1. Create and protect value
Good risk management contributes to the achievement of your businessobjectives through continuous review of processes and systems.
2. Be integral to your process
Risk management needs to be integrated with your governance framework and become a part of your planning processes, at both the operational and strategic level.
3. Be part of decision making
The process of risk management helps you make informed choices, identify priorities and select the most appropriate action.
4. Explicitly address uncertainty
By identifying potential problems with in-depth risk assessment, you can implement measures to maximise your ability to gain while minimising chances of loss.
5. Be systematic, structured and timely
The process of risk management should be consistent across your business to ensure the efficiency and reliability of results.
6. Be based on the best available information
To effectively manage risk, consider all the available and relevant information and be aware that there may be some limitations. You then need to determine how all this information informs the risk management process.
7. Be tailored
Your risk management framework needs to include your risk profile, as well as take into consideration the internal and external operating environment.
8. Take into account human and cultural factors
Risk management needs to recognise the combined contribution that people and culture have on achieving your objectives.
9. Be transparent and inclusive
Engaging stakeholders, both internal and external, throughout the risk management process recognises that communication and consultation are key to identifying, analysing and monitoring risk. This form of collaboration also promotes inclusivity.
10. Be dynamic, iterative and responsive to change
The process of managing risk needs to be flexible. The challenging environment we operate in means you need to consider the context for managing risk as well as continue to identify new risks that emerge and make allowances for those risks that no longer exist.
11. Facilitate the continual improvement of organisations
Organisations with a mature risk management culture are those that invest resources over time and are able to demonstrate the continual achievement of their objectives.