11.1 - Manage enterprise risk
PCF ID: 17060 | Elements: 26 | Metrics Available: Y | Benchmarkable: 1
Definition
Creating requisite frameworks and coordinating all risk management activities for the entire organization and each function. Manage the enterprise risk by outlining the risk policies and procedures. Monitor and communicate all risk management activities. Encourage correspondence among the business units. Manage the risk of all business units and functions.
Overview
This process group covers manage enterprise risk within the broader context of Manage Enterprise Risk, Compliance, Remediation, and Resiliency.
Process Hierarchy
Processes
| ID | Process | PCF ID | Sub-elements | Metrics |
|---|---|---|---|---|
| 11.1.1 | Establish the enterprise risk framework and policies | 16439 | 5 | N |
| 11.1.2 | Oversee and coordinate enterprise risk management activities | 16445 | 9 | N |
| 11.1.3 | Manage business unit and function risk | 17462 | 8 | N |
11.1.1 - Establish the enterprise risk framework and policies
PCF ID: 16439
Definition: Creating an agenda for the rules and regulations of enterprise risk that deal with hazardous, financial, operational, and strategic risks.
| ID | Activity | PCF ID | Tasks | Metrics |
|---|---|---|---|---|
| 11.1.1.1 | Determine risk tolerance for organization | 16440 | 0 | N |
| 11.1.1.2 | Develop and maintain enterprise risk policies and procedures | 16441 | 0 | N |
| 11.1.1.3 | Identify and implement enterprise risk management tools | 16442 | 0 | N |
| 11.1.1.4 | Coordinate the sharing of risk knowledge across the organization | 16443 | 0 | N |
| 11.1.1.5 | Prepare and report enterprise risk to executive management and board | 16444 | 0 | N |
11.1.1.1 - Determine risk tolerance for organization
Definition: Recognizing the organization's tolerance for risk, given risk-return trade-offs for one or more anticipated and predictable consequences.
11.1.1.2 - Develop and maintain enterprise risk policies and procedures
Definition: Establishing and maintaining the policies and procedures for managing risk. Create rules and regulations for enterprise risk dealing with hazardous, financial, operational, and strategic risks.
11.1.1.3 - Identify and implement enterprise risk management tools
Definition: Recognizing and implementing tools for managing risk. Identify and apply enterprise risk management tools. Leverage methods and processes to manage risks and opportunities associated with business objectives.
11.1.1.4 - Coordinate the sharing of risk knowledge across the organization
Definition: Communicating the knowledge about risk within the organization. Identify operational risks. Share risk information within the organization.
11.1.1.5 - Prepare and report enterprise risk to executive management and board
Definition: Preparing and presenting reports about enterprise risk to the management of the organization. Create reports for management on hazard risks (e.g., property damage and liability torts), financial risks (e.g., currency and liquidity risks), and operational risks (e.g., product failure, customer satisfaction, social trends, and competition).
11.1.2 - Oversee and coordinate enterprise risk management activities
PCF ID: 16445
Definition: Coordinating to plan, organize, lead, and control the activities of an organization in order to minimize the special effects of risk on capital and earnings.
| ID | Activity | PCF ID | Tasks | Metrics |
|---|---|---|---|---|
| 11.1.2.1 | Identify enterprise level risks | 16446 | 0 | N |
| 11.1.2.2 | Assess risks to determine which to mitigate | 16447 | 0 | N |
| 11.1.2.3 | Develop risk mitigation and management strategy and integrate with existing performance management processes | 16448 | 0 | N |
| 11.1.2.4 | Verify business unit and functional risk mitigation plans are implemented | 16449 | 0 | N |
| 11.1.2.5 | Ensure risks and risk mitigation actions are monitored | 16450 | 0 | N |
| 11.1.2.6 | Report on enterprise risk activities | 16451 | 0 | N |
| 11.1.2.7 | Coordinate business unit and functional risk management activities | 16452 | 0 | N |
| 11.1.2.8 | Ensure that each business unit/function follows the enterprise risk management process | 16453 | 0 | N |
| 11.1.2.9 | Ensure that each business unit/function follows the enterprise risk reporting process | 16454 | 0 | N |
11.1.2.1 - Identify enterprise level risks
Definition: Determining risks that could thwart objectives. Document and communicate the concern.
11.1.2.2 - Assess risks to determine which to mitigate
Definition: Identifying options/actions to enhance opportunities and reduce threats. Recognize the root reasons of the identified risks.
11.1.2.3 - Develop risk mitigation and management strategy and integrate with existing performance management processes
Definition: Developing activities to improve opportunities and lessen threats. Specify the organization's objectives. Evolve strategies and policies to attain these objectives. Assign resources to project objectives.
11.1.2.4 - Verify business unit and functional risk mitigation plans are implemented
Definition: Checking that the blueprint created for managing risk in individual business units and divisions is correctly effectuated. Validate the implementation of all activities geared to mitigate risks.
11.1.2.5 - Ensure risks and risk mitigation actions are monitored
Definition: Ensuring risk monitoring and mitigation activities. Monitor actions to enhance opportunities and reduce threats to project objectives.
11.1.2.6 - Report on enterprise risk activities
Definition: Creating a report of activities to address hazard risks, liability torts, financial risks, operational risks, social trends, competition, etc.
11.1.2.7 - Coordinate business unit and functional risk management activities
Definition: Coordinating risk management activities to improve opportunities and lessen threats. Specify the organization's objectives. Assign resources to project objectives.
11.1.2.8 - Ensure that each business unit/function follows the enterprise risk management process
Definition: Checking each business unit's/function's options and activities to improve opportunities and lessen threats.
11.1.2.9 - Ensure that each business unit/function follows the enterprise risk reporting process
Definition: Checking the reporting process of each business unit's/function's options and activities to improve opportunities and lessen threats.
11.1.3 - Manage business unit and function risk
PCF ID: 17462
Definition: Analyzing the threats a business unit/function faces to prioritize the controls it implements..
| ID | Activity | PCF ID | Tasks | Metrics |
|---|---|---|---|---|
| 11.1.3.1 | Identify risks | 16456 | 0 | N |
| 11.1.3.2 | Assess risks using enterprise risk framework policies and procedures | 16457 | 0 | N |
| 11.1.3.3 | Develop mitigation plans for risks | 16458 | 1 | N |
| 11.1.3.4 | Implement mitigation plans for risks | 16459 | 0 | N |
| 11.1.3.5 | Monitor risks | 16460 | 0 | N |
| 11.1.3.6 | Analyze risk activities and update plans | 16461 | 0 | N |
| 11.1.3.7 | Report on risk activities | 16462 | 0 | N |
11.1.3.1 - Identify risks
Definition: Developing a timely and continuous process to identify activities that might hinder a project's goals.
11.1.3.2 - Assess risks using enterprise risk framework policies and procedures
Definition: Determining the possibility that a specified undesirable event will occur using established tools, implements, and frameworks. Use risk assessments to determine, for example, whether to undertake a particular venture, what rate of return a particular investment requires, and how to mitigate an activity's potential losses.
11.1.3.3 - Develop mitigation plans for risks (1 tasks)
Definition: Developing possibilities and arrangements to improve opportunities and reduce deviations to project objectives.
| ID | Task | PCF ID | Definition |
|---|---|---|---|
| 11.1.3.3.1 | Assess adequacy of insurance coverage | 18129 | Evaluating the changing needs for insurance coverage. Research available insuran... |
11.1.3.4 - Implement mitigation plans for risks
Definition: Executing mitigation plans to improve opportunities and reduce deviations to project objectives.
11.1.3.5 - Monitor risks
Definition: Identifying, examining, and recognizing/justifying any improbability in investment decision making.
11.1.3.6 - Analyze risk activities and update plans
Definition: Examining the impact of risk activities in order to update the existing scheme of risk management. Analyze and substantiate the potential for adverse consequences to occur. Consider the risks associated with the activity and the methods available to manage those risks.
11.1.3.7 - Report on risk activities
Definition: Creating reports on risk activities, and communicating them to management. Prepare reports on the potential for adverse safety consequences.
Change Summary (v7.2.1 vs v6.1.1)
Changes indicated by:
+XXXXX- New element added-XXXXX- Element removedcXXXXX- Element changedNEW- Newly introduced
Complete Element List with Definitions
All 26 elements
| ID | Name | Definition |
|---|---|---|
| 11.1 | Manage enterprise risk | Creating requisite frameworks and coordinating all risk management activities for the entire organiz... |
| 11.1.1 | Establish the enterprise risk framework ... | Creating an agenda for the rules and regulations of enterprise risk that deal with hazardous, financ... |
| 11.1.1.1 | Determine risk tolerance for organizatio... | Recognizing the organization's tolerance for risk, given risk-return trade-offs for one or more anti... |
| 11.1.1.2 | Develop and maintain enterprise risk pol... | Establishing and maintaining the policies and procedures for managing risk. Create rules and regulat... |
| 11.1.1.3 | Identify and implement enterprise risk m... | Recognizing and implementing tools for managing risk. Identify and apply enterprise risk management ... |
| 11.1.1.4 | Coordinate the sharing of risk knowledge... | Communicating the knowledge about risk within the organization. Identify operational risks. Share ri... |
| 11.1.1.5 | Prepare and report enterprise risk to ex... | Preparing and presenting reports about enterprise risk to the management of the organization. Create... |
| 11.1.2 | Oversee and coordinate enterprise risk m... | Coordinating to plan, organize, lead, and control the activities of an organization in order to mini... |
| 11.1.2.1 | Identify enterprise level risks | Determining risks that could thwart objectives. Document and communicate the concern. |
| 11.1.2.2 | Assess risks to determine which to mitig... | Identifying options/actions to enhance opportunities and reduce threats. Recognize the root reasons ... |
| 11.1.2.3 | Develop risk mitigation and management s... | Developing activities to improve opportunities and lessen threats. Specify the organization's object... |
| 11.1.2.4 | Verify business unit and functional risk... | Checking that the blueprint created for managing risk in individual business units and divisions is ... |
| 11.1.2.5 | Ensure risks and risk mitigation actions... | Ensuring risk monitoring and mitigation activities. Monitor actions to enhance opportunities and red... |
| 11.1.2.6 | Report on enterprise risk activities | Creating a report of activities to address hazard risks, liability torts, financial risks, operation... |
| 11.1.2.7 | Coordinate business unit and functional ... | Coordinating risk management activities to improve opportunities and lessen threats. Specify the org... |
| 11.1.2.8 | Ensure that each business unit/function ... | Checking each business unit's/function's options and activities to improve opportunities and lessen ... |
| 11.1.2.9 | Ensure that each business unit/function ... | Checking the reporting process of each business unit's/function's options and activities to improve ... |
| 11.1.3 | Manage business unit and function risk | Analyzing the threats a business unit/function faces to prioritize the controls it implements.. |
| 11.1.3.1 | Identify risks | Developing a timely and continuous process to identify activities that might hinder a project's goal... |
| 11.1.3.2 | Assess risks using enterprise risk frame... | Determining the possibility that a specified undesirable event will occur using established tools, i... |
| 11.1.3.3 | Develop mitigation plans for risks | Developing possibilities and arrangements to improve opportunities and reduce deviations to project ... |
| 11.1.3.3.1 | Assess adequacy of insurance coverage | Evaluating the changing needs for insurance coverage. Research available insurance providers and off... |
| 11.1.3.4 | Implement mitigation plans for risks | Executing mitigation plans to improve opportunities and reduce deviations to project objectives. |
| 11.1.3.5 | Monitor risks | Identifying, examining, and recognizing/justifying any improbability in investment decision making. |
| 11.1.3.6 | Analyze risk activities and update plans | Examining the impact of risk activities in order to update the existing scheme of risk management. A... |
| 11.1.3.7 | Report on risk activities | Creating reports on risk activities, and communicating them to management. Prepare reports on the po... |
Back to: Category 11.0 - Manage Enterprise Risk, Compliance, Remediation, and Resiliency | APQC PCF Overview | Full Glossary