�Risk monitoring:In this step, we continuously track and monitor each
of the risks and analyze any risks that, despite our efforts, turn into
incidents.
Unlike other processes where you follow the steps and you’re done, enterprise
risk management is an ongoing and perpetual process, so the final step circles
back to the first step, as shown in Figure 2-2.
The bottom line is that this process provides you with “news you can use”:
actionable information that helps you make better decisions and removes
roadblocks from the projects that are important to you.
Risk planning.........................................................................................
Risk planning is a first step in any enterprise risk management process. It typ-
ically involves defining the boundaries of the risk assessment, deciding who
should participate, and capturing any assumptions or constraints about the
business activity. The planning process also helps organizations establish
their risk appetite and risk thresholds and helps them define their process
to manage their risks more strategically and effectively.
Proper risk planning helps drive consistency across the organization in terms
of how risks are defined and managed. Part of the planning process is to
ensure that risks are aligned with corporate goals. A historical challenge of
risk management was that risks have not been aligned with corporate strat-
egy, and therefore management of these risks did not proactively and strate-
gically support the enterprise.
Figure 2-2:
The Risk
Manage-
ment
Process.
54 Part I: Governance, Risk, and Compliance Demystified
