11.0 Manage Enterprise Risk, Compliance, Remediation, and Resiliency (16437)
11.1 Manage enterprise risk (17060)
11.1.1 Establish the enterprise risk framework and policies (16439)
- 11.1.1.1 Determine risk tolerance for organization (16440)
- 11.1.1.2 Develop and maintain enterprise risk policies and procedures (16441)
- 11.1.1.3 Identify and implement enterprise risk management tools (16442)
- 11.1.1.4 Coordinate the sharing of risk knowledge across the organization (16443)
- 11.1.1.5 Prepare and report enterprise risk to executive management and board (16444)
11.1.2 Oversee and coordinate enterprise risk management activities (16445)
- 11.1.2.1 Identify enterprise level risks (16446)
- 11.1.2.2 Assess risks to determine which to mitigate (16447)
- 11.1.2.3 Develop risk mitigation and management strategy and integrate with existing performance management processes (16448)
- 11.1.2.4 Verify business unit and functional risk mitigation plans are implemented (16449)
- 11.1.2.5 Ensure risks and risk mitigation actions are monitored (16450)
- 11.1.2.6 Report on enterprise risk activities (16451)
- 11.1.2.7 Coordinate business unit and functional risk management activities (16452)
- 11.1.2.8 Ensure that each business unit/function follows the enterprise risk management process (16453)
- 11.1.2.9 Ensure that each business unit/function follows the enterprise risk reporting process (16454)
11.1.3 Manage business unit and function risk (17462)
- 11.1.3.1 Identify risks (16456)
- 11.1.3.2 Assess risks using enterprise risk framework policies and procedures (16457)
- 11.1.3.3 Develop mitigation plans for risks (16458)
- 11.1.3.3.1 Assess adequacy of insurance coverage (18129)
- 11.1.3.4 Implement mitigation plans for risks (16459)
- 11.1.3.5 Monitor risks (16460)
- 11.1.3.6 Analyze risk activities and update plans (16461)
- 11.1.3.7 Report on risk activities (16462)
11.2 Manage compliance (17467)
11.2.1 Establish compliance framework and policies (17468)
- 11.2.1.1 Develop enterprise compliance policies and procedures (17469)
- 11.2.1.2 Implement enterprise compliance activities (17470)
- 11.2.1.3 Manage internal audits (14133)
- 11.2.1.4 Maintain controls-related technologies and tools (14137)
11.2.2 Manage regulatory compliance (16463)
- 11.2.2.1 Develop regulatory compliance procedures (16464)
- 11.2.2.2 Identify applicable regulatory requirements (16465)
- 11.2.2.3 Monitor the regulatory environment for changing or emerging regulations (16466)
- 11.2.2.4 Assess current compliance position and identify weaknesses or shortfalls therein (16467)
- 11.2.2.5 Implement missing or stronger regulatory compliance controls and policies (16468)
- 11.2.2.6 Monitor and test regulatory compliance position and existing controls (16469)
- 11.2.2.7 Compile and communicate compliance scorecard(s) (19595)
- 11.2.2.8 Compile and communicate internal and regulatory compliance reports (19596)
- 11.2.2.9 Maintain relationships with regulators as appropriate (16470)
11.3 Manage remediation efforts (11185)
11.3.1 Create remediation plans (11201)
11.3.2 Contact and confer with experts (11202)
11.3.3 Identify/dedicate resources (11203)
11.3.4 Investigate legal aspects (11204)
11.3.5 Investigate damage cause (11205)
11.3.6 Amend or create policy (11206)
11.4 Manage business resiliency (11216)
11.4.1 Develop the business resilience strategy (11221)
11.4.2 Perform continuous business operations planning (11222)
11.4.3 Test continuous business operations (11223)
11.4.4 Maintain continuous business operations (11224)
11.4.5 Share knowledge of specific risks across other parts of the organization (16471)
Page 29 of 35 | © 2024 APQC. ALL RIGHTS RESERVED.