For further information please contact the Policy Owner - <Insert Title> Page 4 of 6
Risk Management Policy
Example:
When undertaking a risk management process the following steps must be taken: establish
the context, identify the risk, analyse the risk, evaluate the risk, treat the risk and monitor
and review the risk. Refer to the risk management procedure for details on how to perform
each step in the process.
5. Integration with other systems and processes
Describe how risk management is integrated and embedded into organisational processes.
Example:
Risk management is factored into business planning, performance management, audit and
assurance, business continuity management and project management.
6. Risk Categories
Specify risk categories to be included in in the risk register and in risk reporting.
Example:
Risk categories may include strategic, financial, environmental, safety, people and
reputation.
7. Risk Register
Specify the purpose of the risk register. Include details on the types of risks to be included on
the risk register (e.g. operational or strategic), the criterion for adding and removing risks from
the register, who will review the risk register and how often it will be reviewed.
8. Risk Reporting
Outline the risk reporting requirements. The purpose of risk reporting is to create awareness of
key risks, improve accountability for the management of risk and the timely completion of risk
treatment plans. Details as to who prepares reports, who reviews reports and how often reports
are reviewed should be included.
Example:
The strategic risk register is prepared by the Chief Risk Officer and reviewed by the Audit
Committee on a quarterly basis.