Risk Management Policy

This Risk Management Policy describes the enterprise risk management policy of an organisation. It defines the scope, responsibilities and structure of the risk management system within the organisation as well as the compliance responsibilities of every individual within the organisation.

This Risk Management Policy is suitable for organisations of all sizes and complies with the guidelines of the International Standard for Risk Management.


  1. Purpose. 2
  2. Scope. 2
  3. Policy statement 2
  4. Enterprise risk. 2
  5. Management responsibility. 2
  6. Organisation responsibilities. 3
  7. Risk management requirements. 5
  8. Document information. 6


The purpose of this Risk Management Policy (Policy) is to establish a risk management process which will enable [Organisation name] to manage risks by anticipating, understanding and deciding whether to modify enterprise or organisational risks, and to monitor and review risks and controls implemented to modify such risks.

This Risk Management Policy must be read in conjunction with the following documents:

  1. Risk Management Organisational Structure
  2. Risk Management Framework
  3. Risk Management Procedures
  4. Risk Assessment Instructions Manual


This Risk Management Policy applies to all directors, officers, employees, consultants and contractors of [Organisation name]. This Policy extends to all current and future activities of [Organisation name], and to any new opportunities [Organisation name] may encounter from time to time.

Policy statement

[Organisation name] is committed to developing, implementing, maintaining and improving on a risk management system in accordance with the International Standard for Risk Management.

This Risk Management Policy is consistent with [Organisation name]’s Code of Conduct which represents and upholds [Organisation name]’s commitment to integrity, fairness and ethical behaviour.

Enterprise risk

[Organisation name] recognises that all activities conducted by [Organisation name] involve risk and is committed to managing such risks by anticipating, understanding, monitoring and reviewing risks, and providing an organisational strategy for controlling its risks.

To effectively manage its risks, [Organisation name] has developed a Risk Management Framework that integrates the process for managing risks into [Organisation name]’s overall governance, risk management and compliance strategy, planning, management, processes, policies, values and culture.

Management responsibility

[Organisation name] has established a structure for risk management which is described in Risk Management Organisational Structure.

Board of directors

The Board has ultimate responsibility for overseeing the performance of [Organisation name], including effectively monitoring the [Organisation name] risk management objectives. The focus of the Board is as follows:

  1. Promote an organisation-wide approach by integrating risk management processes with:
    • business strategy and decision making; and
    • compliance, audit and general governance functions to achieve a fully integrated Risk Management Framework (managing financial and non-financial risks);
  2. Develop and foster a risk aware culture within the business which means: