IRM M1U1.4 Different appoaches to ERM Flashcards
What question all risk management processes are trying to answer? (Hillson, 2016:5)
All risk management processes, are trying to answer the same question – considering the risks being faced, can the objectives be achieved?
The four-step model was developed by Satarla, pulls together the most important aspects from all of the main international standards.
(SATARLA 2022 - reproduced with permission)
Figure 1.4.1 - Risk Management - four easy steps
Define context and objectives - Understand your internal and external context and how it is changing. Within this context and scope, articulate your objectives.
Assess the risks - Identify both the potential threats and opportunities (risks), understand them using the most appropriate techniques, and ask yourself: “so what? Do we need to do anything about these risks?”.
Manage the risks - Where possible take charge of the risks, or aspects of them through implementing controls. Note – a control is an act, object or system that modifies a risk. If the activity does not actually change the risk, it is not a control.
Monitor, Review and Report -Tell people what you are doing and what they need to know (and perhaps do) regarding the status of the risks and how effectively they are being managed.
