Ensuring that an organization effectively manages its risk. Process groups are aligned with traditional risk management activities.
| 11.0 | Manage Enterprise Risk, Compliance, Remediation, and Resiliency | |||||
| 11.1 | Manage enterprise risk | |||||
| 11.1.1 | Establish the enterprise risk framework and policies | |||||
| 11.1.1.1 | Determine risk tolerance for organization | |||||
| 11.1.1.2 | Develop and maintain enterprise risk policies and procedures | |||||
| 11.1.1.3 | Identify and implement enterprise risk management tools | |||||
| 11.1.1.4 | Coordinate the sharing of risk knowledge across the organization | |||||
| 11.1.1.5 | Prepare and report enterprise risk to executive management and board | |||||
| 11.1.2 | Oversee and coordinate enterprise risk management activities | |||||
| 11.1.2.1 | Identify enterprise level risks | |||||
| 11.1.2.2 | Assess risks to determine which to mitigate | |||||
| 11.1.2.3 | Develop risk mitigation and management strategy and integrate with existing performance management processes | |||||
| 11.1.2.4 | Verify business unit and functional risk mitigation plans are implemented | |||||
| 11.1.2.5 | Ensure risks and risk mitigation actions are monitored | |||||
| 11.1.2.6 | Report on enterprise risk activities | |||||
| 11.1.2.7 | Coordinate business unit and functional risk management activities | |||||
| 11.1.2.8 | Ensure that each business unit/function follows the enterprise risk management process | |||||
| 11.1.2.9 | Ensure that each business unit/function follows the enterprise risk reporting process | |||||
| 11.1.3 | Manage business unit and function risk | |||||
| 11.1.3.1 | Identify risks | |||||
| 11.1.3.2 | Assess risks using enterprise risk framework policies and procedures | |||||
| 11.1.3.3 | Develop mitigation plans for risks | |||||
| 11.1.3.3.1 | Assess adequacy of insurance coverage | |||||
| 11.1.3.4 | Implement mitigation plans for risks | |||||
| 11.1.3.5 | Monitor risks | |||||
| 11.1.3.6 | Analyze risk activities and update plans | |||||
| 11.1.3.7 | Report on risk activities | |||||
| 11.2 | Manage compliance | |||||
| 11.2.1 | Establish compliance framework and policies | |||||
| 11.2.1.1 | Develop enterprise compliance policies and procedures | |||||
| 11.2.1.2 | Implement enterprise compliance activities | |||||
| 11.2.1.3 | Manage internal audits | |||||
| 11.2.1.4 | Maintain controls-related technologies and tools | |||||
| 11.2.2 | Manage regulatory compliance | |||||
| 11.2.2.1 | Develop regulatory compliance procedures | |||||
| 11.2.2.2 | Identify applicable regulatory requirements | |||||
| 11.2.2.3 | Monitor the regulatory environment for changing or emerging regulations | |||||
| 11.2.2.4 | Assess current compliance position and identify weaknesses or shortfalls therein | |||||
| 11.2.2.5 | Implement missing or stronger regulatory compliance controls and policies | |||||
| 11.2.2.6 | Monitor and test regulatory compliance position and existing controls | |||||
| 11.2.2.7 | Compile and communicate compliance scorecard(s) | |||||
| 11.2.2.8 | Compile and communicate internal and regulatory compliance reports | |||||
| 11.2.2.9 | Maintain relationships with regulators as appropriate | |||||
| 11.3 | Manage remediation efforts | |||||
| 11.3.1 | Create remediation plans | |||||
| 11.3.2 | Contact and confer with experts | |||||
| 11.3.3 | Identify/dedicate resources | |||||
| 11.3.4 | Investigate legal aspects | |||||
| 11.3.5 | Investigate damage cause | |||||
| 11.3.6 | Amend or create policy | |||||
| 11.4 | Manage business resiliency | |||||
| 11.4.1 | Develop the business resilience strategy | |||||
| 11.4.2 | Perform continuous business operations planning | |||||
| 11.4.3 | Test continuous business operations | |||||
| 11.4.4 | Maintain continuous business operations | |||||
| 11.4.5 | Share knowledge of specific risks across other parts of the organization | |||||
Process and performance improvement, helps organizations adapt to rapidly changing environments, build new and better ways to work, and succeed in a competitive marketplace. With a focus on productivity, knowledge management, benchmarking, and quality improvement initiatives, organisations such as the APQC works with its member organizations to identify best practices; discover effective methods of improvement; broadly disseminate findings; and connect individuals with one another and the knowledge, training, and tools they need to succeed.
This APQC Process Classification Framework® (“PCF”) is an open standard developed by APQC, a nonprofit that promotes benchmarking and best practices worldwide. The PCF is intended to facilitate organizational improvement through process management and benchmarking, regardless of industry, size, or geography. To download the full PCF or industry-specific versions of the PCF, as well as associated measures and benchmarking, please visit www.apqc.org/pcf.
