Risk management policy

What standards and guidelines are risk leaders using to guide the development of their risk management policy and/or framework, and are there any other references beyond the usual standards (i.e. ISO 31000 and COSO) that are supporting them with this task?

Risk management policy

In response to a priority of a Risk Leadership Network member, who wanted to validate their approach, we created a pulse check on risk management policy

10 large organisations have contributed to the pulse check, detailing the standards their risk management policy and/or framework is based on, as well as the positives and negatives of using those standards. We also asked risk leaders about other references they use to establish a mature policy or framework, as well as the different risk management qualifications and certifications held by people in their business.

We're only able to show this data to prospective members - in-house corporate risk leaders at large non-financial institutions in Europe, MENA and Asia-Pacific. 

Fill in this form to see the benchmark


Who has taken part in the benchmark?

10 different pre-selected multinational organisations, from sectors including energy, mining, retail and hospitality.

What data is included?
  • Is your risk management policy based on COSO, ISO 31000 or a combination of the two.?

  • What other references do you use to establish a mature risk policy/framework?

  • What are the pros and cons of using standards like COSO and ISO 31000?

  • What risk-related certifications and qualifications do people in your organisation have?
How was the data collected?

To compile this report, Risk Leadership Network interviewed risk leaders at each company, asking a series of closed and open-ended questions. All results are anonymised in the report.

Why did you create this benchmark?

We developed this pulse check to support a member on their specific risk priority: they wanted to understand how other large organisations use standards and guidelines to guide the development of their risk management policy.

Do you have any other benchmarks?

Yes, we regularly create benchmarks or pulsechecks  in response to our members' priorities. Take a look at some of our latest benchmarks here. Through our bespoke, consierge "network assistance" service, we deliver these niche reports in a timely way to meet the exact needs of the organisation who requested it. Of course, the benchmarks are often useful for other organisations too and we share the results. If you'd like us to create a benchmark for your organisation, please fill in this form and we'll get back to you with a time-frame and membership proposal.

How do I get hold of this report?

Please fill in the form and we'll present the key findings to you*, and discuss how our members are leveraging the data in the report to operationalise and accelerate ERM better practice.

Due to the high value data in the report, we only send the report to members of Risk Leadership Network.

*Subject to approval. You must be the risk lead at a global manufacturing organisation to take part. 

Can Risk Leadership Network carry out a benchmark for me?

Yes. Members of Risk Leadership Network work with a network manager to make sure we meet your risk priorities. If there's an informal benchmark that would assist you in your priorities, we'll create it for you in a timely manner. Most benchmarks are complete within 8 weeks of request. Tell us more about the benchmark you need and we'll get back to you with timescales and a membership proposal.

Back to top