The International Organization for Standardization identifies the following principles of risk management.
Risk management should: create value. be an integral part of organizational processes. be part of decision making. explicitly address uncertainty. be systematic and structured. be based on the best available information. be tailored. take into account human factors. be transparent and inclusive. be dynamic, iterative and responsive to change. be capable of continual improvement and enhancement.
According to the standard ISO 31000 "Risk management -- Principles and guidelines on implementation," the process of risk management consists of several steps as follows:
Establishing the context Establishing the context involves: Identification of risk in a selected domain of interest Planning the remainder of the process.
Mapping out the following: the social scope of risk management the identity and objectives of stakeholders the basis upon which risks will be evaluated, constraints. Defining a framework for the activity and an agenda for identification. Developing an analysis of risks involved in the process. Mitigation of risks using available technological, human and organizational resources.
If risks are improperly assessed and prioritized, time can be wasted in dealing with risk of losses that are not likely to occur. Spending too much time assessing and managing unlikely risks can divert resources that could be used more profitably. Unlikely events do occur but if the risk is unlikely enough to occur it may be better to simply retain the risk and deal with the result if the loss does in fact occur.
Qualitative risk assessment is subjective and lacks consistency. The primary justification for a formal risk assessment process is legal and bureaucratic. Prioritizing the risk management processes too highly could keep an organization from ever completing a project or even getting started. This is especially true if other work is suspended until the risk management process is considered complete. It is also important to keep in mind the distinction between risk and uncertainty. Risk can be measured by impacts x probability.
Qualitative risk assessment is subjective and lacks consistency. The primary justification for a formal risk assessment process is legal and bureaucratic. Prioritizing the risk management processes too highly could keep an organization from ever completing a project or even getting started. This is especially true if other work is suspended until the risk management process is considered complete. It is also important to keep in mind the distinction between risk and uncertainty. Risk can be measured by impacts x probability.
No comments:
Post a Comment