This is the first article in an ongoing series that will introduce the concepts of risk management. The articles and series will be based on the ISO 31000 standard for risk management (at least the initial articles will) and the discussion about risk management in these articles can be applied in any industry and for any subject--finances, supply-chain management, brand reputation, talent recruitment and retention, market share, occupational safety and health, supply-chain management, and more (this is known as enterprise risk management).
If you're new to risk and risk management, we hope that the articles in this series will demystify the field to you and show you the opportunities that taking a risk-based approach can offer in a variety of applications.
Please let us know if you have any questions you'd like us to address in future Risk Management Basics articles, and of course do use the comments section if you'd like to chime in with your own knowledge, thoughts, and experiences.
The ISO 31000-2018 standard, Risk Management--Guidelines, lists the following eight principles for any solid risk management program (see 31000-2018, Section 4, Principles):
Let's look at each a little more closely.
An organization should integrate its risk management efforts into all parts and activities of the organization.
Structured and comprehensive
Creating and following a comprehensive, structured risk management approach leads to the most consistent, desirable risk management outcomes.
An organization's risk management approach should be customized to their own needs, including the organization's objectives and the external and internal context in which the organization operates.
To be most effective, risk management should involve all stakeholders in appropriate and timely ways. This allows the different knowledge sets, views, and perceptions of all stakeholders to be considered and implemented into risk management efforts.
As the organization changes, including its external and internal context, the organization's risk management program and efforts should change, too. Change is inevitable and successful organizations know how to work with change. A risk management program should help the organization anticipate, identify, acknowledge, and respond to changes in an appropriate and timely way.
Uses best available information
Effective risk management is done by considering information from the past and present as well as anticipating the future. Therefore, (1) the information from the past and present must be as reliable as possible, and (2) risk managers must consider the limitations and uncertainties with that past and present information. All relevant stakeholders should receive necessary information in a timely and clear manner.
Considers human and culture factors
Risk management is a human activity and it takes place within one or more culture (organizational culture, etc.). Risk managers must be aware of the human and culture factors that the risk management effort takes place in and know the influence that human and culture factors will place on the risk management effort.
Practices continual improvement
Through experience and learning, risk managers must strive to continually improve an organization's risk management efforts.
Of course, you can hang tight for the next article(s) in our Risk Management Basic Series, but here are some additional resources for you if you want to kickstart your risk management awareness.
Stay tune for more Risk Basics articles and let us know all your risk management questions.
Although risk management techniques can be used in any industry and for any subject matter, we DO create a lot of tools for safety, including online EHS training courses and an online incident management system, so we've got a free Risk Matrix for you below.