“Risk oversight and risk management are high priorities on the agenda of most organizations. The first step to defining risk management goals and risk management objectives is to define your organization’s shared vision. Once the shared vision is articulated, overall risk management goals and objectives must be defined.
While a vision statement is often aspirational, the goals and objectives should ordinarily describe in simple terms what is to be accomplished. They should be actionable by the organization. They should be defined in the context of the organization’s business strategy.”
See more of this article by Knowledge Leader provided by Protiviti at the link below: