In the process of development or revision of a risk management framework, a company should answer several fundamental questions for the critical review and the assessment of the elements included in the risk management process:
How efficient are the organisation’s current risk management practices?
For the review of the current risk management’s effectiveness, it is essential to consider both “hard” (structures and processes) and “soft” (culture and people) aspects. A current risk management framework should be appropriate for the organisation’s context, and its practices should be operating as anticipated as well.
How advanced and developed should the current risk management framework be?
The fundamental goal of a risk management framework is the effective identification of the organisation’s risks and response in an appropriate manner. There is no universal approach, and every company should consider its context, internal and external factors and the level of risk maturity that it desires to achieve in order to determine the framework’s level of development.
What is the most efficient strategy to close the gap?
In general, a risk management framework aims to identify all risks across an organisation. The company’s board and executives should be assured that the most effective practices and strategies of risk management are applied with respect to the organisational context.