Roles, Responsibilities, and Accountabilities
Complete job and business process designs to identify the required roles for risk management tasks, and assign employees with the requisite knowledge and experience to the identified roles. Define and allocate the associated responsibilities and assign accountabilities to those who will be answerable for the achievement of risk management objectives.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Roles, Responsibilities, and Accountabilities at each level of maturity.
- 2Basic
- Practice
- Define basic roles for key risk management activities and start to assign responsibilities and accountabilities to individuals.
- Outcomes
- There is growing understanding of risk management and its fit with business priorities.
- Key decision makers are involved at the outset.
- There is some ability to set targets for risk management and measure progress against them.
- Metrics
- # of risk management roles defined.
- % of IT function employees with allocated risk management responsibilities and accountabilities.
- % of business unit employees with allocated risk management responsibilities and accountabilities.
- 3Intermediate
- Practice
- Develop a standardized set of roles, and jointly assign responsibilities and accountabilities to a dedicated group of IT and business unit representatives.
- Outcomes
- Points of contact exist for risk management.
- There is clarity on where responsibility and accountability lies, and ability to set and monitor risk management goals and targets against those of individuals, IT, and other business units.
- Metrics
- # of risk management roles defined.
- % of IT function employees with allocated risk management responsibilities and accountabilities.
- % of business unit employees with allocated risk management responsibilities and accountabilities.
- 4Advanced
- Practices
- Set up a dedicated risk management function within the organization.
- Align roles across all business units, and jointly assign responsibilities and accountabilities to dedicated individuals across the entire organization.
- Outcomes
- Organization-wide clarity on responsibilities and accountabilities ensures that risk management is applied consistently and effectively across the organization.
- Instances of non-compliance with responsibilities are addressed in alignment with the instances' severity.
- Metrics
- Frequency of review of risk management roles.
- % of IT function employees with allocated risk management responsibilities and accountabilities.
- % of business unit employees with allocated risk management responsibilities and accountabilities.
- 5Optimized
- Practice
- Regularly review and refine roles as appropriate, and determine the requisite responsibilities and accountabilities that key business ecosystem partners need to fulfil.
- Outcome
- Dynamically adjusting roles, responsibilities, and accountabilities enables risks to be managed consistently and effectively across the business ecosystem.
- Metrics
- Frequency of review of risk management roles.
- % of IT function employees with allocated risk management responsibilities and accountabilities.
- % of business unit employees with allocated risk management responsibilities and accountabilities.
- % of business ecosystem partners with allocated risk management responsibilities and accountabilities.