Welcome!

Welcome!
Please keep visiting this blog and keep commenting too. Please make your reactions to the posts. Experts and authors are invited to share their articles/views. Suggestions for improvement are invited.
Thanks,
Keshav Ram Singhal


Thursday, November 21, 2013

An Overview of Risk Management Process


Risk Management – Article 7

An Overview of Risk Management Process

Keshav Ram Singhal

ISO 31000:2009 Standard has provided a definition of the risk management process and also the guidelines for the same. The definition given in the standard is as per ISO Guide 73:2009 that provides basic vocabulary to develop common understanding on risk management concepts and terms.. Risk management process is defined as the systematic application of management policies, procedures and practices to various activities. These various activities relate to:

- Communicating, consulting and establishing the context of the organization, and
- Identifying, analyzing, evaluating, treating, monitoring and reviewing risk.

Clause 5 of ISO 31000:2009 standard provides guidelines on risk management process and in this regard sub-clauses are as under:
5.1 – General

5.2 – Communication and consultation

5.3 – Establishing the context
5.3.1 – General
5.3.2 – Establishing the external context
5.3.3 – Establishing the internal context
5.3.4 – Establishing the context of the risk management process
5.3.5 – Defining risk criteria

5.4 – Risk assessment
5.4.1 – General
5.4.2 – Risk identification
5.4.3 – Risk analysis
5.4.4 – Risk evaluation

5.5 – Risk treatment
5.5.1 – General
5.5.2 – Selection of risk treatment options
5.5.3 – Preparing and implementing risk treatment plans

5.6 – Monitoring and review

5.7 – Recording the risk management process


Risk management process – General

The risk management process of an organization should be an integral part of the organization’s management. It should be fixed firmly and deeply in the culture and practices of the organization and tailored to the business processes of the organization.

(Diagram Courtesy WHO Website)

The ISO 31000:2009 standard has provided the risk management process diagram (figure 3 in the standard) that shows the inter-relation between various activities of risk management process. As per the diagram given in the standard, communication and consultation process is interrelated to establishing context, risk management activities (risk identification, risk analysis and risk evaluation) and risk treatment. Monitoring and review of risk management process is also interrelated to establishing the context, risk assessment activities (risk identification, risk analysis and risk evaluation) and risk treatment.

The risk management process comprises to the activities related to different activities as described in various sub-clauses of clause 5 of ISO 31000:2009. We will discuss these activities in forthcoming articles.

No comments:

Post a Comment