Risk management
How is ISO 31000 changing the perception of risk?
ISO 31000 contains guidelines set by the International Organization for Standardization regarding risk management and risk assessment. ISO 31000 defines risk as the effect of uncertainty on objectives. In everyday conversation risk is often associated with negative implications. In ISO 31 000, however, risk refers to uncertainty with both positive and negative outcomes. Thus organizations can experience both loss and gains from risks. According to ISO 31 0000 risk management is simply a process of optimization to increase the likelihood of achieving set objectives. It shifts the focus of the risk management discussion from unexpected events to the effect on set objectives. To fulfill IS0 31000 requirements it is not enough to describe risks as events or consequences. Organizations must consider and describe how uncertain events affects specific organizational objectives.
To facilitate risk management, ISO 31000 outlines frameworks, procedures and processes applicable to organizations of various size and across industries. It facilities the identification of threats versus opportunities and helps organizations benchmark their incumbent risk management processes to international standards. ISO 31000 procedures are equally relevant to all areas of your organization, be it operations, HR, finance, IT. Are you uncertain if your organization is holding up to IS0 31000? Learn more about how 2c8 apps can assist you in managing risk here.
The risk management process
Risk management, as described by IS0 31000, has multiple subprocesses such as risk identification, risk analysis, risk evaluation, risk treatment, communication, consultation, monitor and review. Concepts such as risk management, risk assessment and risk analysis are often used interchangeably. The ISO standards outline how these separate processes differ, creating a common language for communicating around risk and risk management.
Figure 1 below visualizes the risk management process as described by ISO 31000. This is not a step-like process and significant iteration is required between each step as well as between communication and consultation, and monitoring and review. Because each subprocess includes multiple repetitions, it makes it difficult to draw and visualize using a simple flowcharts. 2c8 offers a tool allowing you get a 360 degree view of your risk management process. By breaking down your processes in multiple layers 2c8 apps allows you to move between a birds-eye perspective to examining the details of a certain iteration.
2c8 Apps - A versatile risk management tool
To generate widespread understanding within the organization for the risk management process, it is helpful to use maps and models. Visualizing the steps and actions required to mitigate uncertainty allows departments and individuals to view their role and responsibilities. 2c8 provides a unique tool to map and model each step of the sub processes while linking them to the main process and framework. 2c8 Apps allows you to visualize processes in multiple layers, breaking down each process into activities.
The tool also enables you to link certain activities or responsibilities to given position, as well as illustrate external demands and requirements. 2c8 Apps also supports external the linking of external documents and descriptions. It is thus possible to link guides, legal frameworks and other significant guides to a certain role, activity or process. The tool allows you to review current processes and easily identify potential risk elements and develop action plans to address these. It is also possible to create matrices of identified risks associated with a certain activity or process. Thus it is easy to review present risks.