top of page

Risk Management


Risk Management - Enterprise Risk Management, IT Risk Management, Enterprise IT Risk Management, Project Risk Management, Financial Risk Management, Strategic Risk Management, Information Security Risk Management

We recognize the fact that risks exist everywhere! At any level in the enterprise, be it at strategic level, tactical or operational level, risks have to be managed. All functions, business units, departments, divisions and projects have risks to manage. In essence, wherever there are objectives to achieve, you will find risks to the achievement of those objectives that need to be managed.

A proven method to manage the risk is essential. There are various risk management frameworks and standards available in the industry that can be used to manage the risks in the enterprise. 

We, at GRC Mentor, use various risk management frameworks while delivering our services to clients.

Apart from the below given frameworks, we use COSO ERM framework and MoR (Management of Risk from AXELOS) framework which are very effective. 

ISO 31000:2018

Enterprise Risk Management Standard


Enterprise risks can be managed using the international standard ISO 31000:2018. This principles based standard provides with guidance on how to create a good framework for risk management and suggests the necessary process steps. This framework can be used to create an organisation-specific framework to manage risk at any level or area in an organisation - let that be information security, human resources, finance, sourcing or any other.


  • Consulting: GRC Mentor helps organisations in framing their enterprise level risk management framework covering all the relevant areas in the organisation following the principles of risk management. 

  • Training: Certified Risk Manager - A flagship certification training program for those who want to practice risk management.

  • Assessment: GRC Mentor conducts assessment on an organisation's risk management practices aligned with various risk management good practices frameworks like ISO 31000:2018

ISO/IEC 27005:2018

Information Security Risk Management Standard

The standard ‘provides guidelines for information security risk management’ and ‘supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory implementation of information security based on a risk management approach.’ This method provides with a very practical and effective approach towards information security risk management.

  • Consulting: GRC Mentor extend consulting on ISO/IEC 27005:2018 to build the risk management framework while building the ISMS for the organisation. 

  • Training: GRC Mentor offer a couple of certifications on this standard. Certified Lead Risk Manager from PECB and Certified Information Security Risk Manager from IGRCI.


NIST Risk Management Framework

Information Security / Cyber Security / Enterprise Risk Management Standards

NIST (The National Institute of Standards and Technology) has released a series of risk management guidance under SP-800 series - 30 / 37 / 39 / 53 / 53A. These standards provides a robust approach towards assessing and mitigating the risks effectively. 

  • Consulting: GRC Mentor helps an organisation create their risk management framework based on NIST guidance as required by the organisation. 

  • Training: GRC Mentor provides training on NIST risk management framework accredited by IGRCI, UK.

  • Assessment: GRC Mentor provides assessment service based on NIST framework to ensure the organisation has NIST recommendations appropriately implemented. 


bottom of page