A risk owner is an accountable point of contact for an enterprise risk at the senior leadership level, who coordinates efforts to mitigate and manage the risk with various individuals who own parts of the risk. The responsibilities of the risk owner are to ensure that:
- Risks are identified, assessed, managed and monitored
- Risks are clearly articulated in risk statements
- Appropriate level of risk tolerance is determined
- Various internal stakeholders are assigned responsibility for each of the sub-risks identified within an enterprise risk
- Risk management is integrated into operational activities
- Gaps in mitigation and monitoring activities are remediated
- The status of mitigation and monitoring efforts are communicated to the Strategic Enterprise Risk Management Committee
- The internal and external environments are scanned for emerging risks and opportunities