Agile Risk Management
This White Paper examines what risk management could potentially do better and introduces the concepts of
› Traditional risk management – built from the risk management common body of knowledge using traditional methods but over-engineered, slow to react, and not dynamic.
› Agile risk management – adopting new ways of working for risk management practitioners to foster stakeholder engagement and collaboration through the use of dynamic methods.
What is Risk Management?
Risk is the effect of uncertainty on objectives, with
› An effect being a deviation from the expected which can:
› Be positive, negative, or both.
› Address, create, or result in opportunities and threats.
› Risk is usually expressed in terms of
› Risk sources.
› Potential events.
› Their impact (consequence).
› The probability (likelihood) of experiencing the impact.
An organization will normally assess risks against a predetermined appetite for risk-taking. Risk management comprises coordinated activities to direct and control an organization with regard to risks – this requires coordinated and economical application of resources to determine the level of risk treatment required to
› Minimise, monitor, and control the probability or impact of unforeseen events.
› Maximise the realization of opportunities
What is Agile Risk Management?
When we talk about agile risk management, we are focusing on two things:
› A nimble risk management response and approach to the changing dynamics in the organization’s risk management landscape to provide a timely risk management service to the board (or equivalent governing body), audit committee, and senior management.
› Leveraging agile project management techniques such as sprints to split the risk management service into manageable chunks, enabling risk management practitioners and stakeholders to collaboratively work together to stay timely and quickly update the risk management focus. The term ‘agile risk management’ suggests risk management should practice:
by The Institute of Internal Auditors - Australia
About the Institute of Internal Auditors–Australia
The Institute of Internal Auditors (IIA) is the global professional association for Internal Auditors, with global headquarters in the USA and affiliated Institutes and Chapters throughout the world including Australia. As the chief advocate of the Internal Audit profession, The IIA serves as the profession’s international standard-setter, the sole provider of globally accepted internal auditing certifications, and principal researcher and educator. The IIA sets the bar for Internal Audit integrity and professionalism around the world with its ‘International Professional Practices Framework (IPPF), a collection of guidance that includes the ‘International Standards for the Professional Practice of Internal Auditing’ and the ‘Code of Ethics. The IIA-Australia ensures its members and the profession as a whole are well-represented with decision-makers and influencers and is extensively represented on a number of global committees and prominent working groups in Australia and internationally. The IIA has established groups in Australia and internationally. The IIA was established in 1941 and now has more than 200,000 members from 190 countries with hundreds of local area Chapters. Generally, members work in internal auditing, risk management, governance, internal control, information technology audit, education, and security.
Frequently Searched Links