An entity’s business risk management framework should be a strategic axial enabled to accept diverse strategy spokes. Proactively, business risk management should represent the process whereby an entity methodically addresses risks attached to activities with the objective of achieving sustained benefit within each activity and across the activities portfolio.
Through project collaboration the Association of Insurance and Risk Managers, the Association of Local Authority Risk Managers, and the Institute of Risk Management promote the following risk management process:
1. Identify Strategic Objectives
2. Perform Risk Assessment
2.1 Risk Analysis
2.1.1 Risk Identification
2.1.2 Risk Description
2.1.3 Risk Estimation
2.2 Risk Evaluation
3. Provide Risk Reporting
4. Decision (determine risk appetite)
5. Document Risk Treatment
6. Provide Residual Risk Reporting
7. Perform Monitoring
Davis, Robert E. (2011). Assuring IT Governance. Available from http://www.amazon.com/Assuring-Governance-Assurance-Services-ebook/dp/B0058P58E0 and http://www.smashwords.com/books/view/70359
Davis, Robert E. (2006). IT Auditing: IT Governance. Mission Viejo: Pleier. CD-ROM.