Blog

I am conducting a Risk Management Survey compiling best practices from organizations' Risk Management Programs.  If you would like to participate in this survey, please complete the questions below and submit to me no later than September 15th.  I will compile these results and send back to those who participated in this.

Below are the survey questions:

1)      Company Name:  ________________________________________________

2)      What industry is your organization classified in:

1. Financial Services
2. Health Care
3. Manufacturing Sector
4. Insurance
5. Public
6. Non Profit
7. Other

3)      What is the size of your organization in employees

1. 500 – 1000
2. 1000 – 5000
3. GT 5000

4)      What is the annual gross revenue of your organization?

5)      Do you have a dedicated Risk Management Function/Department within your organization?

1. Yes
2. No

6)      Where does this Risk Management Function reside and report within your organization?

7)      Please describe the department organization structure:

a)      How many employees  are in the Risk Management organization

b)      What are their  job titles

c)       Job functions/responsibilities

8)      Do you have established Policies and Procedures describing the Risk Management Function

1. Yes
2. No

9)      Briefly describe your function’s mission statement to the organization

10)   Please explain and document your categories  of risks.

11)   Does your Risk Management function address all aspects (categories of risk) and is it addressed at an Enterprise Level.  Briefly explain

12)   How is Risk managed, and reported upwards in your organization?

13)   Are risk assessments performed at the department level?

1. Yes
2. No

14)   Are classifications of risk aggregated and reported at the Enterprise Level?

15)   What methodology does your organization perform risk assessments?

1. COSO ERM  Framework
2. COBIT
3. ISO 23001
4. ISO 27001
5. Questionnaires/surveys
6. Other/Please describe

16)   Are subject matter experts or designated risk officers assigned within the organization responsible for performing the risk assessments and reporting on the risk assessments to Risk Management?

17)   How often are risk assessments performed and reviewed

1. Monthly
2. Quarterly
3. Annually
4. other

18)   How are operational risks events defined and reported in your organization?

a)      Who are they reported to in the organization

b)      What is the reporting threshold  ($)

c)       Are OREs documented to determine root cause

d)      Are risk assessments updated to reflect

19)   Are Key Risk Indicators (KRIs) and Key Performance Indicators defined and measured within your organization?

a)      Are outliers tracked and reported?

b)      Is root cause analysis documented for any outliers?

20)   What is the frequency of reporting of these KRIs?

a)      Monthly

b)      Quarterly

c)       Annually

21)   Do you utilize an automated GRC tool set to manage your Risks in the organization?

Briefly describe your tool and functionality performed.

22)    What types of Management Reports are utilized to report risk to Senior Management and the Board of Directors?

Thank you for your participation in this survey!