LLORENTE, Queeny Mae G.
Chapter 18
Integrating Risk into Business Governance
Policy Framework
Your business are one your Company’s best risk management tools. A good framework to use or review your Policies and Controls is that of use of ISO 9001
ISO 9001. A set of Standards for ensuring quality management system for all types, not just information but also technology systems. It helps ensure and formalized business processes if they are being applied. It requires a set of procedure that cover all key business processes. A policy is a set of broad rules which an organization operates while a Procedure. Provides approach to implement. Policies rarely needs to be change once they are established while a procedure needs to be updated frequently to reflect new methods including new products and business lines.
Building Risk into Policies 1. Product Development. Actions you won’t take and types of products and services you refuse to consider. 2. Product Regulations. Regulations that exist that limits your offer, the priced and the things to be provided to the customer. 3. Product Validations. Validations that are required before your product launches. 4. Purchasing. Criteria’s you require to your supplier. 5. Product/Services. Control for the production and delivery of your product and services. 6. Monitoring and Measurement. Ensuring and monitoring the measures of your product.
Meshing Risk Culture and your Business Values * Getting the workforce to proactively identify risk * Making workforce keenly aware of the risk that lie with their responsibilities. * Giving workers an understanding of risk consequences and their role in mitigating them. * Inviting people to feel comfortable for communicating throughout the organization regarding risk that requires others attention.
Culture Vs. Investment
Organization with strong risk culture