| Full Process Description | 30-Transform/Innovate | 20-Change/
Improve | 10-Run/
Operate |
| 10 Manage Enterprise Risk, Compliance, Remediation and Resiliency (16437) | 1 |
|
|
| 10.1 Manage enterprise risk (17060) |
| 1 |
|
| 10.1.1 Establish the enterprise risk framework and policies (16439) |
| 1 |
|
| 10.1.1.1 Determine risk tolerance for organization (16440) | 1 |
|
|
| 10.1.1.2 Develop and maintain enterprise risk policies and procedures (16441) |
| 1 |
|
| 10.1.1.3 Identify and implement enterprise risk management tools (16442) |
| 1 |
|
| 10.1.1.4 Coordinate the sharing of risk knowledge across the organization (16443) |
| 1 |
|
| 10.1.1.5 Prepare and report enterprise risk to executive management and board (16444) | 1 |
|
|
| 10.1.2 Oversee and coordinate enterprise risk management activities (16445) |
|
| 1 |
| 10.1.2.1 Identify enterprise level risks (16446) |
|
| 1 |
| 10.1.2.2 Assess risks to determine which to mitigate (16447) | 1 |
|
|
| 10.1.2.3 Develop risk mitigation and management strategy, and integrate with existing performance management processes (16448) |
| 1 |
|
| 10.1.2.4 Verify business unit and functional risk mitigation plans are implemented (16449) | | 1 |
|
| 10.1.2.5 Ensure risks and risk mitigation actions are monitored (16450) |
|
| 1 |
| 10.1.2.6 Report on risk activities (16451) |
| 1 |
|
| 10.1.3 Coordinate business unit and functional risk management activities (16452) |
|
| 1 |
| 10.1.3.1 Ensure that each business unit/ function follows the enterprise risk management process (16453) |
| 1 |
|
| 10.1.3.2 Ensure that each business unit/ function follows the enterprise risk reporting process (16454) |
| 1 |
|
| 10.1.4 Manage business unit and function risk (17462) |
| 1 | |
| 10.1.4.1 Identify risks (16456) | 1 | 1 | 1 |
| 10.1.4.2 Assess risks using enterprise risk framework policies and procedures (16457) | 1 |
|
|
| 10.1.4.3 Develop mitigation plans for risks (16458) |
| 1 |
|
| 10.1.4.4 Implement mitigation plans for risks (16459) |
| 1 |
|
| 10.1.4.5 Monitor risks (16460) | 1 | |
|
| 10.1.4.6 Analyze risk activities and update plans (16461) |
| 1 |
|
| 10.1.4.7 Report on risk activities (16462) | 1 |
|
|
| 10.2 Manage compliance (17467) | 1 |
|
|
| 10.2.1 Establish compliance framework and policies (17468) |
| 1 |
|
| 10.2.1.1 Develop enterprise compliance policies and procedures (17469) |
| 1 |
|
| 10.2.1.2 Implement enterprise compliance activities (17470) |
| 1 |
|
| 10.2.1.3 Manage internal audits (14133) | 1 |
|
|
| 10.2.1.4 Maintain controls-related technologies and tools (14137) |
|
| 1 |
| 10.2.2 Manage regulatory compliance (16463) | 1 |
|
|
| 10.2.2.1 Develop regulatory compliance procedures (16464) |
| 1 |
|
| 10.2.2.2 Identify applicable regulatory requirements (16465) | 1 |
|
|
| 10.2.2.3 Monitor the regulatory environment for changing or emerging regulations (16466) | 1 |
|
|
| 10.2.2.4 Assess current compliance position, and identify weaknesses or shortfalls therein (16467) | 1 |
|
|
| 10.2.2.5 Implement missing or stronger regulatory compliance controls and policies (16468) |
| 1 |
|
| 10.2.2.6 Monitor and test, on an ongoing and scheduled basis, regulatory compliance position and existing controls, defining controls that should be added, removed, or modified as required (16469) |
| 1 |
|
| 10.2.2.7 Maintain relationships with regulators as appropriate (16470) | 1 |
|
|
| 10.3 Manage remediation efforts (11185) | | 1 |
|
| 10.3.1 Create remediation plans (11201) |
| 1 |
|
| 10.3.2 Contact and confer with experts (11202) | 1 |
|
|
| 10.3.3 Identify/dedicate resources (11203) |
| 1 |
|
| 10.3.4 Investigate legal aspects (11204) | 1 |
|
|
| 10.3.5 Investigate damage cause (11205) | 1 |
|
|
| 10.3.6 Amend or create policy (11206) |
| 1 |
|
| 10.4 Manage business resiliency (11216) | 1 |
|
|
| 10.4.1 Develop the business resilience strategy (11221) | 1 |
|
|
| 10.4.2 Perform continuous business operations planning (11222) |
| | 1 |
| 10.4.3 Test continuous business operations (11223) |
| 1 |
|
| 10.4.4 Maintain continuous business operations (11224) |
| | 1 |
| 10.4.5 Share knowledge of specific risks across other parts of the organization (16471) |
| 1 |
|
| 20 | 27 | 8 |