| Copyright (c) 2008 Ed Bones | | | | identifies the risk, the probability of its occurrence, |
| In each human endeavour there is an element of risk; | | | | and the impact if it does materialise. Factors that |
| personal, project or financial, or a combination of | | | | score paramount are those that require the greatest |
| them all. The job of the responsible individual is to | | | | attention and monitoring. A good risk manager will |
| identify the risk and act accordingly. We all do these | | | | devise contingency plans that reduce either the |
| 'risky' things, almost daily, aware that we are taking a | | | | probability or the impact of these occurrences, and |
| risk. Rather than staying away from the risk we | | | | so remove them from the scene. |
| become adept at identifying it and having a strategy | | | | Working within a formal structured management |
| for dealing with it if the risk materialises. This is what | | | | system similar to that defined by ISO9001 requires |
| risk management is about, and is an ability that is | | | | the application of risk assessment practices to satisfy |
| important in virtually every endeavour. | | | | the requirements of the Standard. Auditors of such |
| The popular misconception that risk management is | | | | systems may not find specific references to risk |
| difficult or complicated stems from the bureaucratic | | | | management in these areas even though the |
| methodology of some system-oriented organisations | | | | identification of potential failure (8.5.3) is wholly |
| and managers. It is neither complicated or | | | | concerned with a topic that is nothing less than risk |
| bureaucratic, and need not be. Risk management is | | | | management. |
| basically a simple proposition with a complexity | | | | Well managed risk taking is an essential feature of |
| dictated by the nature of the situation to which it | | | | any forward thinking enterprise, since risk is an |
| applies - usually a project, and the parties involved. In | | | | element of any progression or advancement. It is the |
| its basic form risk management involves: | | | | adoption of effective risk management in conjunction |
| 1. Identifying risk - Looking for anything that | | | | with the continuing need to drive forward from a |
| threatens the successful completion of the project | | | | comfortable position that leads to progress and |
| against the original requirement. Risks can be | | | | advancement. Doing what we always do purely |
| environmental, organisational, technical, legal, economic | | | | because the risks appear to be negligible or are well |
| or commercial. | | | | known is to be 'risk averse', and for progressive |
| 2. Counteracting risk - Taking action to remove or | | | | organisations cannot be acceptable. Neither is it |
| reduce the probability of a risk being realised. The | | | | acceptable to pursue new ideas without an |
| response depends on the nature or seriousness of | | | | understanding of their potential benefit, proper |
| the risk. | | | | planning, a clear idea of the threats to these benefits |
| 3. Acting when the risk event occurs - Invoking | | | | being achieved , and a strategy for dealing with them |
| whatever contingency measures were devised for | | | | should they materialise. We need to manage in a |
| the risk that has materialised. | | | | manner that is neither predictable or reckless. Risk |
| And for this to happen needs: | | | | assessment is an essential tool to support this |
| 4. Monitoring at all stages - This typically means | | | | strategy. We ignore it at our peril... |
| documenting a risk assessment in a profile that | | | | |