Risk Management Framework

This Risk Management Framework sets out an organisational framework for risk management as part of an integrated governance, risk management and compliance strategy for an enterprise. It describes risk management functions, roles and responsibilities within the organisation. This template complies with the guidelines of the International Standard for Risk Management.

This Risk Management Framework is suitable for organisations of all sizes and complies with the guidelines of the International Standard for Risk Management.


  1. Purpose. 1
  2. Scope. 2
  3. Framework statement 2
  4. Principles. 2
  5. Risk management planning. 3
  6. Risk management 5
  7. Risk monitoring. 5
  8. Risk management system improvements. 6
  9. Document information. 6


The purpose of this Risk Management Framework (Framework) is to:

  1. provide an overview on the structure of [Organisation name]’s risk management function, roles and responsibilities;
  2. provide an overview of all related policies, procedures and governance, risk and compliance management-related documentation; and
  3. provide an integrated approach to governance, risk management and compliance within [Organisation name].

This Framework must be read in conjunction with the following documents:

  1. Risk Management Organisational Structure
  2. Risk Management Policy
  3. Risk Management Procedures


[Organisation name]’s risk management system applies to [Organisation name]’s business in [business locations] and to all directors, officers, employees, consultants and contractors of [Organisation name]. This Framework extends to all current and future activities of [Organisation name], and to any new opportunities [Organisation name] may encounter from time to time.

Framework statement

[Organisation name] is committed to developing, implementing, maintaining and improving on a risk management system in accordance with the International Standard for Risk Management.

This Framework is consistent with [Organisation name]’s Code of Conduct which represents and upholds [Organisation name]’s commitment to integrity, fairness and ethical behaviour.

[Note – an organisation code of conduct sets out the principles by which the organisation should be governed and describes rules of behaviours which employees are generally required to comply with.]


An effective risk management system allows [Organisation name] to demonstrate a commitment to enterprise risk management and to comply with [Organisation name]’s risk obligations. In order for the system to be effective, the following principles must be adhered to.

  1. Risk management creates and protects value;
  2. Risk management is an integral part of [Organisation name]’s internal processes;
  3. Risk management is part of decision-making;
  4. Risk management explicitly addresses uncertainties;
  5. Risk management is systematic, structured and timely;
  6. Risk management is based on best available information;
  7. Risk management is tailored;
  8. Risk management takes human and cultural factors into account;
  9. Risk management is transparent and inclusive;
  10. Risk management is dynamic, iterative and responsive to change; and
  11. Risk management facilitates continual improvement of the organisation.

The approach used to develop, implement, maintain and improve on the risk management system follows the International Standard Plan Do Check Act (PDCA) model, which is adopted by [Organisation name] for all other management systems implemented within [Organisation name].

Sign in

Questions or can't sign in? Contact our Support team.

Use of our services is subject to our Terms of Service.

Not a registered subscriber?

Register for FREE