SFIA Mapping Form Generator

Category: Strategy and architecture

Subcategory: Governance, risk and compliance

Risk management - BURM

Planning and implementing processes for managing risk across the enterprise, aligned with organisational strategy and governance frameworks.

Levels:

Level 2:
Description: Assists in collecting and reporting data to support risk management activities under routine supervision. Helps create and maintain documentation of risks and risk management activities. Helps identify and report issues and discrepancies.

Level 3:
Description: Undertakes basic risk management activities. Maintains documentation of risks, threats, vulnerabilities and mitigation actions.

Level 4:
Description: Carries out risk management activities within a specific function, technical area or project of medium complexity. Identifies risks and vulnerabilities, assesses their impact and probability, develops mitigation strategies and reports to the business. Involves specialists and domain experts as necessary.

Level 5:
Description: Plans and implements complex and substantial risk management activities within a specific function, technical area, project or programme. Establishes consistent risk management processes and reporting mechanisms aligned with governance frameworks. Engages specialists and domain experts as necessary. Advises on the organisation's approach to risk management.

Level 6:
Description: Plans and manages the implementation of organisation-wide risk management processes, integrating tools and techniques aligned with governance frameworks. Considers organisation-wide risk and mitigation activities within the context of business risk as a whole and the organisation's appetite for risk. Provides leadership on risk management, ensuring practices support strategic decision-making and compliance with organisational policies.

Level 7:
Description: Establishes the organisation's risk management strategy, defining and communicating the risk appetite in alignment with governance and strategic objectives. Defines and communicates the organisation's appetite for risk. Provides resources to implement the organisation's risk strategy. Delegates authority for detailed planning and execution of risk management activities across the organisation.