11.0 - Manage Enterprise Risk, Compliance, Remediation, and Resiliency
PCF Category: 11.0
Total Elements: 56
Hierarchy Depth: Up to 3 levels
Overview
This category encompasses all processes related to manage enterprise risk, compliance, remediation, and resiliency within an enterprise.
Process Groups (Level 1)
| Hierarchy ID | Process Group | Sub-Elements |
|---|---|---|
| 11.0 | Manage Enterprise Risk, Compliance, Remediation, and Resiliency | 0 |
| 11.1 | Manage enterprise risk | 25 |
| 11.2 | Manage compliance | 15 |
| 11.3 | Manage remediation efforts | 6 |
| 11.4 | Manage business resiliency | 5 |
Detailed Process Hierarchy
11.0 - Manage Enterprise Risk, Compliance, Remediation, and Resiliency
PCF ID: 16437
11.1 - Manage enterprise risk
PCF ID: 17060
| ID | Process | PCF ID | Metrics |
|---|---|---|---|
| 11.1.1 | Establish the enterprise risk framework and policies | 16439 | N |
| 11.1.2 | Oversee and coordinate enterprise risk management activities | 16445 | N |
| 11.1.3 | Manage business unit and function risk | 17462 | N |
11.1.1 - Establish the enterprise risk framework and policies (5 elements)
| ID | Process | PCF ID |
|---|---|---|
| 11.1.1.1 | Determine risk tolerance for organization | 16440 |
| 11.1.1.2 | Develop and maintain enterprise risk policies and procedures | 16441 |
| 11.1.1.3 | Identify and implement enterprise risk management tools | 16442 |
| 11.1.1.4 | Coordinate the sharing of risk knowledge across the organization | 16443 |
| 11.1.1.5 | Prepare and report enterprise risk to executive management and board | 16444 |
11.1.2 - Oversee and coordinate enterprise risk management activities (9 elements)
| ID | Process | PCF ID |
|---|---|---|
| 11.1.2.1 | Identify enterprise level risks | 16446 |
| 11.1.2.2 | Assess risks to determine which to mitigate | 16447 |
| 11.1.2.3 | Develop risk mitigation and management strategy and integrate with existing performance management processes | 16448 |
| 11.1.2.4 | Verify business unit and functional risk mitigation plans are implemented | 16449 |
| 11.1.2.5 | Ensure risks and risk mitigation actions are monitored | 16450 |
| 11.1.2.6 | Report on enterprise risk activities | 16451 |
| 11.1.2.7 | Coordinate business unit and functional risk management activities | 16452 |
| 11.1.2.8 | Ensure that each business unit/function follows the enterprise risk management process | 16453 |
| 11.1.2.9 | Ensure that each business unit/function follows the enterprise risk reporting process | 16454 |
11.1.3 - Manage business unit and function risk (8 elements)
| ID | Process | PCF ID |
|---|---|---|
| 11.1.3.1 | Identify risks | 16456 |
| 11.1.3.2 | Assess risks using enterprise risk framework policies and procedures | 16457 |
| 11.1.3.3 | Develop mitigation plans for risks | 16458 |
| 11.1.3.3.1 | Assess adequacy of insurance coverage | 18129 |
| 11.1.3.4 | Implement mitigation plans for risks | 16459 |
| 11.1.3.5 | Monitor risks | 16460 |
| 11.1.3.6 | Analyze risk activities and update plans | 16461 |
| 11.1.3.7 | Report on risk activities | 16462 |
11.2 - Manage compliance
PCF ID: 17467
| ID | Process | PCF ID | Metrics |
|---|---|---|---|
| 11.2.1 | Establish compliance framework and policies | 17468 | N |
| 11.2.2 | Manage regulatory compliance | 16463 | N |
11.2.1 - Establish compliance framework and policies (4 elements)
| ID | Process | PCF ID |
|---|---|---|
| 11.2.1.1 | Develop enterprise compliance policies and procedures | 17469 |
| 11.2.1.2 | Implement enterprise compliance activities | 17470 |
| 11.2.1.3 | Manage internal audits | 14133 |
| 11.2.1.4 | Maintain controls-related technologies and tools | 14137 |
11.2.2 - Manage regulatory compliance (9 elements)
| ID | Process | PCF ID |
|---|---|---|
| 11.2.2.1 | Develop regulatory compliance procedures | 16464 |
| 11.2.2.2 | Identify applicable regulatory requirements | 16465 |
| 11.2.2.3 | Monitor the regulatory environment for changing or emerging regulations | 16466 |
| 11.2.2.4 | Assess current compliance position and identify weaknesses or shortfalls therein | 16467 |
| 11.2.2.5 | Implement missing or stronger regulatory compliance controls and policies | 16468 |
| 11.2.2.6 | Monitor and test regulatory compliance position and existing controls | 16469 |
| 11.2.2.7 | Compile and communicate compliance scorecard(s) | 19595 |
| 11.2.2.8 | Compile and communicate internal and regulatory compliance reports | 19596 |
| 11.2.2.9 | Maintain relationships with regulators as appropriate | 16470 |
11.3 - Manage remediation efforts
PCF ID: 11185
| ID | Process | PCF ID | Metrics |
|---|---|---|---|
| 11.3.1 | Create remediation plans | 11201 | N |
| 11.3.2 | Contact and confer with experts | 11202 | N |
| 11.3.3 | Identify/dedicate resources | 11203 | N |
| 11.3.4 | Investigate legal aspects | 11204 | N |
| 11.3.5 | Investigate damage cause | 11205 | N |
| 11.3.6 | Amend or create policy | 11206 | N |
11.4 - Manage business resiliency
PCF ID: 11216
| ID | Process | PCF ID | Metrics |
|---|---|---|---|
| 11.4.1 | Develop the business resilience strategy | 11221 | N |
| 11.4.2 | Perform continuous business operations planning | 11222 | N |
| 11.4.3 | Test continuous business operations | 11223 | N |
| 11.4.4 | Maintain continuous business operations | 11224 | N |
| 11.4.5 | Share knowledge of specific risks across other parts of the organization | 16471 | N |
Change Summary (v7.2.1 vs v6.1.1)
Changes are indicated by:
+XXXXX- New element added (PCF ID)-XXXXX- Element removedcXXXXX- Element changedNEW- Newly introduced in v7.2.1
Full Process List
Complete 56 elements
| Hierarchy ID | Name | PCF ID | Change |
|---|---|---|---|
| 11.0 | Manage Enterprise Risk, Compliance, Remediation, and Resilie... | 16437 | RENAME, WAS:Manage Enterprise Risk, Compliance, Remediation and Resiliency |
| 11.1 | Manage enterprise risk | 17060 | - |
| 11.1.1 | Establish the enterprise risk framework and policies | 16439 | - |
| 11.1.1.1 | Determine risk tolerance for organization | 16440 | - |
| 11.1.1.2 | Develop and maintain enterprise risk policies and procedures | 16441 | - |
| 11.1.1.3 | Identify and implement enterprise risk management tools | 16442 | - |
| 11.1.1.4 | Coordinate the sharing of risk knowledge across the organiza... | 16443 | - |
| 11.1.1.5 | Prepare and report enterprise risk to executive management a... | 16444 | - |
| 11.1.2 | Oversee and coordinate enterprise risk management activities | 16445 | c16448, c16451 |
| 11.1.2.1 | Identify enterprise level risks | 16446 | - |
| 11.1.2.2 | Assess risks to determine which to mitigate | 16447 | - |
| 11.1.2.3 | Develop risk mitigation and management strategy and integrat... | 16448 | RENAME, WAS:Develop risk mitigation and management strategy, and integrate with existing performance management processes |
| 11.1.2.4 | Verify business unit and functional risk mitigation plans ar... | 16449 | - |
| 11.1.2.5 | Ensure risks and risk mitigation actions are monitored | 16450 | - |
| 11.1.2.6 | Report on enterprise risk activities | 16451 | RENAME, WAS:Report on risk activities |
| 11.1.2.7 | Coordinate business unit and functional risk management acti... | 16452 | - |
| 11.1.2.8 | Ensure that each business unit/function follows the enterpri... | 16453 | - |
| 11.1.2.9 | Ensure that each business unit/function follows the enterpri... | 16454 | - |
| 11.1.3 | Manage business unit and function risk | 17462 | - |
| 11.1.3.1 | Identify risks | 16456 | - |
| 11.1.3.2 | Assess risks using enterprise risk framework policies and pr... | 16457 | - |
| 11.1.3.3 | Develop mitigation plans for risks | 16458 | +18129 |
| 11.1.3.3.1 | Assess adequacy of insurance coverage | 18129 | NEW |
| 11.1.3.4 | Implement mitigation plans for risks | 16459 | - |
| 11.1.3.5 | Monitor risks | 16460 | - |
| 11.1.3.6 | Analyze risk activities and update plans | 16461 | - |
| 11.1.3.7 | Report on risk activities | 16462 | - |
| 11.2 | Manage compliance | 17467 | - |
| 11.2.1 | Establish compliance framework and policies | 17468 | - |
| 11.2.1.1 | Develop enterprise compliance policies and procedures | 17469 | - |
| 11.2.1.2 | Implement enterprise compliance activities | 17470 | - |
| 11.2.1.3 | Manage internal audits | 14133 | - |
| 11.2.1.4 | Maintain controls-related technologies and tools | 14137 | - |
| 11.2.2 | Manage regulatory compliance | 16463 | +19595, +19596, c16467, c16469 |
| 11.2.2.1 | Develop regulatory compliance procedures | 16464 | - |
| 11.2.2.2 | Identify applicable regulatory requirements | 16465 | - |
| 11.2.2.3 | Monitor the regulatory environment for changing or emerging ... | 16466 | - |
| 11.2.2.4 | Assess current compliance position and identify weaknesses o... | 16467 | RENAME, WAS:Assess current compliance position, and identify weaknesses or shortfalls therein |
| 11.2.2.5 | Implement missing or stronger regulatory compliance controls... | 16468 | - |
| 11.2.2.6 | Monitor and test regulatory compliance position and existing... | 16469 | RENAME, WAS:Monitor and test, on an ongoing and scheduled basis, regulatory compliance position and existing controls, defining controls that should be added, removed, or modified as required |
| 11.2.2.7 | Compile and communicate compliance scorecard(s) | 19595 | NEW |
| 11.2.2.8 | Compile and communicate internal and regulatory compliance r... | 19596 | NEW |
| 11.2.2.9 | Maintain relationships with regulators as appropriate | 16470 | - |
| 11.3 | Manage remediation efforts | 11185 | - |
| 11.3.1 | Create remediation plans | 11201 | - |
| 11.3.2 | Contact and confer with experts | 11202 | - |
| 11.3.3 | Identify/dedicate resources | 11203 | - |
| 11.3.4 | Investigate legal aspects | 11204 | - |
| 11.3.5 | Investigate damage cause | 11205 | - |
| 11.3.6 | Amend or create policy | 11206 | - |
| 11.4 | Manage business resiliency | 11216 | - |
| 11.4.1 | Develop the business resilience strategy | 11221 | - |
| 11.4.2 | Perform continuous business operations planning | 11222 | - |
| 11.4.3 | Test continuous business operations | 11223 | - |
| 11.4.4 | Maintain continuous business operations | 11224 | - |
| 11.4.5 | Share knowledge of specific risks across other parts of the ... | 16471 | - |
Back to: APQC PCF Overview