Risk Management Context
The risk management project must acknowledge the enterprise objectives that are relevant to the project. It must also consider the necessity of balancing costs, benefits and opportunities.
A project is a part of a system whose study is entrusted to the same team.
The responsibility of management in relation to risks taken by their enterprise not only imposes the installation of control systems to enable risk management, but also their demonstration at audit and attachment to the corresponding paragraphs of regulations.
Control systems imposed by regulations (Sarbanes-Oxley Act, etc.), by clients (ISO 9000 certification), or by sectorial control systems (Basel II in the banking sector, etc.) can be superimposed on the control systems implemented in an enterprise
A control system is a set of controls that ensure risk prevention and management, application of internal operating rules, respect a law or regulation, or work towards achievement of an objective as defined by company strategy. Examples: the quality control system, the control system relating to IT and Privacy, the management control system, the internal audit system.
Last but not least, the description of the internal context in which the risk management process operates can be supplemented by the description of existing control systems.
During risk management projects, existing control systems will be reviewed and new control systems may be created.
For more details on projects, see "Risk Management Projects".