Monitoring and Reviewing Your Risks
When you’ve completed the four stages of the IERR process and produced your risk register (as in the earlier section ‘Identifying, Evaluating, Recording and Responding to Your Risks (IERR)’), congrats! You now have an overall understanding of the sort of risks that your business faces to its critical activities. Your work isn’t finished (sorry), but you can be satisfied that the time-consuming part is behind you. You can’t ever say that the next part is complete, because you’re continuous monitoring and reviewing the risks.
But like the other stages, this process doesn’t have to be painful. Here are eight simple steps to keep your risk world under control (well, as much as anyone can):
1. Make somebody within your organisation the risk co-ordinator. This person keeps overall track of all risks and has responsibility for the risk register and reporting on it to the board or senior management team. The risk co-ordinator may be you or not, as long the person can pull together information, assess it, and report and recommend to top management.
2. Add a column to your risk register (see the earlier Figures 5-2 and 5-6) entitled ‘owner’ and allocate each risk to the most appropriate person in your company. This step is about monitoring, and that ‘owner’ reports any changes and updates the risk co-ordinator on a frequent basis.
3. Get confirmation from top management on your company’s risk appetite. If that’s you, no problem because you already know ...
Get Business Continuity For Dummies now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
