Based on ISO 31000 – ten key elements (domains) are built into the soon to be released Capability Assessment app (USD $0.99cents)
1. Leadership & Commitment
Capability Criterion
Leadership actively sets direction for risk management and uses risk information to govern decisions.
2. Integration into Governance & Decision-Making
Capability Criterion
Risk management is embedded in governance, planning, and operational decision-making processes.
3. Risk Management Framework Design
Capability Criterion
The organisation has a fit-for-purpose risk management framework tailored to its context.
4. Risk Identification
Capability Criterion
The organisation systematically identifies risks that could affect objectives.
5. Risk Analysis
Capability Criterion
Risks are analysed to understand causes, consequences, and uncertainty.
6. Risk Evaluation
Capability Criterion
The organisation evaluates risks to support prioritisation and decision-making.
7. Risk Treatment
Capability Criterion
Risk treatments are deliberately selected, implemented, and monitored.
8. Communication & Consultation
Capability Criterion
Risk information is communicated to the right people at the right time.
9. Monitoring & Review
Capability Criterion
Risk management performance and risk exposure are actively monitored and reviewed.
10. Continual Improvement
Capability Criterion
The organisation learns from experience and improves its risk management capability.
Three key evidence fields support the Rating Logic
The above Framework as text in a PDF
Linking the approach to ISO 31000 Principles
John Salter Consulting Services 