Blog post

10 Critical Elements of a Successful Risk Management Program

By John A. Wheeler | January 17, 2014 | 7 Comments

Risk ManagementGRCEnterprise risk management

The pressure to build and sustain a successful risk management program is rapidly increasing. Just this week, major U.S. financial institutions were given notice by the U.S. Treasury’s Office of the Comptroller of the Currency (OCC) that they must prepare to meet a new set of risk management standards and guidelines. According to the OCC’s news release, the proposed guidelines set forth the minimum standards for the design and implementation of an institution’s risk governance framework and provide minimum standards for oversight of that framework by the board of directors.

Central to these new guidelines is the need for a solid blueprint for success. Gartner has identified 10 critical elements that companies must address to integrate their enterprise risk management (ERM) framework with their Integrated Risk Management Solutions (IRMS) to create a risk-aware culture within the business. The following 10 elements (or what we call the “10 A’s”) and related questions form the basis of a successful risk management program.

  1. Appetite – How much risk are we willing to accept to achieve our strategic goals?
  2. Aggregation – How do we understand and articulate our total risk exposure in relation to a given strategic objective?
  3. Assessment – What is our current level of inherent and residual risk related to our strategic goals?
  4. Analytics – How can we model risk events that will have a material impact our business operations?
  5. Applications – What technology is required to enable collaboration and communication of risk- and compliance-related information to support business performance and decision making?
  6. Architecture – How are GRC applications, automated and manual controls, risk monitoring, and risk and compliance reporting incorporated into enterprise architecture?
  7. Assurance – What policies, processes and controls are required to meet strategic objectives, as well as legal and regulatory mandates?
  8. Accountability – How do we reinforce the ownership of risk and control within the enterprise?
  9. Action – How can we ensure that employees act in the best interests of the company and within established risk tolerances?
  10. Achievement – What risk metrics are required, and how are they linked to performance metrics to ensure the desired business outcome?

Click here to read our latest research and learn more about how you can utilize the 10 A’s to improve your risk management program.

Gartner 10 A's of Risk Management

Leave a Comment


  • Great post! A lot of this has become rather relevant to my business recently. Thanks for the thoughts!

  • Fabulous, what a webpage it is! This blog gives helpful facts to us,
    keep it up.

  • Good day! This post couldn’t be written any better! Reading this post reminds me of my old room mate! He always kept talking about this. I will forward this write-up to him. Pretty sure he will have a good read. Thanks for sharing!

  • リ【到着後レビューで素敵なプレゼント】

  • You got a very wonderful website, Glad I observed it through yahoo.

  • Hey great post. I hope it’s alright that I shared it on my
    Facebook, if not, no problem just let me know and I’ll remove it.
    Regardless keep up the great work.

  • Sharon says:

    amazing post thank you for sharing ^_^