Acid
06-09-08, 04:08 PM
Risk management is a central part of any
organisation’s strategic management. It is
the process whereby organisations
methodically address the risks attaching to
their activities with the goal of achieving
sustained benefit within each activity and
across the portfolio of all activities.
The focus of good risk management is the
identification and treatment of these risks.
Its objective is to add maximum
sustainable value to all the activities of the
organisation. It marshals the
understanding of the potential upside and
downside of all those factors which can
affect the organisation. It increases the
probability of success, and reduces both
the probability of failure and the
uncertainty of achieving the organisation’s
overall objectives.
Risk management should be a continuous
and developing process which runs
throughout the organisation’s strategy and
the implementation of that strategy. It
should address methodically all the risks
surrounding the organisation’s activities past,
present and in particular, future.
It must be integrated into the culture of
the organisation with an effective policy
and a programme led by the most senior
management. It must translate the
strategy into tactical and operational
objectives, assigning responsibility
throughout the organisation with each
manager and employee responsible for the
management of risk as part of their job
description. It supports accountability,
performance measurement and reward,
thus promoting operational efficiency at
all levels.
2.1 External and Internal Factors
The risks facing an organisation and its
operations can result from factors both
external and internal to the organisation.
The diagram overleaf summarises examples
of key risks in these areas and shows that
some specific risks can have both external
and internal drivers and therefore overlap
the two areas.They can be categorised
further into types of risk such as strategic,
financial, operational, hazard, etc.
A Risk Management Standard
Risk can be defined as the combination of
the probability of an event and its
consequences (ISO/IEC Guide 73).
In all types of undertaking, there is the
potential for events and consequences that
constitute opportunities for benefit (upside)
or threats to success (downside).
Risk Management is increasingly recognised
as being concerned with both positive and
negative aspects of risk.Therefore this
standard considers risk from both
perspectives.
organisation’s strategic management. It is
the process whereby organisations
methodically address the risks attaching to
their activities with the goal of achieving
sustained benefit within each activity and
across the portfolio of all activities.
The focus of good risk management is the
identification and treatment of these risks.
Its objective is to add maximum
sustainable value to all the activities of the
organisation. It marshals the
understanding of the potential upside and
downside of all those factors which can
affect the organisation. It increases the
probability of success, and reduces both
the probability of failure and the
uncertainty of achieving the organisation’s
overall objectives.
Risk management should be a continuous
and developing process which runs
throughout the organisation’s strategy and
the implementation of that strategy. It
should address methodically all the risks
surrounding the organisation’s activities past,
present and in particular, future.
It must be integrated into the culture of
the organisation with an effective policy
and a programme led by the most senior
management. It must translate the
strategy into tactical and operational
objectives, assigning responsibility
throughout the organisation with each
manager and employee responsible for the
management of risk as part of their job
description. It supports accountability,
performance measurement and reward,
thus promoting operational efficiency at
all levels.
2.1 External and Internal Factors
The risks facing an organisation and its
operations can result from factors both
external and internal to the organisation.
The diagram overleaf summarises examples
of key risks in these areas and shows that
some specific risks can have both external
and internal drivers and therefore overlap
the two areas.They can be categorised
further into types of risk such as strategic,
financial, operational, hazard, etc.
A Risk Management Standard
Risk can be defined as the combination of
the probability of an event and its
consequences (ISO/IEC Guide 73).
In all types of undertaking, there is the
potential for events and consequences that
constitute opportunities for benefit (upside)
or threats to success (downside).
Risk Management is increasingly recognised
as being concerned with both positive and
negative aspects of risk.Therefore this
standard considers risk from both
perspectives.