A Practical Guide to Enterprise Risk Management

The guide aims to provide practical guidance to organisations for developing, implementing and enhancing their risk management frameworks.

The guide is primarily targeted at risk managers or their equivalents and is designed to assist them to better embed risk management practices within their respective organisations. The guide may also be used by other stakeholder groups including the board, executives, and employees during the execution of their risk management responsibilities.

The guide is primarily developed for medium-to-large organisations; however, the majority of the content is applicable to smaller organisations as well. Some of the more ‘advanced’ risk management framework attributes may not be feasible or appropriate for smaller organisations.

The guide is developed to support organisations with varying degrees of risk management maturity, recognising that risk management is a continuous journey. Using this guide, organisations with less mature risk management practices can incrementally enhance and progress their risk management frameworks.

No single risk maturity level will be appropriate for all organisations. Each organisation’s board and executives should decide on the appropriate level of risk management sophistication that they aspire to achieve. The desired level of risk maturity may change over time to reflect changes in the organisation’s complexity, size and risk appetite.

The scope of the guide is focused primarily on providing generic guidance on the management of organisational-level risk.