Skip to main content

Risk Management Framework

The Risk Management Framework is the overarching framework for managing risk in an organisation. At a high level, the Bank for International Settlements (BIS) indicates that for banks, the following are crucial elements of an effective risk management framework – for any bank size:

  • governance by the board and senior management: how the organisation manages risk internally thorugh its committees and the board
  • consistent risk oversight methodology for identifying, assessing, scoring risks and controls and ensuring risks are appropriately controlled, as well as monitor and report on the risks and their assciated controls
  • a strong risk management culture
  • a strong internal control culture, including clear lines of reporting and responsibility, and segregation of duties
  • day to day risk management: this activity is inseparable from good business management and must be owned by the business lines (risk takers/risk owners) – not the risk management function
  • effective independent and empowered risk and compliance functions
  • effective independent internal audit function
  • contingency planning
  • specific risk policies that support the risk appetite statement and risk management framework document. These policies set out senior management responsibilities for managing particular types of risk and the delegated authorities for decision making for executives and board committees

Furthermore, for the risk management framework to be effectively implemented, it is crucial the involvement of the board of directors at inception. Some responsibilities of the board of directors include:

  • determining the organisation’s approach to risk, including setting of approving its Risk Appetite
  • defining and embedding the right risk culture throughout the organisation
  • monitoring the organisation’s exposure to risk and the top key risks that could affect the organisation and undermine its strategy, affect its reputation or risk its long-term viability
  • identifying the risks inherent in the company’s business model and business strategy, including risks originating in external sources
  • overseeing the effectiveness of senior management’s mitigation processes, systems and controls, and ensuring the organisation has effective crisis and business continuity systems implemented and regularly tested


Our recent articles about Risk Management Framework (RMF)