Lets talk about risk management …

Written By Phil Clarke

What is risk management?

In simplistic terms risk management is about developing a risk register to assess the level of threat risks present and give a pathway to resolution.

An effective risk management process in adds benefits and value to any organisation:

  • Empowers interested parties to be part fo the process of assessing and responding to threat to the organisation

  • Ensures that the information required is correct, and quickly available

  • Strengthens decision making, basing decision and prioritisation based on evidence

  • It provides a governance framework that can be recorded, audited, and provide traceability of risk management

  • Provide insights on the risks to the organisation

  • Allows time to focus on issues prioritised by the process, and helps move from reactive to proactive management of threats

What it is not is compliance; risk management is not a box ticking exercise to meet perceived requirements of stakeholders or interested parties. Risk management is about identifying and managing threats to the strategy and operational activity of an organisation.

Often when risk management goes awry it is because it is an issue looked at in a silo, with a risk manager disconnected from he Board and operational leads. For risk management to work effectively the Board and operational managers need visibility, they need regular engagement. The risk manager is there to energise and organise; they are not there to manage the issues on the risk register. Issues on the risk register must be owned and dealt with by the Board and their managers.

An organisation needs too embed a process to identify, assess, and prioritise strategic and operational risks. The risk register must not just list the risk identified, it must be used to identify controls in place to mitigate the risk and plans or ideas to reduce the risk and move to business as usual with no further need for the issue to be managed via the risk register.

The risk management of an organisation must have support of the Board, with executives sponsoring risks and drive the organisation to mitigate risks. The risk management must be visible and have sufficient resource to drive forward, develop, and implement effective risk management.

Phil Clarke
Previous

What is HSE?
Next

What do safety professionals believe about themselves?