Planning, designing and implementing an overall risk management process for the organization
Risk assessment, which involves analyzing risks as well as identifying, describing and estimating the risks affecting the business
Risk evaluation, which involves comparing estimated risks with criteria established by the organization such as costs, legal requirements and environmental factors, and evaluating the organization’s previous handling of risks
Risk reporting in an appropriate way for different audiences, for example to the board of directors so they understand the most significant risks, to business heads to ensure they are aware of risks relevant to their parts of the business and to individuals to understand their accountability for individual risks
Corporate governance involving external risk reporting to stakeholders
Carrying out processes such as recommending insurance plan, implementing health and safety measures and making business continuity plans to limit risks and preparefor if things go wrong
Conducting audits of policy and compliance to standards, including liaison with internaland external auditors
Providing support, education and training to staff to build risk awareness within the organization