Why RiskAssessment?

Effective Information Management is first and foremost a risk management activity. Like many business processes that are subject to external mandate and control, Information Management requires a balancing of risk and reward. RiskAssessment provides a framework under which Information Management - as well as all risk categories - can be evaluated and mitigated. 

While it is possible to develop an internal risk management framework from scratch, adapting an existing, accepted framework has several benefits. By adapting a framework such as Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management — Integrated Framework or the International Organization for Standardization (ISO) 31000: Risk Management Principles and Guidelines to your unique business operations and culture, organizations can leverage a comprehensive approach, a benchmark for establishing the scope and detail of your risk management efforts, and objectivity that’s hard to match in an internally developed framework.

Whether developed internally or adapted, a framework can help you identify and classify risks, formulate an integrated picture of risk, and coordinate risk management functions and activities.

RMG Consulting has developed our RiskAssessment framework using COSO and ISO 31000 as inputs. Our objective is to provide clients with a simplified approach to assessing and managing risk. 

RiskAssessment is based on the following nine key principles:

Principle #1: Ensure commonly understood definitions of risk are developed that encompass threats to and opportunities for operational success.

Principle #2: Define a common risk framework supported by appropriate standards and practices to manage risks throughout the enterprise.

Principle #3: Ensure key roles, responsibilities, and accountabilities related to risk management are fully defined.

Principle #4: Develop an enterprise-wide risk management culture.

Principle #5: Build transparency into all risk management practices. 

Principle #6: Embed primary responsibility for driving the risk management program with senior executives.

Principle #7: Make managers responsible for achieving their missions and for managing risk within the risk management framework.

Principle #8: Encourage key support functions to participate in enterprise-wide risk management.

Principle #9: Provide assurance to external stakeholders that risks have been identified and are being managed.


For further information on RiskAssessment, you can download a background document here or contact us. 



About us

We continually strive to be a trusted advisor. RMGconsulting is committed to providing high-quality products and services to our customers.

RMGconsulting is a leading Information Management consultancy providing advisory services to clients across industries and geographies in order to improve their Information Management practices. Drawing from over 25 years experience and connecting with leading practitioners ensures that our clients receive the optimal results from the engagements. 


Service 01: Information Risk Assessments

Service 02: Developing an IM Program

Service 03: Developing and Deploying Policies

Service 04: IM Frameworks

Service 05: EDRMS & ECM Technology Support

Service 06: Risk Assessment