In this guidance, we outline “good practices” for the Risk function regardless of industry, regulation and size.
It does not cover legal or regulatory requirements; rather it introduces the basic principles of the function. Each organisation needs to make individual adaptations depending on its nature, size, complexity and organisational culture.
The guidance delineates the organisation of a Risk function, responsible for the overall risk management in an organisation. This includes the segregation of roles and responsibilities between the different control and assurance functions of an organisation, such as internal audit, the Risk function and the Compliance function.
Several industry-specific guidelines have been developed internationally which describe the elements and requirements characteristic of an efficient and effective Risk function adapted to specific regulatory requirements. There are however common elements in these, which, together with the experience of Norwegian organisations, forms the basis for this guidance.
The guidelines were first published with the title «Guidelines for the Risk Management function” in 2017 originally in Norwegian but with a translation to English. In 2018 it was updated to take account of changes in the framework for COSO ERM and an update of ISO-standard 31000:2018. In 2020 a «Good Practice Guidelines for the Enterprise Risk Management Function» was published based on the English translation of the Norwegian guidelines. This was adjusted and developed further by a steering group
appointed by IIA-associations in the Nordic and Baltic countries.
This edition builds further on the 2020 version but was expanded and adapted to the work performed in 2024 by IIA Norway on standardising Norwegian professional terms regarding corporate governance. The decision was also made to remove the professional appendices from the main document and make these available as standalone white papers. Thereby making it easier to update and expand the number of
white papers.
We would like to invite all our Nordic collegues to attende the webinar. The content will be presented by Martin Stevens, Gjensidige Forsikring and Petter Kapstad, Senior Specialist Risk Management.
Download: ERM – guidelines for the risk function
