This Risk Management Organisational Structure template sets out 3 different organisational structures for risk management. The option that may be adopted for an organisation largely depends on the size of the organisation, the resources available and the industry within which the organisation is in.
Guidance is provided to enable you to select the best risk management organisational structure for your organisation. Each option sets out the risk management role and where it sits in relation to the overarching governance, risk management and compliance structure for the organisation.
This Risk Management Organisational Structure template may be used for organisations of all sizes.
- Purpose. 2
- Scope. 2
- Governance structure. 2
- [Option 1 Risk management organisational structure: 3
- [Option 2 Risk management organisational structure: 5
- [Option 3 Risk management organisational structure: 7
- Collaborative approach. 9
- Three lines of defence. 9
- Document information. 9
This Risk Management Organisational Structure documents the structure for governance, risk management and compliance of [Organisation name].
This document must be read in conjunction with the following documents:
This document applies to all directors, officers, employees, consultants and contractors of [Organisation name]. The structure extend to all current and future activities of [Organisation name], and to any new opportunities [Organisation name] may encounter from time to time.
[Organisation name]’s structure for governance, risk and compliance management is set out below. The structure provides an integrated approach to governance, risk and compliance management with responsibilities and accountability for risk management described in the Risk Management Policy.
- Governance means all the processes established by the Board with respect to how [Organisation name] is managed, as reflected in the governance structure.
- Risk management means identifying, managing and prioritising risks faced by [Organisation name] such as risks to the health and wellbeing of employees, risks of breaching laws and regulations, cybersecurity and IT risks and so on.
- Compliance management means the process of identifying and adhering to all laws, regulations, policies, procedures, internal codes of conduct and other commitments of [Organisation name].
[Note: The following pages provide 3 different risk management organisational structures. Select the one that is most suitable for your organisation. The remaining pages after the 3 options describe the 3 lines of defence model which applies to all 3 options.]
Dedicated Risk Officer
- Dedicated Risk Officer with a combined compliance and risk function
- May or may not have an assistant
- Core risk function lies with the Risk Officer
- Works with each business unit to produce risk management manuals, guides and procedures for the unit
- CEO or CFO has administrative responsibility for the Risk Officer (direct or indirect report)
The diagram below shows the integrated structure for governance, risk and compliance management and the inter-relationship between the three concepts, and compliance documentation required for each business unit.