Why Read This
As a risk professional, you are currently in a position to exert more influence on your organization and increase the value you and your team can offer. Many of you will feel pressure to develop slimmed-down versions of risk management to avoid high costs and burdens on the business; however, make sure not to take shortcuts when defining the parameters of your program, a step in the risk management process that the ISO 31000 standard refers to as "establishing the context." This report draws from this standard as well as industry best practices to explain this crucial step, which includes establishing the internal context, the external context, the risk management context, and the risk criteria; your attention to these details will likely mean the difference between a program that adds value by supporting business performance and one that fails to garner widespread support and ultimately collapses. This is an update of a previously published report; Forrester reviews and updates it periodically for continued relevance and accuracy.