In every human endeavour there is an element of risk;
personal, project or financial, or a combination of them
all. The task of the responsible individual is to identify
the risk and act accordingly. We all do these 'risky'
things, almost daily, aware that we are taking a risk.
Rather than avoiding risk we become adept at identifying it
and having a strategy for dealing with it if the risk
materialises. This is what risk management is about, and is
a skill that is important in virtually every endeavour.
The popular misconception that risk management is difficult
or complicated stems from the bureaucratic methodology of
some system-oriented organisations and managers. It is
neither complicated or bureaucratic, and need not be. Risk
management is basically a simple proposition with a
complexity dictated by the nature of the situation to which
it applies - usually a project, and the parties involved.
In its basic form risk management involves:
1. Identifying risk - Looking for anything that threatens
the successful completion of the project against the
original requirement. Risks can be environmental,
organisational, technical, legal, economic or commercial.
2. Counteracting risk - Taking action to remove or reduce
the probability of a risk being realised. The response
depends on the nature or seriousness of the risk.
3. Acting when the risk event occurs - Invoking whatever
contingency measures were devised for the risk that has
materialised.
And for this to happen requires:
4. Monitoring at all stages - This typically means
documenting a risk assessment in a profile that identifies
the risk, the probability of its occurrence, and the impact
if it does materialise. Factors that score highest are
those that require the greatest attention and monitoring.
A good risk manager will devise contingency plans that
reduce either the probability or the impact of these
occurrences, and so remove them from the scene.
Working within a formal structured management system
similar to that defined by ISO9001 requires the application
of risk assessment practices to satisfy the requirements of
the Standard. Auditors of such systems may not find
specific references to risk management in these areas even
though the identification of potential failure (8.5.3) is
wholly concerned with a topic that is nothing less than
risk management.
Well managed risk taking is a necessary feature of any
forward thinking enterprise, since risk is an element of
any progression or improvement. It is the adoption of
effective risk management in conjunction with the
continuing need to drive forward from a comfortable
position that leads to progress and advancement. Doing
what we always do purely because the risks appear to be
negligible or are well known is to be 'risk averse', and
for progressive organisations cannot be acceptable. Neither
is it acceptable to pursue new ideas without an
understanding of their potential benefit, proper planning,
a clear idea of the threats to these benefits being
achieved , and a strategy for dealing with them should they
materialise. We need to manage in a manner that is neither
predictable or reckless. Risk assessment is an essential
tool to support this strategy. We ignore it at our peril...
----------------------------------------------------
Meon Consulting, founded by Ed Bones, was formed to assist
clients with managing their businesses in a manner
compliant with ISO9001/14001. Ed had earlier held a number
of senior posts with Hi-Tech companies in the UK, Europe
and the USA. He has written and lectured on full range of
topics on quality improvement and TQM.
http://www.rent-an-auditor.co.uk . To obtain your FREE
Presentation please visit
http://www.rent-an-auditor.co.uk/contactus.html
No comments:
Post a Comment