A risk management framework is a key component of an overall governance framework. As the name suggests it focuses on risks faced by the business. Typically, a governance framework will document the approach an organisation takes to managing risks and include details of:
- Risk appetite – being a measure of the level of risk an organisation is willing to assume;
- Risk tolerance – being a measure of the amount of risk an organisation is capable of absorbing; and
- Risks – being details of the types of risk which the organisation faces and seeks to avoid, mitigate or accept.
In developing a risk management framework an organisation should refer to AS ISO 31000:2018 Risk Management Guidelines which sets out the process principles and framework for risk management.