skip to navigation skip to content skip to footer

Defence Estate Quality Management System (DEQMS) Davis Langdon Certification Services

ID Risk Management - 3.0 Monitor & Review Risk

Monitor & Review Risk process flowchart Risk Process Image


3.1 - Business Unit Risk Manager

Risk & Compliance Elements Data Element Data

SAP Image

  • 3.1 - Generate Risk Review Plan
    • Report generates a list of risks that are due for review. A risk is reviewed based on risk rating frequency in accordance with the ID Risk Review Table.

Off System

  • 3.2 - Notifies Response and Risk Owners by email.
    • BURM follows up with an DRN email to risk and response owners.

3.3 - Response Owner

Risk & Compliance Elements Data Element Data

SAP Image

  • 3.3 - Response Owners Update Response Plans
    • Response owners need to complete the response influence (effectiveness) and completeness % of responses.
  • 3.4 - Notify Risk and Response Owners by Email
    • BURM follows up with an DRN email to risk and response owners.

3.5 Risk Owners

Risk & Compliance Elements Data Element Data

SAP Image

  • 3.5 - Review Response Plan Updates
    • The Risk Owner reviews the Response Plan to ensure that all response actions have been actioned and updated accordingly.
  • 3.6 - Review Overall Risk and Update Assessment
    • The Risk Owner then reviews the overall risk to determine if updates to responses plans have impacted the overall risk assessment. The risk assessment is updated accordingly.
    • The risk owner should also considers whether the risk is still current and relevant or whether it can be retired.
      • NOTE: Risk Owners can manually override the residual risk if required.
  • Is Risk to be retired? SAP Image
    • if YES - continue to 4.0 Retire Risk
    • if NO - continue to step 3.7
  • 3.7 - Review and Update Response Plan
    • Update the response plan as required.
  • Is an escalation required? SAP Image
    • if YES, continue to step 3.8
    • if NO, continue to step 3.9
  • 3.8 - Prepare Brief for Escalation
    • Risk Owner prepares brief to the appropriate level.
  • 3.9 - Notify BURM of Review Completion
    • The BURM is notified by email that the review of the risk is complete and advise BURM of the next review date.

3.10 - Business Unit Risk Maanger

Risk & Compliance Elements Data Element Data

SAP Image

  • 3.10 - Schedule Next Review Date
    • Schedule next review date - or review date is automatically scheduled
      • NOTE: This step triggers a system workflow.
  • Process Ends