ABSTRACT
This chapter outlines the two main frameworks – ISO 31000 and Committee on Sponsoring Organization’s Enterprise Risk Management – which are used globally as guides on risk management systems. In Canada ISO: 31000 were adopted as a national standard, and in March 2010, the British Standards Institute also integrated the international standard into its own portfolio, as BS ISO 31000. Risk assessment involves three sub-elements – identification, analysis, and evaluation, which help a manager, decide how to respond to a specific risk, given the context and the organisational risk appetite. Communication of risk information should be both internal, for control purposes, and external, for reasons of accountability. Consultation helps management understand how well risks are being managed, how and if controls are working and where they are not, and utilise suggestions on how the process can be improved. In so doing, recording and reporting provides a mechanism for accountability, which is essential to a risk management system.
