What to take into account in the context of Risk Response?

Risk Response phase focuses on the decisions made to address identified risk.

Firstly, consider having multiple response options.
Secondly, responses need to be supported by appropriate control measure.
Thirdly, learnings from response options need to be an input into the risk management strategy.

When designing Risk Response several factors need be considered:

  • budget,
  • resources,
  • strategic plans,
  • roadmap to implement changes within reasonable schedule.

Risk Practitioner communicates with Risk Owner. It´s crucial that a Risk Owner is a manager or senior executive. Remember that it´s Risk Owner who manages controls!

Risk Ownership vs Risk Accountability

It´s best to use a practical example:

Risk Ownership: The Head of IT Security might be the risk owner for cyber risks, responsible for implementing and managing security measures.

Risk Accountability: The Chief Risk Officer (CRO) or a Risk Management Committee would be accountable for ensuring that the overall risk management framework is effective and that cyber risks are managed in accordance with the organization’s risk appetite and policies.

Leave a Reply

Your email address will not be published.