What’s a risk assessment framework? How can it help?
Vin Lacovara, Institutional Compliance Leader, George Mason University and Corey Parker, Director, Baker Tilly, explain that the framework is a document that should be tailored to the organization’s needs and starts with an inventory of applicable laws and regulations. Next, the responsible personnel and controls that are in place should be added, followed by a preliminary prioritization of risk areas. Then, more details can be added, looking on the more granular level.
All in all, the process should take about a month. The harder, longer work comes next and involves filling out all the efforts that need to be put in place.
How often should the framework be reassessed? That depends on the organization’s priorities and how high a given risk is. Any high risk area that threatens to literally or figuratively shut the institution down should be looked at more frequently to see where the institution’s risk mitigation efforts stand.
To ensure that the framework is properly tailored to your organization, they recommend investing time in developing relationships with stakeholders to make sure their needs are met.
The most important thing is to start somewhere, don’t let yourself get bogged down, and look for the process to develop and improve over time. Perfection out of the gate is not likely.
Listen in to learn more about how to create a proper risk assessment framework.