How To...

When developing and implementing an ERM framework for a previous employer, I encountered a diverse range of challenges related to people, technology, processes, change management etc. There was certainly more than one moment where I wished to know 'how to…'

RISIKO cannot provide free advice through its website. Additionally, individual circumstances in organisations can vary greatly and therefore require individual consideration. The responses below are only of generic nature and are not intended to be considered as specific advice.

However, you might want to check whether some of the questions and issues below match your challenges and whether the related responses are plausible to you. If the information below resonates with you please contact RISIKO for an initial, obligation-free discussion.

(Please find the CONTACT button in the navigation field at the top right.)


Question / Issue

RISIKO is partnering with a provider of Governance Risk Compliance and Contract Management Software. In this software, RISIKO has set up a demonstration of a company’s risk management process, including risk reporting, affording you the opportunity to see Enterprise Risk Management in practice as well as a potential solution for your needs. 

You might choose to operate your risk management framework through this software, a different software or even on spreadsheets. However, as a RISIKO client you have the opportunity to see upfront what the final product, including risk identification support, risk reporting, risk register structure as well as management of risk mitigating actions, etc. for your organisation might look like.

"My organisation is at an early stage of the implementation of its risk management framework. I wish I could see what the final product might look like."

RISIKO can provide you with a tool to test the setup of your ERM framework. This will help you to ensure consistency with ISO 31000:2009 and will help to remedy gaps to accelerate the framework's successful implementation.

RISIKO can also provide an implementation plan for your ERM framework which can then be approved by senior management and executed by the risk manager/team in cooperation with the business of your organisation, as applicable.

"My organisation developed an enterprise risk management framework consistent with ISO 31000:2009. However, its implementation does not progress as expected."

RISIKO has set up risk identification /- analysis and /- evaluation within the GRC software in a way that the software leads users through the process as far as possible. This reduces the training effort for participants of risk workshops and risk owners.

Line management receives agreed reports through the software's subscription service as email attachments. Therefore, the recipients of these reports do not need to access the software to read their reports. This also reduces training effort.

"Due to the size of our organisation we will need to manage a high number of system users. How can we keep the training effort low?"

RISIKO's ERM framework provides for the definition of specialist areas of risk which can be customised for the purpose of your organisation. For example, this can include risk areas such as Strategic-/Health, Safety and Environmental-/Business-/or Operations-Risk.

The risk management software provides individual risk assessment and risk treatment flows for the specified areas of risk.

"How can we provide for individual risk management needs in different (specialist) areas of risk, such as e.g. Safety risk or Strategic risk in one framework as well as in one risk management software?" 

BCM can be enormously complex and might require significant resources to be managed. However, from RISIKO's perspective as part of the risk management framework it is just risk mitigation.

"How is Business Continuity Management (BCM) integrated in a risk management framework?"

From RISIKO's perspective the Standard ISO 31000:2009 is very helpful and comprehensive.

A good way to receive external (e.g. insurer, regulator) recognition of an organisation's risk management framework is the ability to demonstrate consistency between the implemented framework and the Standard. 

"Why in particular, is it important that a risk management framework should be consistent with ISO 31000:2009?"