Figure 2 — Relationship between the components of the framework for managing risk This framework is not intended to prescribe a management system, but rather to assist the organization to integrate risk management into its overall management system. Therefore, organizations should adapt the components of the framework to their specific needs. If an organization's existing management practices and processes include components of risk management or if the organization has already adopted a formal risk management process for particular types of risk or situations, then these should be critically reviewed and assessed against this International Standard, including the attributes contained in Annex A, in order to determine their adequacy and effectiveness. 4.2 Mandate and commitment The introduction of risk management and ensuring its ongoing effectiveness require strong and sustained commitment by management of the organization, as well as strategic and rigorous planning to achieve commitment at all levels. Management should: define and endorse the risk management policy; ensure that the organization's culture and risk management policy are aligned; determine risk management performance indicators that align with performance indicators of the organization; align risk management objectives with the objectives and strategies of the organization; ensure legal and regulatory compliance; 9 COPYRIGHT Accessed by SWINBURNE UNIVERSITY OF TECHNOLOGY on 16 Aug 2017 (Document currency not guaranteed when printed)