Skip to content
Skip to main content

About this free course

Download this course

Share this free course

Risk management
Risk management

Start this free course now. Just create an account and sign in. Enrol and complete the course for a free statement of participation or digital badge if available.

5 The Risk Management Plan (RMP)

This framework will be looked at again in later sessions, but for now consider a specific approach for the first risk management activity. The first task in setting up risk management for any new activity is to create a document called a ‘Risk Management Plan’ (RMP). The purpose of an RMP is to set a standard and ensure consistent and seamless application of risk. This step, referred to as Scope, Context, Criteria in the ISO 31000 risk management process, sets the tone for what will follow.

ISO 31000 diagram – Scope, Criteria, Context
Figure 1 ISO 31000 diagram – Scope, Criteria, Context

RMPs can exist for small activities all the way up to risk activities for an entire organisation. An organisation-level RMP will be partly driven by the regulatory requirements, which will define some minimum requirements for governance and reporting. Listed companies in certain countries have to comply with corporate governance codes which may set a minimum requirement for the things the risk management system needs to cover. Corporate governance requirements are discussed further in Session 7.