CERM ® RISK INSIGHTS

Tailor the responses to your specific context – organisation, industry and country – and consult with professionals or experts for specific advice or guidance. Be creative in exploring different prompts. 

1. Risk governance

• “Act as a CEO and write a business-focused practical risk management policy according to ISO 31000 for [web page URL].”
• “Act as a CEO and write a comprehensive risk strategy for [web page URL]. The strategy must detail all steps, actions, and deliverables to be produced including performance indicators to monitor progress and for reporting purposes. A risk management strategy is a structured approach to addressing risks and can be used in companies of all sizes and across any industry.”
• “Create a risk universe for [web page URL]. The risk universe is the list of risks the company faces or might face. This risk universe can be used as a checklist to identify, consolidate and aggregate risk events across the organisation for reporting and monitoring. Tell me how to apply the risk universe.”
• “What are the key components of a robust risk governance framework for a company with [number of employees] operating in the [industry] in [country]? How can we establish a structure that promotes effective risk management throughout the organisation?”
• “What roles and responsibilities should be defined for effective risk governance? How can we allocate accountability and ensure clear ownership of risks, controls and treatments?”
• “How can the board and senior management effectively engage in risk governance? What practices or mechanisms can be implemented to promote their active involvement?”
• “How can we define and communicate the organisation’s risk appetite and tolerance levels? What considerations should be considered when establishing these parameters?”
• “What policies and procedures should be developed to guide risk governance activities? How can we ensure they align with industry best practices and regulatory requirements?”
• “What reporting mechanisms should be in place to provide regular updates on risk governance activities? How can we effectively communicate risk information to relevant stakeholders?”
• “How can we foster a strong risk culture within the organisation? What initiatives can be implemented to promote risk awareness and encourage risk-conscious behaviours?”
• “What mechanisms should be established to monitor and review the effectiveness of risk governance practices? How can we ensure continuous improvement in risk management?”
• “Create a comprehensive business continuity and resilience strategy for [web page URL] that incorporates the managing of third-party and supply chain risks that complies with the requirements of ISO 22301.”
• “What are the steps to take to move from risk management 1.0 to risk management 2.0 and 3.0?”

Continue reading →