Risk Management – Article 6
Monitoring, Review and Continual Improvement of Risk Management Framework
Keshav Ram Singhal
Clause 4.5 of ISO 31000:2009 deals with guidelines for monitoring and review of risk management framework and Clause 4.6 of the standard deals with guidelines for continual improvement of the framework.
Monitoring and review of risk management framework
It is necessary that risk management in the organization remains effective and support continuously its performance, so the organization should:
- Measure risk management performance against periodically reviewed indicators for appropriateness
- Periodically measure progress against the risk management plan to find deviation from the risk management plan
- Periodically review appropriateness of risk management framework, policy and plan in organization’s internal and external context.
- Report risks
- Report progress of risk management against its plan
- Report following-up of the risk management policy in the organization
- Review risk management framework effectiveness
Continual improvement of risk management framework
Decision for continual improvement of the risk management framework, policy and plan should be taken based on results of monitoring and reviews. Such decisions should be implemented to achieve improvement in organization’s risk management and its culture.