Monday, May 9, 2011

5.3.4 Risk Management Context

At this stage of 'Establishing the Context', you might like to consider what assets you are trying to protect and from what events, hazards and sources of risk.  This is the place for considering issues such as:
  • Sources – What are the sources of risk that the organization faces?
  • Assets – What assets are we trying to protect?
  • Stakeholders – Who are they? Which ones have influence and which ones are affected? 
  • Goals and objectives – What do we hope our risk management systems will contribute to the organization? What are the strategies that we will or do use to achieve them?
  • Responsibilities – Who exactly, is responsible for what in the our risk management systems?
  • Resources – How many resources do we have available? Is it enough or too much? What budget and resources do we actually need?
  • Scope – What is the depth and breadth of our risk management activities? What exactly will we address and what will we not address? What activities, processes, functions, projects, services, assets or products are we addressing? What locations, departments or businesses are we concerned with?
  • Documentation – What records will we keep? Who will keep them? Where? For how long?
  • Methodologies – What methodologies will we use?  To what extent and in which areas?

Answer each of the above points as a section heading or in a table in your risk assessment and you'll have covered most of the bases for

Examples of Sources of Risk Facing an Organization
·       Animal health
·       Asset management and resource planning
·       Audit
·       Bank management and risk analysis
·       Biological agents
·       Business continuity planning
·       Business interruption
·       Business law and practice
·       Computer networks
·       Conservation and environment
·       Contingency
·       Contract management
·       Corporate environmental management
·       Corporate governance.
·       Criminal elements
·       Design liability
·       Disaster
·       Discrimination
·       Emergency planning
·       Employment procedures
·       Engineering changes
·       Environmental health risk management
·       Environmental issues
·       Ethics issues
·       Feasibility studies
·       Federal government
·       Finance
·       Financial management
·       Fire detection
·       Fire prevention
·       Foreign exchange operations
·       Foreign intelligence services
·       Fraud
·       General liabilities
·       Global resources and energy management
·       Harassment
·       Human factors
·       Human health
·       Human resource management
·       Information systems
·       Information systems security
·       Insurance
·       Investment and portfolio management
·       Knowledge management
·       Legislative compliance
·       Local government
·       Maintenance systems
·       Managing people and organizations
·       Occupation health and safety
·       Operations management
·       Organizational change
·       Organizational culture
·       Plant health
·       Political change
·       Politically motivated violence
·       Probity issues
·       Product liability
·       Professional advice
·       Project management
·       Public risk
·       Quality assurance
·       Reputation issues
·       Research and development
·       State government
·       Strategic management
·       Technological change
·       Terrorist groups
·       Training
·       Transport
·       Treasury management
·       Zoological agents

The table below, offers a number of typical internal and external sources of risk broken up into four primary categories of Strategic, Financial, Operational and Hazards.   This list is by no means exclusive but can be a useful analysis tool for starting to consider and evaluate sources of risk.

Customer changes
Industry changes
Customer demand
Interest rates
Foreign exchange
Financial markets
Board composition
Counterparty risk
Natural events
Hazardous materials
Management decisions
Research and development
Intellectual capital
Cost Management

Accounting controls
Information systems
Supply Chain
Recruitment and retention
Public access
Human factors
Products and services
Work practices

A similar analysis of each of the key questions above (Sources, Assets, Stakeholders, Goals, Responsibilities, Resources, Scope, Documentation and Methodologies), although time consuming will yield all the answers you need. For a short risk assessment, you might find that all you really need is a paragraph on each and you'll have covered it.  For a more complex risk assessment, you might need a large table and a full section on each item. Context is king, in this as in all things risk. 

No comments:

Post a Comment