You have most likely heard of “risk management” a number of times. But what exactly is risk management?
The ISO 31000 Guidelines for Risk Management defines Risk Management as:
Coordinated activities to direct and control an Organisation with regard to risk.
Let’s drip down a little deeper and now ask the question “How do you manage your risks in your Organisation?
- Have a “tick box” approach i.e., have a list with check boxes that show items being progressed; or
- Have a structured framework process to that facilitates and supports decision-making and drive performance.
Which one does your Organisation prescribe to, perhaps somewhere in between?
It would be fair to say that generally Organisations are reasonably aware of their internal and external risks. They may tend to operate somewhere in the middle zone (i.e., a process with checklists that they use for verification).
To a large extent, where the Organisation might operate with regard to risk level will be characteristic of it’s risk personality. This latter facet plays a central role in where they place their Organisation on the risk management spectrum.
Whilst the definition above might be relatively straight forward for risk management, success is very much dependent on the Organisation’s size, awareness, appetite for and desire to manage their internal and external risks.