11 - Manage Enterprise Risk, Compliance, Remediation, and Resiliency

Ensuring that an organization effectively manages its risk. Process groups are aligned with traditional risk management activities.


11.0Manage Enterprise Risk, Compliance, Remediation, and Resiliency
11.1 Manage enterprise risk  
11.1.1  Establish the enterprise risk framework and policies
11.1.1.1   Determine risk tolerance for organization
11.1.1.2   Develop and maintain enterprise risk policies and procedures
11.1.1.3   Identify and implement enterprise risk management tools
11.1.1.4   Coordinate the sharing of risk knowledge across the organization
11.1.1.5   Prepare and report enterprise risk to executive management and board
11.1.2  Oversee and coordinate enterprise risk management activities
11.1.2.1   Identify enterprise level risks
11.1.2.2   Assess risks to determine which to mitigate
11.1.2.3   Develop risk mitigation and management strategy and integrate with existing performance management processes
11.1.2.4   Verify business unit and functional risk mitigation plans are implemented
11.1.2.5   Ensure risks and risk mitigation actions are monitored
11.1.2.6   Report on enterprise risk activities
11.1.2.7   Coordinate business unit and functional risk management activities
11.1.2.8   Ensure that each business unit/function follows the enterprise risk management process
11.1.2.9   Ensure that each business unit/function follows the enterprise risk reporting process
11.1.3  Manage business unit and function risk
11.1.3.1   Identify risks 
11.1.3.2   Assess risks using enterprise risk framework policies and procedures
11.1.3.3   Develop mitigation plans for risks
11.1.3.3.1    Assess adequacy of insurance coverage
11.1.3.4   Implement mitigation plans for risks
11.1.3.5   Monitor risks 
11.1.3.6   Analyze risk activities and update plans
11.1.3.7   Report on risk activities
       
11.2 Manage compliance  
11.2.1  Establish compliance framework and policies
11.2.1.1   Develop enterprise compliance policies and procedures
11.2.1.2   Implement enterprise compliance activities
11.2.1.3   Manage internal audits
11.2.1.4   Maintain controls-related technologies and tools
11.2.2  Manage regulatory compliance 
11.2.2.1   Develop regulatory compliance procedures
11.2.2.2   Identify applicable regulatory requirements
11.2.2.3   Monitor the regulatory environment for changing or emerging regulations
11.2.2.4   Assess current compliance position and identify weaknesses or shortfalls therein
11.2.2.5   Implement missing or stronger regulatory compliance controls and policies
11.2.2.6   Monitor and test regulatory compliance position and existing controls
11.2.2.7   Compile and communicate compliance scorecard(s)
11.2.2.8   Compile and communicate internal and regulatory compliance reports
11.2.2.9   Maintain relationships with regulators as appropriate
       
11.3 Manage remediation efforts  
11.3.1  Create remediation plans 
11.3.2  Contact and confer with experts 
11.3.3  Identify/dedicate resources 
11.3.4  Investigate legal aspects 
11.3.5  Investigate damage cause 
11.3.6  Amend or create policy 
       
11.4 Manage business resiliency  
11.4.1  Develop the business resilience strategy
11.4.2  Perform continuous business operations planning
11.4.3  Test continuous business operations
11.4.4  Maintain continuous business operations
11.4.5  Share knowledge of specific risks across other parts of the organization

Process and performance improvement, helps organizations adapt to rapidly changing environments, build new and better ways to work, and succeed in a competitive marketplace. With a focus on productivity, knowledge management, benchmarking, and quality improvement initiatives, organisations such as the APQC works with its member organizations to identify best practices; discover effective methods of improvement; broadly disseminate findings; and connect individuals with one another and the knowledge, training, and tools they need to succeed.
 
This APQC Process Classification Framework® (“PCF”) is an open standard developed by APQC, a nonprofit that promotes benchmarking and best practices worldwide. The PCF is intended to facilitate organizational improvement through process management and benchmarking, regardless of industry, size, or geography. To download the full PCF or industry-specific versions of the PCF, as well as associated measures and benchmarking, please visit www.apqc.org/pcf.

APQC logo

 

Sponsor information

APQC logo

Latest News