The Risk Management Standard was published by the Institute of Risk Management (IRM), The Association of Insurance and Risk Managers (AIRMIC) and Alarm (The Public Risk Management Association) in 2002. The standard represents best practice against which organizations can measure themselves. The standard has wherever possible used he terminology for risk set out by the International Organization for standardization (ISO) in its recent document ISO/IEC Guide 73 Risk Management - Vocabulary - Guidelines for Use in standards. Source: www.theirm.org

More information is available here.

The Australian/New Zealand Risk Management Standard" provides a generic guide for managing risk. This Standard may be applied to a very wide range of activities, decisions or operations of any public, private or community enterprise, group or individual. ...  [it] specifies the elements of the risk management process, but it is not the purpose of this Standard to enforce uniformity of risk management systems. It is generic and independent of any specific industry or economic sector." Source: www.riskmanagement.com.au

More information is available here.

The Risk IT framework "complements ITGI’s COBIT which provides a comprehensive framework for the delivery of high-quality information technology-based (IT-based) services. While COBIT sets good practices for the means of risk management, Risk IT sets good practices for the ends by providing a framework for enterprises to identify, govern and manage IT risk." Source: www.isaca.org

More information is available here.

COBIT is an "IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework." Source: www.isaca.org

More information is available here.

Guidance on Monitoring Internal Control Systems (2009) is based on a three volume 2008 exposure draft that elaborates on the importance of internal control as part of the five pillars of the COSO Risk Management Framework.

More information is available here.

The Enterprise Risk Management – Integrated Framework "expands on internal control, providing a more robust and extensive focus on the broader subject of enterprise risk management. While it is not intended to and does not replace the internal control framework, but rather incorporates the internal control framework within it, companies may decide to look to this enterprise risk management framework both to satisfy their internal control needs and to move toward a fuller risk management process." Source: www.coso.org

More information is available here.

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued Internal Control – Integrated Framework. Its is a framework "to help businesses and other entities assess and enhance their internal control systems." These have been further refined and developed with additional standards. Source: www.coso.org.

Internal control consists of five interrelated components:

Control Environment — This component focuses on the risk management culture within organizations. Relevant questions include: are people throughout the organization aware of the importance of risk management and do they understand the risk profile of the organization? Do management and the board of directors set the tone at the top? Is risk awareness and mitigation embedded in the values of the organization, the integrity and competence of staff?  Is risk management it part of management’s philosophy and operating style and the way management assigns authority and responsibility?

Risk Assessment — Each organization is faced with external and internal risks that may affect the goals of the organization. Risk assessments identify relevant risks to the objectives and determines how the organization can manage the risks.

Control Activities — These refer to the internal control system of the organization, including policies and procedures that define approval processes, authorization levels, security of assets and the segregation of duties, etc.

Information and Communication — This component refers to an organization's information and communication systems, including the production of operational and financial reports.

Monitoring — This component is often confused with the "control activities" component. While control activities define an organization's internal control system, the monitoring component focuses on the monitoring of these systems, such as direct supervision and evaluation.

More information is available here. 

This guide provides a basic vocabulary of the definitions of risk management generic terms. The first edition of ISO/IEC Guide 73 was prepared by the ISO Technical Management Board Working Group 2 on risk management terminology. The 2nd edition has been developed by the ISO TMB WG on risk management in association with the development of ISO 31000 to reflect changes in risk management practices and feedback from users. Source: www.iso.org

More information is available here.

Risk mamanagement is essential for the implementation of developing programs. As uesful set of guidelines and principles has been developed by the International Organization for Standardization. In 2005, ISO introduced a New Work Item Proposal (NWIP) to look at developing a guidance standard on risk management. Following approval by ISO members, an ISO working group was established to develop a Committee Draft called ISO CD31000. The standard "gives generic guidelines for the principles and the adequate implementation of risk management.  It is not intended to be used for the purposes of certification." Source: www.iso.org