Managing a company’s risk at a strategic level requires a lot of focus, meaning generally emphasizing not more than five to 10 risks. The day-to-day risks are an ongoing operating responsibility and need to be dealt regularly

The enterprise wide risk assessment process should be responsive to change in the business environment. A robust process should be implemented for identifying and prioritizing the critical enterprise risks, and these should also include emerging and new risks

A company can be infatuated with its business model and strategy as it fails to recognize the changing paradigms until it is too late for them to realize the effects. While no one knows for sure what will happen that could invalidate the company’s strategic assumptions in the future, monitoring the validity of key assumptions over time as the business environment changes is a smart thing to do.

To provide input to executive management regarding critical risk issues on a timely basis, directors must understand the business and industry, as well as how the changing environment impacts the business model