A. Performance assessment
To avoid risk management becoming a one-off activity unrelated to day-to-day activities, it is crucial to continuously assess the performance of risk management tools. Each business within the organisation must be involved in the process, and in the collection of data on inherent risk (existing risk in the absence of security measures, without any controls), likelihood, impact and also, in particular, the action plans intended to mitigate the risk or limit its impact.
B. Continuous improvement approach
Risks evolve and the threat they pose is not fixed or static. Vis-à-vis suppliers, partners and customers, adopting a continuous improvement approach makes it possible not only to keep vigilance up to date, but also to regularly adapt the tools, both in a risk assessment and in the actions intended to limit the likelihood or impact of a risk. In the same way that a computer hacker will regularly analyse vulnerabilities and try to find opportunities, adopting a continuous improvement approach helps to maintain essential acuity and mobilise human, logistical and financial resources to mitigate the risk.