Systematic means doing something according to a plan or method. Systematic implies orderliness, consistency, and rigor in applying risk management.

Risk management is core to governance and compliance 4 . Risk management helps to ensure that organizational objectives are achieved in a lawful, ethical, and transparent manner.

According to  2 , domain 1, ERM “is a coordinated set of activities and methods that is used by organizations to manage risks across the enterprise”. It takes an integrated or holistic approach that considers all types of risks and their interrelationships across the organization’s functions and levels.

The ISO 31000:2018 process can be used to identify stakeholder risk requirements, needs, and expectations 4 . This is part of establishing the context for risk management, which involves defining the scope, objectives, criteria, roles and responsibilities for risk management.

According to ISO31000 (2018), clause 5., establishing the context involves defining “the external and internal parameters to be taken into account when managing risk”. The internal context includes “information systems, information flows and decision-making processes” among other factors.

Uncertainties may involve the process used to conduct the risk analysis and differing abilities among risk analysts.  These are examples of factors that can affect the quality and reliability of risk assessment 1 .

Risk management takes human and cultural factors into account 1 . Human factors include perception, judgment, behavior, and communication that influence risk management. Cultural factors include values, beliefs, norms, and expectations that shape the organization’s risk culture.

KPIs (Key Performance Indicators) and KRIs (Key Risk Indicators) are measured extensively throughout the organization and into the supply chain 1 . These indicators help to monitor and evaluate the performance and effectiveness of risk management.

According to  1 , page 15-16, external risks are “those arising from events outside the organization” and marketplace risks are “those arising from changes in market conditions such as customer demand, competition, regulation”. Economic changes in different countries can affect the market conditions for an international bank’s operations.

Within an organisation, when attempting to manage and control risk, uncertainty must be taken into account 4 .  Uncertainty refers to “the state, even partial, of deficiency of information related to understanding or knowledge of an event”  4  and it influences both risks and opportunities.