The global skills and competency framework for the digital world

Business risk management BURM

The planning and implementation of organisation-wide processes and procedures for the management of risk to the success or integrity of the business, especially those arising from the use of information technology, reduction or non-availability of energy supply or inappropriate disposal of materials, hardware or data.

Moving to SFIA 8 

  • The skill has been renamed and the skill descriptions have been improved to reflect that risk management is a broad concept which has some universal principles as well as some specifics according to the context in which it is being applied.
  • The existing skill descriptions have also been edited for readability and guidance notes have been added 
  • Details available here - SFIA 8 Risk management 
  • SFIA 7 skill descriptions will remain available for you to use 
  • Previous SFIA assessments may be impacted by this change. 


Defined at these levels: 4 5 6 7

Business risk management: Levels 1-3

This skill is not typically observed or practiced at these levels of responsibility and accountability.

Business risk management: Level 4

Investigates and reports on hazards and potential risk events within a specific function or business area.

Business risk management: Level 5

Carries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business. Refers to domain experts for guidance on specialised areas of risk, such as architecture and environment. Co-ordinates the development of countermeasures and contingency plans.

Business risk management: Level 6

Plans and manages the implementation of organisation-wide processes and procedures, tools and techniques for the identification, assessment, and management of risk inherent in the operation of business processes and of potential risks arising from planned change.

Business risk management: Level 7

Establishes strategy for addressing risks arising from business operations and change. Provides resources to implement the strategy, and delegates authority for detailed planning and execution of risk management activities.