This guidance describe current «best practices» for risk management functions regardless of industry, regulations and size of the business. The guidelines does not cover any legal requirements, but gives an introduction to basic principles of the function. Individual adjustments of the risk management function will include: depending on the nature, size, complexity and organizational culture of the enterprise.
The guidance also seeks to provide some clarifications and delimitations regarding the organization of a risk management function. This includes the division of tasks and roles between different control functions in the business, such as internal auditor, risk management function and compliance function.