Welcome!

Welcome!
Please keep visiting this blog and keep commenting too. Please make your reactions to the posts. Experts and authors are invited to share their articles/views. Suggestions for improvement are invited.
Thanks,
Keshav Ram Singhal

Thursday, December 12, 2013

Risk Management Process – Defining Risk Criteria



Risk Management – Article 13

Risk Management Process – Defining Risk Criteria

Keshav Ram Singhal

First we should understand what risk criteria means. ISO Guide 73:2009 has defined risk criteria as terms of reference against which the significance of a risk (i.e. effect of uncertainty on objectives) is evaluated. It is also clarified that:
- Risk criteria are based on organizational objectives and external and internal context.
- Risk criteria can be derived from standards, laws, policies and other requirements.

Significance of risk needs to be evaluated, so there is a need to define risk criteria to be used. The organization should define risk criteria that reflect the organization’s values, objectives and resources. The organization may impose or derive some risk criteria from legal (statutory and legal) requirements and other requirements to which the organization subscribes.

The organization should consider relevant factors to define risk criteria including:
- The nature and types of causes and consequences that can occur and their measurement way
- The process defining likelihood
- The timeframe of the likelihood/consequences
- The process determining the level of risk
- Stakeholders’ views
- Risk level at which risk becomes acceptable or tolerable
- Whether to consider combination of multiple risks, and if so, which combination to consider and how

The organization should ensure the following with regard to risk criteria:
- Risk criteria should be consistent with the organization’s risk management policy.
- Risk criteria should be defined at the beginning of any risk management process.
- Risk criteria should be continually reviewed.

Next write-up …. Risk Assessment - An Overview


Tuesday, December 10, 2013

Risk Management Process – Establishing the Context of the Risk Management Process


Risk Management – Article 12

Risk Management Process – Establishing the Context of the Risk Management Process

Keshav Ram Singhal

Sub-clauses 5.3.4 of ISO 31000:2009 standard provides guidelines on establishing the context of the risk management process.

We need to understand the context of the risk management process of the organization and it varies according to the needs of the organization. The context of the risk management process of an organization can involve the following:
- Defining goals and objectives of risk management activities
- Defining responsibilities for and within the risk management activities
- Defining the scope (with depth and breadth including specific inclusions and exclusions) of the risk management activities to be carried out
- Defining the risk criteria (evaluation terms of reference against risk reference) of the risk management policy
- Defining the activity, process, function, project, product, service or asset in terms of time and location
- Defining relationships between (i) a particular project and other projects, (ii) a process and other processes, or (iii) an activity and other activities of the organization
- Defining risk assessment methodologies
- Defining performance and effectiveness evaluation process in the management of risk
- Identifying and specifying decisions to be made
- Identifying, scoping or framing studies needed, their extent and objectives, and the resources required for such studies

The organization should provide its attention to above factors (not limited to) to ensure that risk management approach adopted in the organization should be appropriate to the:
- Circumstances
- Organization
- Risks affecting the achievement of objectives

The organization should establish the (i) objectives, (ii) strategies, (iii) scope, and (iv) parameters of the activities or those parts of the organization where the risk management process is being applied.

The organization should undertake risk management by considering the need to justify the resources used in risk management process. The organization should specify the resources required, responsibility and authority, and the records to be maintained.

Next write-up …. Risk Management Process – Defining Risk Criteria