Risk management - processes for managing the unexpected
Organizations and businesses operate in a world of uncertainty. Unexpected external and internal events can have repercussions on economic performance, brand reputation, employee safety, the surrounding environment, customer relations etc. Effectively managing risk is essential in all modern organizations to mitigate the consequences of unforeseen circumstances. ISO 31000 provides frameworks and processes for managing risks. The ability to map such processes and associate them with specific operations or departments within the organization is an effective way of managing risk. Process mapping is also useful to identify potential opportunities and threats, evaluate the impact of such events and develop a preventative processes and framework.
How is ISO 31000 changing the perception of risk?
ISO 31000 contains guidelines set by the International Organization for Standardization regarding risk management and risk assessment. ISO 31000 defines risk as the effect of uncertainty on objectives. In everyday conversation risk is often associated with negative implications. In ISO 31000, however, risk refers to uncertainty with both positive and negative outcomes. Thus organizations can experience both loss and gains from risks. According to ISO 31000 risk management is simply a process of optimization to increase the likelihood of achieving set objectives. It shifts the focus of the risk management discussion from unexpected events to the effect on set objectives. To fulfill ISO 31000 requirements it is not enough to describe risks as events or consequences. Organizations must consider and describe how uncertain events affect specific organizational objectives.
To facilitate risk management ISO 31000 outlines frameworks, procedures and processes applicable to organizations of various size and across industries. It facilities the identification of threats versus opportunities and helps organizations benchmark their incumbent risk management processes to international standards. ISO 31000 procedures are equally relevant to all areas of your organization, be it operations, HR, finance, IT. Are you uncertain if your organization is holding up to ISO 31000? 2c8 Apps can provide you with a framework to ensure ISO 31000 regulations are met. Contact us and we will tell you more.
The process of managing risk
Risk management, as described by IS0 31000, has multiple subprocesses such as risk identification, risk analysis, risk evaluation, risk treatment, communication, consultation, monitor and review. Concepts such as risk management, risk assessment and risk analysis are often used interchangeably. The ISO standards outline how these separate processes differ, creating a common language for communicating around risk and risk management.
Figure 1 below visualizes the risk management process as described by ISO 31000. This is not a step-like process and significant iteration is required between each step as well as between communication and consultation, and monitoring and review. Because each subprocess includes multiple repetitions, it makes it difficult to draw and visualize using a simple flowcharts. 2c8 offers a tool allowing you get a 360 degree view of your risk management process. By breaking down your processes in multiple layers 2c8 apps allows you to move between a birds-eye perspective to examining the details of a certain iteration.
Do you want to read more about risk management processes? Learn more about ISO 31000 at ISO’s website.
2c8 Apps - a versatile risk management tool
To generate widespread understanding within the organization for the risk management process, it is helpful to use maps and models. Visualizing the steps and actions required to mitigate uncertainty allows departments and individuals to view their role and responsibilities. 2c8 provides a unique tool to map and model each step of the sub processes while linking them to the main process and framework. 2c8 Apps allows you to visualize processes in multiple layers, breaking down each process into activities.
The tool also enables you to link certain activities or responsibilities to given a position, as well as illustrate external demands and requirements. 2c8 Apps also supports linking external documents and descriptions to maps and models. Therefore, it is possible to link guides, legal frameworks and other significant guides to a certain role, activity or process. The tool allows you to review current processes and easily identify potential risk elements and develop action plans to address these. It is also possible to create matrices of identified risks associated with a certain activity or process. Thus it is easy to review current risks.