An Invisible Framework

Ariane Chapelle and Michael Sicsic

Recent years have seen the development of a multitude of risk management frameworks of all shapes, colours and forms, general or specific, complex, multidimensional or basic. In the face of the mounting jargon and technicality of the risk management profession, it is important to remember three fundamental roles of the risk function – none of them to do with vocabulary and techniques, or even with the management of risks.

Risks must be managed where they arise – that is, at the level of each operation or each transaction in the business. This is why we prefer the term “risk function” to “risk management”, referring to an activity rather than a role: an activity to be carried out by the business.

Risk frameworks are technical structures helping risk professionals to understand how risks and controls do or should operate within an organisation, but frameworks do not need to be a preoccupation or a burden for the business.


The risk function should fulfil three roles: (1) to assist in the definition of risk appetite for the business and the board; (2) to monitor the risk exposure within the risk appetite, and to own the risk management

Sorry, our subscription options are not loading right now

Please try again later. Get in touch with our customer services team if this issue persists.

New to View our subscription options

You need to sign in to use this feature. If you don’t have a account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here