Monitoring, Review and Continual Improvement of Risk Management Framework

Risk Management – Article 6

Monitoring, Review and Continual Improvement of Risk Management Framework

Keshav Ram Singhal

Clause 4.5 of ISO 31000:2009 deals with guidelines for monitoring and review of risk management framework and Clause 4.6 of the standard deals with guidelines for continual improvement of the framework.

Monitoring and review of risk management framework

It is necessary that risk management in the organization remains effective and support continuously its performance, so the organization should:
- Measure risk management performance against periodically reviewed indicators for appropriateness
- Periodically measure progress against the risk management plan to find deviation from the risk management plan
- Periodically review appropriateness of risk management framework, policy and plan in organization’s internal and external context.
- Report risks
- Report progress of risk management against its plan
- Report following-up of the risk management policy in the organization
- Review risk management framework effectiveness

Continual improvement of risk management framework

Decision for continual improvement of the risk management framework, policy and plan should be taken based on results of monitoring and reviews. Such decisions should be implemented to achieve improvement in organization’s risk management and its culture.