowledge and skills to plan and implement an enterprise-wide risk management framework within an organisation and to identify, develop and maintain adequate supporting documentation.

This module also introduces the key elements that comprise a risk management framework, the documentation that underpins the successful implementation and the manner in which the framework should be implemented.

Section 1: Risk Management Framework, Planning, Implementation and Documentation—an Overview

This section provides an overview of the reasons a risk management framework may be introduced into an organisation, the benefits it will derive from doing so and the linkages to some of the core organisational functions (compliance, corporate governance etc.).

The module also introduces the key elements that comprise a risk management framework, the documentation that underpins the successful implementation and the manner in which the framework should be implemented.

Learning outcomes

  • Understand the links between risk management and allied activities such as: compliance, internal audit, assurance and corporate governance
  • Describe the principles and benefits of risk management
  • Describe the benefits of developing a risk management framework
  • Outline the differences between a number of the risk management frameworks detailed in risk management standards throughout the world
  • Understand the elements that go into developing a risk management framework.

Section 2: Developing a Risk Management Framework

This section provides greater detail in relation to the elements of a risk management framework introduced in section one. The points discussed in this section are:

  • Ensuring the support of senior management from the outset
  • Integrating risk management into strategic and business planning
  • Reviewing the current risk management systems (if any exist)
  • Determining how risk exposures will be managed at each level of the organisation
  • Communicating risk matters with relevant stakeholders
  • Establishing responsibilities, accountability and authority
  • Customizing the risk management process for the organisation
  • Providing training to staff
  • Resourcing risk management within the organisation
  • Establishing how the will be monitored and reviewed (including post-event analysis)
  • Establishing how risk management will be reported within the organisation.

Learning outcomes

  • Identify the key elements of a risk management framework
  • Describe the important requirements for implementing a risk management framework
  • Analyse the effectiveness of an existing risk management framework.

Section 3: Documenting The Risk Management Framework Within An Organisation

This section provides an overview of some of the documentation that is necessary to establish, implement and maintain an effective risk management framework, such as:

  • A risk management policy
  • A risk management manual or plan
  • A risk register containing details of all the identified risk exposures
  • Risk treatment plans
  • Monitoring, reviewing and auditing documents
  • An incident database

Learning outcomes

  • Describe the contents of an effective risk management policy
  • Describe the contents of an effective risk management manual/plan
  • Identify the content requirements of an effective risk register within an organisation
  • Identify the format for risk treatment plans
  • Identify the types of monitoring, reviewing and auditing documents
  • Describe the format and information found within an incident database.

Section 4: Analysing and Treating Operational Risks

This section provides an overview of some of the documentation that is necessary to establish, implement and maintain an effective risk management framework, such as:

  • An initial phase where the implementation plan is developed and board and senior management support is generated

Learning outcomes

  • Describe the different phases in the implementation of the risk management framework
  • Identify the information requirements for an implementation plan
  • Describe the communications requirement for the implementation plan
  • Identify the potential barriers to the successful implementation of the framework
  • Apply some of the methodologies that can be employed to overcome resistance to change.