This tool contains two sample policies that establish standards and procedures for a common and systematic approach to managing risk across a company. This approach increases risk awareness, ensures the appropriate management of risks and makes the business unit risk profiles transparent. This enables risks to be compared and aggregated and allows one to take a portfolio approach to risk management.
In these samples, management is expected to conduct structured risk management in accordance with this policy. The standards focus on risk identification, due diligence, mitigating risk through established controls, managing business partners that process critical functions or have access to customer information, and subsequent performance monitoring or review of key indicators.