The planning phase enables a company to get a general overview of its current and future risk management situation.
During the planning phase, existing information and documentation relating to a company’s risk management are analyzed. It is possible to get an idea of the current risk management situation and areas for improvement. Based on these results and the selection process performed, project planning is then initiated.
Clear objectives must be set when organizing management. Moreover, the risk analysis is the foundation for identifying potential risks and opportunities that will enable the company’s objectives to be achieved. To do this, the objectives must not be known only by the managers concerned but set down in writing.
Before planning, it is important to know what aspects relating to risk management are already available and which objectives can therefore be met. The following aspects, amongst others, should be taken into account:
- How is the company organized?
- What management tools are used?
- Has the company already performed a risk analysis?
- How have the major risks been identified, monitored and documented?
- What is the IT environment like and which risks specific to this area must be included in the analysis?
The application of the risk management project is dependent on the support of management and the Board of Directors. Without this support, the project could be pushed back or cancelled. Roles and responsibilities are attributed according to the key positions within the company. They must be defined in writing and announced to the employees concerned.