1. • Define problem or opportunity and associated risk issue(s)
• Identify risk management team
Initiation • Assign responsibility, authority and resources
• Identify potential stakeholders and begin to develop
consultation process
• Define scope of decision(s)
Preliminary • Identify hazards of risk scenarios
Analysis • Begin stakeholder analysis
• Start the risk information library
Risk Communication
End Back
Next Step and/or Action
• Define methodology for estimating frequency and
consequences
Risk • Estimate frequency of risk scenarios
Estimation • Estimate consequence of risk scenarios
• Refine Stakeholder Analysis through dialogue
End Back
Next Step and/or Action
Risk • Estimate and integrate benefits and costs
Evaluation • Assess stakeholder acceptance of risk
End Back
Next Step and/or Action
• Identify feasible risk control options
Risk • Evaluate risk control options for effectiveness, costs, risks
Control • Assess stakeholder acceptance of proposed action(s)
• Assess stakeholder acceptance of residual risk
End Back
Next Step and/or Action
• Develop an implementation plan
Action/ • Implement control, financing, and communication strategies
Monitoring • Evaluate effectiveness of risk management decision process
• Establish monitoring, sunset, termination processes where
applicable
Source: CSA (1997)
2. Risk Management:
Process Maturity Map
To maximize ERM results , leadership must influence management and staff to work together in a culture
of open risk communication, executing repeatable processes to prioritize and mitigate discovered risks.
EXPOSURE IDENTIFICATION
4. Optimizing
3. Risk-driven Fully Risk-driven
Risk-based Optimization
Prioritization 5 years + (ongoing)
3-5 years
2. Advanced
No-Blame culture
in place
1-3 years
1. Initial
Integrated
Repeatable Processes
EXPOSURE RESOLUTION