Risk Monitoring and Control

Risk monitoring and control process is continually performed in order to monitor known risks, identify, assess and respond to new organizational risks, and evaluate effectiveness of the implemented risk response strategies. Taking a proactive approach to measure, monitor and review progress in reducing risks to acceptable levels is the hallmark of effective risk control. A robust measurement system must be in place to provide early warning of potential risk events and allow the risk owners to take preventive actions in a timely manner, identify alternative strategies or execute contingent responses. Establishing reliable, responsive, valid, and cost-effective measures is critical for making informed decisions and identifying evidence-based solutions. Risk measures and overall organizational performance measures should be seamlessly integrated. Ongoing monitoring and assessment is particularly important to control dynamic risks that fluctuate over relatively short periods of time and are subject to complex, constantly changing interactions. Static risks tend to remain constant over longer periods of time but they still require continual monitoring as well as reassessment on a periodic basis. Various reports are used to provide seniour management and other stakeholders with a concise, consistent and informative summary of key risk management issues, changes, activities, and program developments. The content of reports and level of detail depend on the risk management culture, organizational complexity, magnitude of risks faced by the organization, purpose of the report, and intended audience. Risk monitoring and control activities provide a basis for systematic review, evaluation and improvement of the key ERM structural elements and continual refinement of risk response strategies.