Consider a ‘Process Approach’ for Risk

ISO 31000 is built on a 3-Part model for Risk Management. You’ll find the overview in this post: Putting Risk in Its Place and this Video: Putting Risk in Its Place

Clause 4 identifies the Principles and Clause 5 lays out the Framework.

In the ‘Process’ section (Clause 6) suggests that risk management yields benefits when an organization applies policies, procedures and practices to the activities related to treating and communicating risk. 

ISO 31000 Process for a structured approach:

    1. Communication and Consultation start the ball rolling…
      1. Help relevant stakeholders understand the program of managing risk
      2. Make sure everyone understands what Top Management means by ‘risk treatment’
      3. Set the stage for clear communication (acknowledge privacy issues!)
    2. Define the scope, context and criteria of your risk program
      1. Are you looking at Strategic, Operational, Project or any other activities?
      2. Are relevant ‘Objectives’ in need of a risk treatment?
      3. Does everything align with our Strategic direction?
    3. Do a risk assessment
      1. Identify areas of concern within the context of #1 and #2
      2. Carry out an analysis to determine ‘Likelihood’ and ‘Consequence’
      3. Rank the findings
    4. Create a risk ‘treatment’
      1. Consider some options
      2. Select an approach suitable for the identified vulnerabilities
      3. Prepare and implement the plan of action
    5. Monitor and review the treatments
      1. Make sure it worked – are risks being managed better (see ISO 9001, clause 9.1.3 e and 9.3.2 e)
    6. Record risk management results and report on them
      1. Spread the news – consider information sensitivity as well as the internal and external contexts of your organization
      2. Incorporate into business decisions
      3. Improve the process (see ISO 9001, clause 9.1.3 e and 9.3.2 e)

That’s the tip of the risk iceberg from ISO 31000. These ideas will help you get started on your risk management journey, but be sure to get a copy of ISO 31000 if you want more guidance for your activities. All of your efforts will pay you a surprising return on your investment!

Know Quality, Know Profits…No Quality, No Profits

If you’d like to see how we’ve designed our platform to help manage risk, schedule a demo and we’ll see if it can make your ‘ISO life’ simpler and safer!