 |
|
|
 | Risk Plan |
|
|
A risk management plan details how risk management is to be conducted throughout the organisation. The aim of a risk management plan is to detail how risk management will be integrated into existing organisational systems, processes and practices to ensure it is relevant, effective, efficient and sustained.
It is important to integrate risk management within planning processes such as policy development, business and strategic planning and change management planning. It is equally important to incorporate risk management into plans and processes for areas such as asset management, audit, business continuity, security management, environmental management, fraud control, human resources, investment and project management.
|
|
|
For larger organisations it is likely separate risk management plans will be necessary for particular areas, projects, activities and or processes. All such risk management sub-plans should be consistent with the corporate risk management plan and risk management policy and avoid duplication, where possible.
The roles and responsibilities for risk management should be defined in the risk management plan and may include assignment of accountability for particular categories of risk, implementation of risk treatment strategies and controls and establishing performance measures and reporting processes.
|
Directors and senior executives are ultimately accountable and responsible for managing risk across the organisation and ensuring effective implementation of the risk management policy and risk management plan. All other personnel are responsible for managing risks in their own areas of control.
The risk management plan may outline the level of resources and associated infrastructure for the effective management of risks. Resources and infrastructure may be required for the following:
- Providing support to staff responsible for managing risk, including where required external suppliers.
- Acquiring the knowledge and skills needed to manage risk.
- Including risk management training into staff development programmes.
- Incorporating risk management principles into existing processes, procedures and practices.
- Communications plan to coordinate delivery of risk management dialogue throughout the organisation.
- Inclusion of risk management into the systems for staff rewards, recognition and sanctions.
- Ensuring that internal review and evaluation programmes, such as internal audit, take account of the organisation's philosophy towards managing risk when evaluating performance.
- Incorporation of risk management issues within business planning processes.
- Coordinating the interface between risk management and quality assurance.
- Risk management information systems and databases.
|
|
PROUDLY SPONSORED BY
|
|
|
