IVI Framework Viewer

Monitoring

C4

Track identified risks, and validate the effectiveness of the risk treatment strategies.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Monitoring at each level of maturity.

2Basic
  • Practice
    Monitor the top 10 risks and the effectiveness of their risk treatment strategies periodically.
    Outcome
    There is high visibility on the highest priority risks.
    Metric
    Risk exposure for each identified risk and changes to risk scores.
3Intermediate
  • Practice
    Base the time intervals for monitoring risks and the effectiveness of risk treatment strategies on the risk priority.
    Outcomes
    • A more systematic approach is taken to risk monitoring.
    • Risks with a high importance to the organization are monitored more closely.
    Metrics
    • Risk exposure for each identified risk and changes to risk scores.
    • Frequency of monitoring of high priority risks.
4Advanced
  • Practice
    Incorporate pre-defined results/event-triggered activities as part of the risk monitoring process.
    Outcome
    Monitoring is more efficient due to its responsiveness to certain results or events.
    Metrics
    • Risk exposure for each identified risk and changes to risk scores.
    • # of monitoring triggers.
  • Practice
    Evaluate financial and benchmark data to validate the business/monetary value of the monitored risks.
    Outcome
    Inconsistent valuations are more readily detected, and relative context is provided for risk evaluations.
    Metrics
    • % of valuations validated.
    • Comparison of estimated versus actual risk mitigation effort and impact.
5Optimized
  • Practice
    Continually review the risk monitoring process for improvement opportunities.
    Outcome
    The monitoring process can be improved based on feedback from past risk incidents and emerging industry insights.
    Metric
    Ratio of actual reviews of the risk monitoring process to required reviews (set out in the risk management policy).