The risk may be defined as uncertainty of outcome whether a positive opportunity or negative threat. It is the fact that there is uncertainty that creates the need for attention and formal management of risk. After all, if an organization were absolutely certain that a negative threat would materialize, there would be, little difficulty in determining an appropriate course of action. Likewise, if an organisation could be guaranteed that the positive opportunity would be realized, then its path would be clear. Managing risks required the identification and control of the exposure to those risks which may have an impact on the achievement organization’s business objectives.
Every organisation manages its risk, but not always in a way that is visible, repeatable and consistently applied to support decision making. The purpose of formal risk management is to enable better decision making based on a sound understanding of risks and their likely impact on the achievement of objectives. An organization can gain this understanding by ensuring that it makes cost-effective use of a risk framework that has a series of well-defined steps. Decision making should include determining any appropriate actions to take to manage the risks to a level deemed to be acceptable by the organisations.
A number of different methodologies, standards and frameworks have been developed for risk management. Some focus more on generic techniques widely applicable to different levels and needs, while others are specifically concerned with risk management relating to important assets used by the organisation in the pursuit of its objectives. Each organization should determine the approach to risk management that is best suited to its needs and circumstances, and it is possible that the approach adopted will leverage the ideas reflected in more than one of the recognised standards and frameworks.
Management Of Risk (M_O_R)
Management of risk (M_O_R) is intended to help organisations put in place an effective framework for risk management. This will help them make informed decisions about the risks that affect their strategic, programme, project and operational objectives. M_o_R provides a route map of risk management, bringing together principles, an approach, a process with a set of interrelated steps and pointers to more detailed sources of advice on risk management techniques and specialism. It also provides advice on how these principles, approach, and process should be embedded, reviewed and applied differently depending on the nature of the objectives at risk.
The M_O_R framework is based on four core concepts:
There are several common techniques which support risk management, including a summary risk profile. A summary risk profile is a graphical representation of information normally found in an existing risk register and helps to increase the visibility of risks
ISO 31000
ISO 31000 was published in November 2009 and is the first set of international guidelines for risk management, intended to be applicable and adaptable for any public, private or community enterprise, association, group or individual. ISO 31000 is a process-oriented rather than a control-oriented approach to risk management and provides guidance on a broader, more conceptual basis, rather than specifying all aspects of an organisation’s risk assessment and management approach. For example, ISO 31000 does not define how an organisation will create risk data or measure risk, nor does it ensure that an organisation will include a review of all risk areas relevant to the achievement of their objectives. ISO31000 was published as a standard without certification. ISO 31000 defines risks the effect of uncertainty on objectives. Risk management should be performed within a framework that provides the foundations and provisions which will embed the management of risk throughout all levels of the organisation. ISO 31000 identifies the necessary components of such a framework. as:
ISO 31000 was published in November 2009 and is the first set of international guidelines for risk management, intended to be applicable and adaptable for ‘any public, private or community enterprise, association, group or individual. ‘ISO 31000 is a process-oriented rather than a control-oriented approach to risk management and provides guidance on a broader, more conceptual basis, rather than specifying all aspects of an organisations risk assessment and management approach. For example, ISO 31000 does not define how an organisation will create the risk data or measure risk, nor does it ensure that an organisation will include a review of all risk areas relevant to the achievement of their objectives. ISO31000 was published as a standard without certification.
ISO310000 defines risk as the effect of uncertainty on objectives. Risk Management should be performed within a framework that provides the foundations and provisions which will embed the management of risk throughout all levels of the organisation. ISO31000 identifies the necessary components of such a framework as:
Figure 2 – ISO 31000 risk management process flow
Within this context, the risk management process is seen at a high-level figure 2. Once the framework has been established and the context understood, risk assessment is undertaken. This consist of three steps: Risk assessment is undertaken. This consist of three steps: Risk identification, risk analysis, and risk evaluation. The risk identification step is intended to create a comprehensive list of risk based on those events that might create, enhance, prevent, degrade, accelerate or delay the achievement of the organisation objectives. Risk analysis involves developing a full understanding of the risk as an input to risk evaluation and the decision about which risks require treatment and the relative priorities amongst them.
Risk treatment involves the modification of risks using one or more approaches. These approaches are not necessarily mutually exclusive and may include:
The approach described in ISO31000 provides a broad scope for each organisation to adopt the high-level principles and adapt them to their specific needs and circumstances.
"*" geeft vereiste velden aan
