Professional Documents
Culture Documents
Risk MGT Policy Template
Risk MGT Policy Template
POLICY OUTLINE
CHAPTER ONE
1.0 INTRODUCTION....................................................................................................................3
1.1 Background ............................................................................................................................3
1.2 Corporate Governance............................................................................................................4
1.3 Definition of Risk and Risk Management ..............................................................................5
CHAPTER TWO
1. RISK APPETITE
“Risk appetite” means the qualitative and quantitative statements that define the general attitude
within an organization towards the desired level of risk. Risk appetite looks at how much risk a
company is willing to accept.
2. RISK TOLERANCE
“Risk Tolerance” means the maximum level of variation from this desired level of risk that an
undertaking is willing (or possibly able) to accept.
In general, the setting of risk appetite and risk tolerance may be considered as being part of the
same process
Before determining what to do about risks, it must be considered the amount of risk the
organization is prepared to tolerate. This will vary according to the perceived importance of
particular risks.
3. RISK
Risk is ‘the possibility that an event will occur and adversely affect the achievement of objectives’
The risk that an activity would pose if no controls or other mitigating factors were in place (the
gross risk or risk before controls)
4. RISK CONTROL
Control activities are the policies and procedures that help to ensure that risk management
strategies are properly executed.
5. RISK ASSESSMENT
6. RISK MANAGEMENT
Risk management is defined as the process of balancing the risk associated with business activities
with an adequate level of control that will enable the business to meet its objectives.
It is the application of a management system to risk and includes identification, analysis, treatment
and monitoring and evaluation
7. RISK OWNER
Risk owner is the person(s) responsible for managing risks and is usually the person directly
responsible for the strategy, activity or function that relates to the risk.