University ERM Framework Development: Risk Management Report
VerifiedAdded on Ā 2022/09/06
|11
|2465
|25
Report
AI Summary
This report presents an Enterprise Risk Management (ERM) framework tailored for a diagnostic center. It begins by emphasizing the importance of strategic risk management, highlighting its benefits such as fostering a risk-focused culture and improving resource utilization. A detailed risk assessment is conducted, identifying potential hazards, likelihood, consequences, and risk levels across various areas like environment, personnel, and testing processes. The report outlines the key components of the risk management framework, including risk identification, measurement, mitigation, governance, and reporting. Furthermore, it describes the implementation process, encompassing steps such as information system categorization, security control selection and implementation, assessment, authorization, and continuous monitoring. The report concludes by summarizing the framework's significance in ensuring the organization's effective functionality and security.
Running head: ERM FRAMEWORK DEVELOPMENT
ERM Framework Development
Name of the Student
Name of the University
Author Note
ERM Framework Development
Name of the Student
Name of the University
Author Note
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
1ERM FRAMEWORK DEVELOPMENT
Table of Contents
Introduction:....................................................................................................................................2
Importance of Strategic Risk Management:....................................................................................2
Risk Assessment:.............................................................................................................................3
Key Component of Risk Management Framework:........................................................................7
Key Steps in the Implementation Process:......................................................................................8
Conclusion:......................................................................................................................................8
References:....................................................................................................................................10
Table of Contents
Introduction:....................................................................................................................................2
Importance of Strategic Risk Management:....................................................................................2
Risk Assessment:.............................................................................................................................3
Key Component of Risk Management Framework:........................................................................7
Key Steps in the Implementation Process:......................................................................................8
Conclusion:......................................................................................................................................8
References:....................................................................................................................................10
2ERM FRAMEWORK DEVELOPMENT
Introduction:
In the current aspects health conditions is one of the major concern in the whole world
and in the England the situation is same (Coulter et al., 2015). Though England is one of the
major developed country in the world, it still faces healthcare related issues. Currently it has
been assessed that 17% of the total population of England is living in the rural areas and this
peoples are facing the most issues regarding the healthcare services. Thus, to solve this issue
previously a proposal of diagnostic centre has been proposed which will be established in rural
areas of England.
While considering these diagnostic centres there are several of risks that can be
associated with this type of organization. Thus, for the diagnostic centre organization it is very
much important to manage the risks in an appropriate manner so that all the risks in this case can
be managed strategically. In this report explanation will be provided regarding why it is
important for the diagnostic centres to strategically manage all types of risks. Also, a risk
assessment will be conducted in this report. The key components of the risk management
framework will be also outlined in this report and the key steps for the implementation process
will be evaluated.
Importance of Strategic Risk Management:
In the current context, the organization is a diagnostic centre which is going to be
established in the rural areas of England. While these diagnostic centres will be operational in the
rural areas of England there can be several of risks which can affect the organization. Thus, it is
important to manage the risks in a proper way. For management of the risks strategic risk
management risks can be utilized. For this reason strategic risk management is very much
important in this case.
The strategic risk management is a specific type of process through which strategic
decision made by an organization are assessed formally for any type of potential risks which can
affect the organization (Bromiley, Rau & McShane, 2016). In this case the strategic risk
management is important for the current diagnostic centres as the business strategy of them
should be the first focus point. If the entire strategy of the organization is at risk, then it is very
much natural that all the other operations of the organizations will be facing subsequent amount
Introduction:
In the current aspects health conditions is one of the major concern in the whole world
and in the England the situation is same (Coulter et al., 2015). Though England is one of the
major developed country in the world, it still faces healthcare related issues. Currently it has
been assessed that 17% of the total population of England is living in the rural areas and this
peoples are facing the most issues regarding the healthcare services. Thus, to solve this issue
previously a proposal of diagnostic centre has been proposed which will be established in rural
areas of England.
While considering these diagnostic centres there are several of risks that can be
associated with this type of organization. Thus, for the diagnostic centre organization it is very
much important to manage the risks in an appropriate manner so that all the risks in this case can
be managed strategically. In this report explanation will be provided regarding why it is
important for the diagnostic centres to strategically manage all types of risks. Also, a risk
assessment will be conducted in this report. The key components of the risk management
framework will be also outlined in this report and the key steps for the implementation process
will be evaluated.
Importance of Strategic Risk Management:
In the current context, the organization is a diagnostic centre which is going to be
established in the rural areas of England. While these diagnostic centres will be operational in the
rural areas of England there can be several of risks which can affect the organization. Thus, it is
important to manage the risks in a proper way. For management of the risks strategic risk
management risks can be utilized. For this reason strategic risk management is very much
important in this case.
The strategic risk management is a specific type of process through which strategic
decision made by an organization are assessed formally for any type of potential risks which can
affect the organization (Bromiley, Rau & McShane, 2016). In this case the strategic risk
management is important for the current diagnostic centres as the business strategy of them
should be the first focus point. If the entire strategy of the organization is at risk, then it is very
much natural that all the other operations of the organizations will be facing subsequent amount
3ERM FRAMEWORK DEVELOPMENT
of risks. Thus, for this reason the diagnostic centres need a strategic type of risk management
procedures. The strategic risk management also evaluates the current trends within the strategic
market (Simons, 2016). Through this, the strategic risk management procedures predicts the
potential risks which can occur in the current business strategy of the diagnostic centre
organizations. It is very much natural that if the diagnostic centres fails to properly minimise the
potential strategic risks it will be facing failures in the current business operations. One type of
strategic risk is not meeting a specific target by a particular date (Kohnke, Sigler & Shoemaker,
2016). For this reason, it is very much important for the diagnostic centres to effectively deal
with the potential strategic risks.
While the diagnostic centres manages the strategic risks they will be also benefitting in
several of ways. One of the main benefit for the diagnostic organization will be development of a
risk focused culture within the organization. By the creation of this type of culture more
credibility to the risk management procedures can be provided as it will be helping to identify the
potential risks. Communication related risks will be also identified through this risk focused
culture (Mok & Saha, 2017). Another benefit of having strategic risk management is improved
perspective and focus on the risks. In this case, an early awareness will be developed regarding a
potential obstacles. Also, in several of cases this type of risk analysis can effectively expose the
projects which are unable to meet their actual goals. Another benefit of strategic risk
management is efficient utilization of the available resources (Sekerci, 2015). In this aspect by
the strategic risk management process corporate risk management programs can be aligned the
everyday risk management process. This will improve the utilization of the existing framework
and the available tools so that critical risk management functions remains consistent. Also, this
risk analysis process includes examination of the weakness and strengths of the project initiated
for the implementation of diagnostic centre. For this reasons it is important for the company to
strategically manage the current risks.
Risk Assessment:
Hazard Description Likeliho
od
Con
sequ
ence
Risk
Level
Current Control Further
Mitigation of
the Risks
Environ The area where Possible (3) High Immediate The area
of risks. Thus, for this reason the diagnostic centres need a strategic type of risk management
procedures. The strategic risk management also evaluates the current trends within the strategic
market (Simons, 2016). Through this, the strategic risk management procedures predicts the
potential risks which can occur in the current business strategy of the diagnostic centre
organizations. It is very much natural that if the diagnostic centres fails to properly minimise the
potential strategic risks it will be facing failures in the current business operations. One type of
strategic risk is not meeting a specific target by a particular date (Kohnke, Sigler & Shoemaker,
2016). For this reason, it is very much important for the diagnostic centres to effectively deal
with the potential strategic risks.
While the diagnostic centres manages the strategic risks they will be also benefitting in
several of ways. One of the main benefit for the diagnostic organization will be development of a
risk focused culture within the organization. By the creation of this type of culture more
credibility to the risk management procedures can be provided as it will be helping to identify the
potential risks. Communication related risks will be also identified through this risk focused
culture (Mok & Saha, 2017). Another benefit of having strategic risk management is improved
perspective and focus on the risks. In this case, an early awareness will be developed regarding a
potential obstacles. Also, in several of cases this type of risk analysis can effectively expose the
projects which are unable to meet their actual goals. Another benefit of strategic risk
management is efficient utilization of the available resources (Sekerci, 2015). In this aspect by
the strategic risk management process corporate risk management programs can be aligned the
everyday risk management process. This will improve the utilization of the existing framework
and the available tools so that critical risk management functions remains consistent. Also, this
risk analysis process includes examination of the weakness and strengths of the project initiated
for the implementation of diagnostic centre. For this reasons it is important for the company to
strategically manage the current risks.
Risk Assessment:
Hazard Description Likeliho
od
Con
sequ
ence
Risk
Level
Current Control Further
Mitigation of
the Risks
Environ The area where Possible (3) High Immediate The area
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
4ERM FRAMEWORK DEVELOPMENT
ment
Risks
diagnosis
performed is not
suitable in nature
rectification of
the testing
environment is
required so that it
becomes suitable
for performing
diagnosis tests.
The ISO
standards can be
followed to make
the environment
test friendly.
where the
tests are
performed
must be
evaluated
periodically
and the
identified
issues with
the
environment
must be
rectified
Environment of
the temperature is
not suitable for
diagnosis
Likely (4) Mediu
m
Temperature of
the testing
environment must
be set to required
criteria on
immediate basis
using the air
conditioning
system
The current
temperature
of the
environment
must be
assessed
before
starting the
test and if
required
temperature
not set then
the tests will
be halted
until required
temperature
is found.
Diagnosis Unlikely (2) High All types of tests Water and
ment
Risks
diagnosis
performed is not
suitable in nature
rectification of
the testing
environment is
required so that it
becomes suitable
for performing
diagnosis tests.
The ISO
standards can be
followed to make
the environment
test friendly.
where the
tests are
performed
must be
evaluated
periodically
and the
identified
issues with
the
environment
must be
rectified
Environment of
the temperature is
not suitable for
diagnosis
Likely (4) Mediu
m
Temperature of
the testing
environment must
be set to required
criteria on
immediate basis
using the air
conditioning
system
The current
temperature
of the
environment
must be
assessed
before
starting the
test and if
required
temperature
not set then
the tests will
be halted
until required
temperature
is found.
Diagnosis Unlikely (2) High All types of tests Water and
5ERM FRAMEWORK DEVELOPMENT
environment is
having bad
lighting and water
quality.
will be halted
until there is
proper lighting
and water. For the
emergency
testings water
should be
arranged from
some other source
having good
quality and
backup lights can
be used for
creating
appropriate
lighting
conditions
the lighting
quality of the
diagnosis
centre will be
evaluated
periodically
for assessing
any type
issues.
Identified
problems will
be fixed
before using
the diagnosis
centre again
Risks
with
testing
personn
el
The testing
personnel is not
having proper
trainings to
perform the
diagnostic tests
Rare (1) High All type of testing
with that
particular testing
personnel will be
halted and new
testing personnel
will be assigned
with having
appropriate
training
Adequate
training will
be provided
to all types of
employees in
the diagnosis
centre
depending on
their job role
and their
current
knowledge
will be also
assessed
environment is
having bad
lighting and water
quality.
will be halted
until there is
proper lighting
and water. For the
emergency
testings water
should be
arranged from
some other source
having good
quality and
backup lights can
be used for
creating
appropriate
lighting
conditions
the lighting
quality of the
diagnosis
centre will be
evaluated
periodically
for assessing
any type
issues.
Identified
problems will
be fixed
before using
the diagnosis
centre again
Risks
with
testing
personn
el
The testing
personnel is not
having proper
trainings to
perform the
diagnostic tests
Rare (1) High All type of testing
with that
particular testing
personnel will be
halted and new
testing personnel
will be assigned
with having
appropriate
training
Adequate
training will
be provided
to all types of
employees in
the diagnosis
centre
depending on
their job role
and their
current
knowledge
will be also
assessed
6ERM FRAMEWORK DEVELOPMENT
periodically
Risks
with
Specime
n
collected
from the
patients
Collected
specimens are not
stored adequately
Possible (3) Mediu
m
Storage procedure
of the specimens
must be revised
for proper
collection of the
specimens
New storage
solutions for
the
specimens
will be
implemented
so that all the
specimens
can be stored
adequately
Collected
specimen are not
suitable for
testing
Rare (1) Low Specimens again
need to be
collected from the
patients again
Collected
specimens
will be cross
checked
during taking
from the
patients
whether it is
suitable or
not for the
testing
purpose
Risks
regardin
g testing
process
Test systems are
providing wrong
results
Unlikely (2) Mediu
m
Current system
must be replaced
on a urgent basis
All the test
system will
be evaluated
using a
sample
specimen
before
starting the
periodically
Risks
with
Specime
n
collected
from the
patients
Collected
specimens are not
stored adequately
Possible (3) Mediu
m
Storage procedure
of the specimens
must be revised
for proper
collection of the
specimens
New storage
solutions for
the
specimens
will be
implemented
so that all the
specimens
can be stored
adequately
Collected
specimen are not
suitable for
testing
Rare (1) Low Specimens again
need to be
collected from the
patients again
Collected
specimens
will be cross
checked
during taking
from the
patients
whether it is
suitable or
not for the
testing
purpose
Risks
regardin
g testing
process
Test systems are
providing wrong
results
Unlikely (2) Mediu
m
Current system
must be replaced
on a urgent basis
All the test
system will
be evaluated
using a
sample
specimen
before
starting the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7ERM FRAMEWORK DEVELOPMENT
actual tests
and a
maintenance
will be
scheduled for
all type of
systems
periodically
The test system
are implemented
wrongly
Unlikely (2) Mediu
m
Utilization of the
system must be
stopped and must
be rectified before
using again
Manual will
be followed
of the test
system
supplier
during
installing the
system
Key Component of Risk Management Framework:
In the current aspect a risk management framework is important so that all the potential
risks in this case can be managed. This risk management framework is consisting some key
components which are important in this context. In this case there are total five key component
which are related with the risk management framework. These five key components are the risk
identification, risk mitigation, risk measurement and assessment, risks governance and risk
reporting and monitoring.
The risk identification is the first key component which it related with identification of
potential risks that the diagnostic centre can face. This can include several of risks including IT
risks, regulatory risks, operational risk, strategic risks and many more other type of risks
(Shrivastava & Rathod, 2017). The second key component is the risk measurement which
provides crucial information on the quantum of the potential risks exposure and the risk
probability occurs due to those exposures. The next key component is the risk mitigation where
actual tests
and a
maintenance
will be
scheduled for
all type of
systems
periodically
The test system
are implemented
wrongly
Unlikely (2) Mediu
m
Utilization of the
system must be
stopped and must
be rectified before
using again
Manual will
be followed
of the test
system
supplier
during
installing the
system
Key Component of Risk Management Framework:
In the current aspect a risk management framework is important so that all the potential
risks in this case can be managed. This risk management framework is consisting some key
components which are important in this context. In this case there are total five key component
which are related with the risk management framework. These five key components are the risk
identification, risk mitigation, risk measurement and assessment, risks governance and risk
reporting and monitoring.
The risk identification is the first key component which it related with identification of
potential risks that the diagnostic centre can face. This can include several of risks including IT
risks, regulatory risks, operational risk, strategic risks and many more other type of risks
(Shrivastava & Rathod, 2017). The second key component is the risk measurement which
provides crucial information on the quantum of the potential risks exposure and the risk
probability occurs due to those exposures. The next key component is the risk mitigation where
8ERM FRAMEWORK DEVELOPMENT
decision is taken regarding which risk need to be mitigated. In the next case risk reporting and
monitoring is the next key component where aggregate and specific risk measurement is done so
that it can be ensured that the risks always remain at the optimal level. For this reason risk
reporting and monitoring is one of the important key component here (Larkin et al., 2019). The
last key component for the risk management framework is the risk governance. The risk
governance ensures that all the employees of diagnostic centres perform their duties as per the
risk management framework. In this way risk can be controlled effectively.
Key Steps in the Implementation Process:
Currently, there are several of key steps associated with the implementation process of
risk management framework. In this case the first step is the information system categorization
(Hopkin, 2018). In this case understanding of the organization is done. The second step is the
selection of security control which are actually the management and technical safeguarding of
the organizational information system. The third step is associated with the implementation of
security control where it is demonstrated that how the controls are implemented (Cagliano,
Grimaldi & Rafele, 2015). The fourth step is the assessment of the security control where it is
determined that which controls are implemented properly. The fifth step of the implementation is
the authorization of the information system. It is actually based on risk determination for the
organizational operations (Zou, Kiviniemi & Jones, 2017). Decision is also taken regarding risk
is acceptable or not. Monitoring of the security control is the last step of risk management
framework implementation where continuous monitoring of the programs are done which helps
the organization to maintain the security of its current assets.
Conclusion:
From the above discussion it can be concluded that enterprise risk management
framework is important to ensure proper functionality of the organizations. In this aspect, first
importance of the strategic risk management framework has been discussed. Following that an
appropriate risk assessment has been done for the diagnostic centres. It the following aspect key
component of the risk management framework has been discussed. In this aspect it has been
assessed that there are total five types of key components for the risk management framework.
Here the five key components are the risk identification, risk mitigation, risk measurement and
assessment, risks governance and risk reporting and monitoring. Further in this report key steps
decision is taken regarding which risk need to be mitigated. In the next case risk reporting and
monitoring is the next key component where aggregate and specific risk measurement is done so
that it can be ensured that the risks always remain at the optimal level. For this reason risk
reporting and monitoring is one of the important key component here (Larkin et al., 2019). The
last key component for the risk management framework is the risk governance. The risk
governance ensures that all the employees of diagnostic centres perform their duties as per the
risk management framework. In this way risk can be controlled effectively.
Key Steps in the Implementation Process:
Currently, there are several of key steps associated with the implementation process of
risk management framework. In this case the first step is the information system categorization
(Hopkin, 2018). In this case understanding of the organization is done. The second step is the
selection of security control which are actually the management and technical safeguarding of
the organizational information system. The third step is associated with the implementation of
security control where it is demonstrated that how the controls are implemented (Cagliano,
Grimaldi & Rafele, 2015). The fourth step is the assessment of the security control where it is
determined that which controls are implemented properly. The fifth step of the implementation is
the authorization of the information system. It is actually based on risk determination for the
organizational operations (Zou, Kiviniemi & Jones, 2017). Decision is also taken regarding risk
is acceptable or not. Monitoring of the security control is the last step of risk management
framework implementation where continuous monitoring of the programs are done which helps
the organization to maintain the security of its current assets.
Conclusion:
From the above discussion it can be concluded that enterprise risk management
framework is important to ensure proper functionality of the organizations. In this aspect, first
importance of the strategic risk management framework has been discussed. Following that an
appropriate risk assessment has been done for the diagnostic centres. It the following aspect key
component of the risk management framework has been discussed. In this aspect it has been
assessed that there are total five types of key components for the risk management framework.
Here the five key components are the risk identification, risk mitigation, risk measurement and
assessment, risks governance and risk reporting and monitoring. Further in this report key steps
9ERM FRAMEWORK DEVELOPMENT
for the risk management framework implementation has been discussed. There are total six key
steps which are the information system categorization, selection of security control,
implementation of security control, assessment of the security control, authorization of the
information system and monitoring of the security control.
for the risk management framework implementation has been discussed. There are total six key
steps which are the information system categorization, selection of security control,
implementation of security control, assessment of the security control, authorization of the
information system and monitoring of the security control.
Secure Best Marks with AI Grader
Need help grading? Try our AI Grader for instant feedback on your assignments.
10ERM FRAMEWORK DEVELOPMENT
References:
Bromiley, P., Rau, D., & McShane, M. K. (2016). Can strategic risk management contribute to
enterprise risk management? A strategic management perspective. A Strategic
Management Perspective (October 20, 2014). Forthcoming: Bromiley, P., Rau, D., and
Mcshane, M, 140-156.
Cagliano, A. C., Grimaldi, S., & Rafele, C. (2015). Choosing project risk management
techniques. A theoretical framework. Journal of Risk Research, 18(2), 232-248.
Coulter, A., Entwistle, V. A., Eccles, A., Ryan, S., Shepperd, S., & Perera, R. (2015).
Personalised care planning for adults with chronic or longāterm health
conditions. Cochrane Database of Systematic Reviews, (3).
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Kohnke, A., Sigler, K., & Shoemaker, D. (2016). Strategic Risk Management Using the NIST
Risk Management Framework. EDPACS, 53(5), 1-6.
Larkin, P., Leiss, W., Arvai, J., Dusseault, M., Fall, M., Gracie, R., ... & Krewski, D. (2019). An
integrated risk assessment and management framework for carbon capture and storage: a
Canadian perspective. International Journal of Risk Assessment and Management, 22(3-
4), 464-508.
Mok, A., & Saha, R. (2017). Strategic risk management in banking. Deloitte Inside Magazine.
Sekerci, N. (2015). Does enterprise risk management create value for firms?. In The Routledge
Companion to Strategic Risk Management (pp. 409-440). Routledge.
Shrivastava, S. V., & Rathod, U. (2017). A risk management framework for distributed agile
projects. Information and software technology, 85, 1-15.
Simons, R. (2016). Strategy Execution Module 14: Managing Strategic Risk.
Zou, Y., Kiviniemi, A., & Jones, S. W. (2017). A review of risk management through BIM and
BIM-related technologies. Safety science, 97, 88-98.
References:
Bromiley, P., Rau, D., & McShane, M. K. (2016). Can strategic risk management contribute to
enterprise risk management? A strategic management perspective. A Strategic
Management Perspective (October 20, 2014). Forthcoming: Bromiley, P., Rau, D., and
Mcshane, M, 140-156.
Cagliano, A. C., Grimaldi, S., & Rafele, C. (2015). Choosing project risk management
techniques. A theoretical framework. Journal of Risk Research, 18(2), 232-248.
Coulter, A., Entwistle, V. A., Eccles, A., Ryan, S., Shepperd, S., & Perera, R. (2015).
Personalised care planning for adults with chronic or longāterm health
conditions. Cochrane Database of Systematic Reviews, (3).
Hopkin, P. (2018). Fundamentals of risk management: understanding, evaluating and
implementing effective risk management. Kogan Page Publishers.
Kohnke, A., Sigler, K., & Shoemaker, D. (2016). Strategic Risk Management Using the NIST
Risk Management Framework. EDPACS, 53(5), 1-6.
Larkin, P., Leiss, W., Arvai, J., Dusseault, M., Fall, M., Gracie, R., ... & Krewski, D. (2019). An
integrated risk assessment and management framework for carbon capture and storage: a
Canadian perspective. International Journal of Risk Assessment and Management, 22(3-
4), 464-508.
Mok, A., & Saha, R. (2017). Strategic risk management in banking. Deloitte Inside Magazine.
Sekerci, N. (2015). Does enterprise risk management create value for firms?. In The Routledge
Companion to Strategic Risk Management (pp. 409-440). Routledge.
Shrivastava, S. V., & Rathod, U. (2017). A risk management framework for distributed agile
projects. Information and software technology, 85, 1-15.
Simons, R. (2016). Strategy Execution Module 14: Managing Strategic Risk.
Zou, Y., Kiviniemi, A., & Jones, S. W. (2017). A review of risk management through BIM and
BIM-related technologies. Safety science, 97, 88-98.
1 out of 11
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
Ā +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Ā© 2024 Ā | Ā Zucol Services PVT LTD Ā | Ā All rights reserved.