A risk management framework should be simple but not simplistic. If a frontline manager cannot use and understand the framework, it probably isn't much use.
Design plan do
Designing risk management framework means planning how you in the organization will think about and respond to risk in a preemptive manner.
Common size risk
Finance people talk about “common sizing" so they can compare Financial statements and projections. A good risk management framework should serve the same purpose. The latest problem is not necessarily the biggest problem. Even though that phone call you got from your in-house counsel just now suggests the contrary.
Where do we begin to design a risk management framework?
We have not explained how we might “common size”, for example, the risk of a patent infringement lawsuit, a new sales contract form, and a distribution deal in a new country. Let’s begin with a legal risk model that satisfies the concerns we just listed: the qualitative risk model.
Design of a risk management framework requires that we identify decision points within the context of our organization. Decision points might be routine such as approval of a department manager. Some decision points, however, might require approval of the Board of Directors.