ISO 31000:2009 Risk Management – Before you tackle the standard get in the right mindset
To tackle the 31000, you must first be of the correct mindset, this will show you the methodical approach required to assist you with your internal compliance.
Understand your business environment
Simply, to know your risk you need o know your business and how it fits into the broader environment. Consider using the PEST wheel as a way to bring out the key aspects tht impact yur business.
Brainstorm your business risk
Use simple techniques to work through your risks such as brainstorming and mindmapping. Make this part of running your busniess.
Analyse and understand business risk
The brainstorm should generate some “risk ideas” but these need further understanding and analysis to best determine the risk. Consider asking about who, what, when, how and why, and also using the “5-Whys” technique
Quantify your business risks
Utilise formulaic approaches to quantify risk wherever possible such as historical instances in and outside your organisation, and leveraging data on processes. Plot the results on a visual that provides a simple view of the high/medium/low risks.
Control your business risk
Develop process flow chart documentation and then establish appropriate controls against the risk. Consider the possible different risk treatment strategies in the control process.
Determine and monitor Risk Indicators
Risk Indicators that provide a barometer of tolerance level of risks, give early warning signs and show measures of change in risks. Measure should include operational events, compliance events, and control failures.
Develop require action plans
Risk are not always adequately covered and therefore where the business does not accept the current level of control, then action plans should be established, monitored and reviewed.
Educate and communicated your business risks
Effective risk management does not end with this process, it is ever changing and evolving. Therefore, develop learning modules for staff and continually communicate on the importance of escalation.
I hope you found this article useful if you have any more questions please contact me direct, i am happy to help.
Please be aware this isn't an implementation plan but is an article to help you prepare for achieving
Understand your business environment
Simply, to know your risk you need o know your business and how it fits into the broader environment. Consider using the PEST wheel as a way to bring out the key aspects tht impact yur business.
Brainstorm your business risk
Use simple techniques to work through your risks such as brainstorming and mindmapping. Make this part of running your busniess.
Analyse and understand business risk
The brainstorm should generate some “risk ideas” but these need further understanding and analysis to best determine the risk. Consider asking about who, what, when, how and why, and also using the “5-Whys” technique
Quantify your business risks
Utilise formulaic approaches to quantify risk wherever possible such as historical instances in and outside your organisation, and leveraging data on processes. Plot the results on a visual that provides a simple view of the high/medium/low risks.
Control your business risk
Develop process flow chart documentation and then establish appropriate controls against the risk. Consider the possible different risk treatment strategies in the control process.
Determine and monitor Risk Indicators
Risk Indicators that provide a barometer of tolerance level of risks, give early warning signs and show measures of change in risks. Measure should include operational events, compliance events, and control failures.
Develop require action plans
Risk are not always adequately covered and therefore where the business does not accept the current level of control, then action plans should be established, monitored and reviewed.
Educate and communicated your business risks
Effective risk management does not end with this process, it is ever changing and evolving. Therefore, develop learning modules for staff and continually communicate on the importance of escalation.
I hope you found this article useful if you have any more questions please contact me direct, i am happy to help.
Please be aware this isn't an implementation plan but is an article to help you prepare for achieving
CAW Consultancy Provide ISO 31000 Full packages including paperless reporting system for just £750
