This tool provides questions organizations should consider when implementing an enterprise risk management (ERM) strategy.
Questions to consider include: Is there a process for reporting timely significant changes in the enterprise’s risk profile to the board? Is the risk profile discussed periodically in the context of strategy setting so that the board has full knowledge of the significant risks the company is taking on? Is there a periodic board-level dialogue regarding management’s appetite for risk and whether the organization’s risk profile is consistent with that risk appetite? Is there a periodic analysis of the gaps in the capabilities for managing uncertainties?