Risk management

Plan and implement enterprise processes and procedures to manage risks to the success or integrity of the enterprise.

Methodological Guidelines:

Risk management can be applied to many enterprise functions as well as technical and engineering specialties - such as, but not limited to, information and technology systems, operations, environmental, information and cybersecurity, security, and energy. Risks are also explicitly mentioned in many SFIA skills.

Activities may include, but are not limited to:

risk identification

categorizing and prioritizing risks-their impact and likelihood, and actions to mitigate them

Planning, developing and implementing organizational risk management approaches to ensure the integrity of the business, its products and services, and its end users Communicating risks and mitigating actions to key stakeholders and reporting to them accordingly.

Risk Management: Level 3

Performs key risk management activities. Maintains documentation of risks, threats, vulnerabilities and mitigation measures.

Risk Management: Level 4

Performs risk management activities for a specific function, technical area, or medium complexity project. Identifies risks and vulnerabilities, assesses their impact and likelihood, develops risk mitigation strategies, and reports to the business. Engages subject matter experts and specialists as needed.

Risk Management: Level 5

Plans and implements complex and significant risk management activities within a specific function, technical area, project, or program. Implements consistent and robust risk management processes and reporting to key stakeholders. Engages subject matter experts and specialists as needed. Advises on the organization's approach to risk management.

Risk Management: Level 6.

Plans and manages the implementation of enterprise risk management processes and procedures, tools, and techniques. Addresses enterprise risk and risk mitigation activities in the context of overall business risk and the organization's risk appetite. Provides leadership in risk management at the organizational and business level.

Risk Management: Level 7.

Shapes the organizational risk management strategy. Defines and communicates the organization's risk appetite. Provides resources to implement the organization's risk management strategy. Delegates authority for detailed planning and execution of risk management activities within the organization.