IIRM Risk Management Framework

IIRM risk management framework aims to assist organisations to manage their risks effectively to improve their  risk management maturity. IIRM risk management framework assists organisations to ensure that risk information derived from processes is adequately reported and used for day to day decision-making at all levels.

What is a risk management framework?

A risk management framework is defined by the ISO Guide 73 as:

"Set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization".

The Guide notes that

1. The foundations include the policy, objectives, mandate and commitment to manage risk.
2. The organisational arrangements include plans, relationships, accountabilities, resources, processes and activities
3. The risk management framework should be embedded within the organisation’s overall strategic and operational policies and practices.

Purpose of a IIRM risk management framework

The purpose of establishing IIRM risk management framework is to ensure that risks are effectively identified and responded to in a manner that is appropriate to:

• the nature of the risks faced by the organisation
• the organisation’s ability to accept and/or manage risk/s
• the resources available to manage risks within the organisation
• the organisation’s culture

IIRM risk management framework helps organisation to improve their risk management maturity.

The key elements of the IIRM risk management framework are:

1. Develop a risk management framework
2. Implement a risk management framework 
3. Review and enhance a risk management framework