During which phase should a risk practitioner define measures against business goals and objectives?

The correct choice focuses on the establishment of key risk indicators (KRIs) during which the risk practitioner clearly links risk measures to the organization’s business goals and objectives. This phase is critical because it allows for quantifiable metrics that gauge the effectiveness of risk management in alignment with the organization's strategic aims. By defining these indicators, the practitioner ensures that risk management activities are tailored to support the business context, guiding decision-making, and resource allocation in a way that enhances the organization’s ability to achieve its objectives.

While developing a risk management framework lays the groundwork for the overall risk management approach, it does not specifically address the alignment of measures with business goals. Similarly, during the assessment of risk impact, the focus is primarily on understanding the potential effects of risks on the organization rather than on defining performance metrics. The formation of risk management policies is also more about setting the rules and guidelines for managing risks without directly tying measures to business objectives. Thus, establishing key risk indicators is the phase where these strategic alignments are explicitly defined and operationalized.