Enterprise risk management framework using a risk manual to design and communicate business risk management
Communicating about corporate risk management, enterprise risk management, and compliance, is never easy. It is done more easily, however, when the communications relate to what people do, and what is expected of them. What is expected of them can be communicated as the goals for what they do, and can be compared to the results of what they have done. And, both the results and the goals can best be seen as the end products of their work. Those end products are the outcomes – the results – of their assigned work – of their participation in the assigned enterprise risk management framework.
Although companies often organize policies, procedures, plans and controls by organization components and subject matter – by function – organizing information and communication by business process enables lower costs, more focus, and greater accountability, among other benefits. When business processes are the focus, then the emphasis on communication, risk management and control can be on the outputs of those business processes; and, in turn, those outputs are the focus of risk management (basically, the purpose of risk management is to eliminate or mitigate unacceptable levels of uncertainty in the outputs of business processes due to factors affecting the outputs of business processes).
Comments