Call Us: US - +1 845 478 5244 | UK - +44 20 7193 7850 | AUS - +61 2 8005 4826

Development of Action Plan

Development of Action Plan

Treatment plans are necessary in order to describe how the chosen options will be implemented. The treatment plans should be comprehensive and should provide all necessary information about:

  • proposed actions, priorities or time plans,
  • resource requirements,
  • roles and responsibilities of all parties involved in the proposed actions,
  • performance measures,
  • reporting and monitoring requirements.

Action plans should be in line with the values and perceptions of all types of stakeholders (e.g. internal organizational units, outsourcing partner, customers etc.). The better the plans are communicated to the various stakeholders, the easier it will be to obtain the approval of the proposed plans and a commitment to their implementation.

Approval of Action Plan

As with all relevant management processes, initial approval is not sufficient to ensure the effective implementation of the process. Top management support is critical throughout the entire life-cycle of the process. For this reason, it is the responsibility of the Risk Management Process Owner to keep the organization’s executive management continuously and properly informed and updated, through comprehensive and regular reporting

Implementation of Action Plan

The Risk Management plan should define how Risk Management is to be conducted throughout the organization. It must be developed in a way that will ensure that Risk Management is embedded in all the organization’s important practices and business processes so that it will become relevant, effective and efficient.

More specifically, Risk Management should be embedded in the policy development process, in business and strategic planning, and in change management processes. It is also likely to be embedded in other plans and processes such as those for asset management, audit, business continuity, environmental management, fraud control, human resources, investment and project management.

The Risk Management plan may include specific sections for particular functions, areas, projects, activities or processes. These sections may be separate plans but in all cases they should be consistent with the organization’s Risk Management strategy (which includes specific RM policies per risk area or risk category).

The necessary awareness of and commitment to Risk Management at senior management levels throughout the organization is mission critical and should receive close attention by:

  • obtaining the active ongoing support of the organization’s directors and senior executives for Risk Management and for the development and implementation of the Risk Management policy and plan;
  • appointing a senior manager to lead and sponsor the initiatives;
  • obtaining the involvement of all senior managers in the execution of the Risk Management plan.

The organization’s board should define, document and approve its policy for managing risk, including objectives and a statement of commitment to Risk Management. The policy may include:

  • the objectives and rationale for managing risk;
  • the links between the policy and the organization’s strategic plans;
  • the extent and types of risk the organization will take and the ways it will balance threats and opportunities;
  • the processes to be used to manage risk;
  • accountabilities for managing particular risks;
  • details of the support and expertise available to assist those involved in managing risks;
  • a statement on how Risk Management performance will be measured and reported;
  • a commitment to the periodic review of the Risk Management system;
  • a statement of commitment to the policy by directors and the organization’s executive.