Thursday, April 28, 2011

5.3 Keeping it in context

For me context is the key - from that comes the understanding of everything."

Kenneth Noland

Risk Management, like any other discipline, needs to be considered within the context in which it is applied.  'Establishing the context' sounds complicated but if you break it down into a series of logical steps, it simply involves understanding the background of the organization, the operating environment and the underlying drivers which effect the organization. Nothing too frightening in that hopefully. 

What it aims to provide is an appropriate appreciation of the factors that may influence the ability of the organization to achieve its objectives, and to what extent they are influences. The output from this step is a statement of the organizational environments, influences objectives and criteria for success.  It defines the scope and objectives for any risk management study, and is fundamental to setting the stage for all that follows.

It's easy to try to shortcut this process but failing to fully understand the context  fundamentally flaws the quality of the any risk analysis and treatment. Broken down to it’s fundamentals, the objective of understanding the context is to:
  • Determine and document the environment in which the organization operates 
  • Determine and document the key drivers in that environment
  • Clearly articulate the organization’s objectives
  • Define tolerances and criteria against which risks will be measured
  • Specify scope and objectives for risk management, and the outcomes required
  • Define a set of key elements for structuring the risk identification and assessment process.
A point worth highlighting in this search for meaning, is that although humankind has responded to uncertainty for millennia, risk based decisions made today are unlikely to remain valid for as long as the same decisions would have been 100 years ago.  We accordingly need to take a big picture view of the context, and search far and wide, rather than simply looking at the obvious.  ISO31000 addresses this by looking at four elements of the context and these are what we'll look at in the next articles:

No comments:

Post a Comment