Nate-GB

Search

Search IconIcon to open search

Risk Management

Last updated Feb 27, 2023

# Risk management is the process for identifying, assessing, and mitigation vulnerabilities and threats to the essential functions that a business must perform to serve its customers

There are 5 main phases to risk management:

  1. Identify mission-essential functions
  2. Identify vulnerabilities
  3. Identify threats
  4. Analyze business impacts
  5. Identify risk response

Both Likelihood and Impact must be assessed.

Because risk management is so complex, it’s treated differently in companies of different sizes and with different regulatory and compliance requirements. Thus, most companies implement some for of Enterprise Risk Management policies and procedures. These legislative and framework compliance requirements are often formalized as a Risk and Control Self-Assessment. These RCSAs may be lead either by the organization implementing them, or by an external party. In the case of an external party, it is simply referred to as a Risk and Control Assessment.