Risk
While the COMPLIANCE function identifies requirements an organization must adhere to (e.g., laws, regulations, frameworks, contractual agreements, internal dictates, etc.) and the GOVERNANCE function provides ongoing oversight to hold stakeholders accountable, the RISK function is integral in maintaining situational awareness for the organization to remain secure, compliant and resilient.
RISK FUNCTION
As part of that situational awareness role, the RISK function is generally tasked with the following responsibilities:
- Work with the organization's executive leadership to define:
- Risk tolerance;
- Risk appetite; and
- Risk threshold.
- Work with Enterprise Risk Management (ERM) to standardize risk management practices across the organization.
- Develop the organization's Risk Management Program (RMP), including a strategy to address:
- Supply Chain Risk Management (SCRM);
- Data Privacy Impact Assessments (DPIA); and
- Mergers, Acquisitions and Divestitures (MA&D).
- Develop a cybersecurity risk assessment methodology that the organization will follow.
- Develop Third-Party Risk Management (TPRM) practices to assess security risks from third-parties, prior to doing business with the organization.
- Contribute to the organization's centralized "risk register" as risks are identified from ongoing risk assessments.
- Publish organization-specific risk assessment practices for project development and other initiatives that require risk assessments to be performed.
- Perform risk assessments, including TPRM reviews.
** SPONSORED CONTENT **
