Activity
A.14 Risk monitoring and reporting
Monitor and Review
Description
Description
This process makes sure that the specified management action plans remain relevant and updated. In today’s continuously changing business environment, factors affecting the likelihood and consequences of a risk are very likely to change also.
To make Risk Management become a part of the organization’s culture and philosophy, the organization must collect and document experience and knowledge through a consistent monitoring and review of events, treatment plans, results and all relevant records.
Organisation
Responsible
Internal Audit
Accountable
Internal Audit
Consulted
Risk Owner
Domain Expert
Informed
Risk Manager
Senior Management
Input/Output
Input data
D32 Action plan
D33 Resource assignment
D79 External ref. docs
D28 Risk treatment decision
D81 Security policies
D82 Incidents reports
D80 Add. internal ref. docs
D39 Implement. progess reports
D41 Past risk treatment dec.
Output data
D86 Cost indicators
D85 Internal indicators
D84 External parties events
D83 Internal stakeh. events