|
Risk assessment is very topical in the modern world. All
organizations need to manage risks but the good news is that many of the
risks that face organizations on a daily basis are those that are within
their own control. Few organizations have adopted a structured approach to risk assessment.
Risk assessment does not necessarily require sophisticated tools. They can
be conducted simply by asking some key questions. Even for those events
that are outside your control, there are steps you can take to avoid,
contain or reduce adverse impact on the organization.
Our Process Transformation Tool
is a powerful instrument for carrying out risk assessment and designing
processes that manages risk. If your management team has difficulty
answering the questions below, our Process Transformation Tool might help
you improve your organization's approach to risk assessment
If you were to ask your management team about risk, would
it know:
-
What factors
affect the organization's ability to accomplish its mission or its
objectives
-
What
provisions had been made to contain, reduce or control risk?
-
In which
processes were these controls installed?
-
How the
effectiveness of these provisions is being measured?
-
What recent
changes have been made to these processes to improve their robustness in
preventing the risk having a detrimental effect on the business?
If you were also
to ask your management team about the provisions it has made to mitigate
against risk would it be able to explain what provisions had been taken to
safeguard the organization from:
-
Attack by
competitors, disgruntled employees, computer viruses?
-
Loosing
customers, suppliers, employees, reputation
-
Decline in
orders, revenue, profit, market share
-
Dissatisfying
customers, shareholders, employees
-
Prosecution by
regulators, customers, employees
-
Delayed
delivery
-
Delayed
receipt of product or payment
-
Hazards
injurious to health of personnel and/or the environment
-
Accidents to
personnel and equipment
-
Breakdown of
equipment, plant, machinery, relationships
-
Disruption to
business continuity by computer failure, loss of information, strikes,
weather.
Certain
techniques can identify potential risks and assist in their elimination,
reduction or control if the provisions are built into process design. Many
rules and regulations or requirements have their roots in the elimination
of failures, disasters, accidents and the like. When such requirements are
imposed upon us we sometimes forget what risk they were intended to
prevent from happening. Often The risk is not present in our organization
or its probability of occurrence is negligible, but the requirements are
imposed just the same. By working backwards from the requirement, a
relevance analysis would establish what it was designed to accomplish, the
probability of this event happening in the organization and what impact it
would have it is did happen. A common example is the raft of requirements
in ISO 9001 on document control. Why so many requirements when in a
computerized environment, document control is a given? Why would anyone
want to use an unauthorized document? The use of Intranets has made this
requirement obsolete. The requirements appear more relevant to an age when
information was produced on a typewriter and documents were distributed
manually. While computerization may have solved some of the issues
concerned with controlling paper documents, it has brought in new risks
such as computer viruses and data security threats.
If you would like to know more about
our approach to Risk Assessment try out our Risk
Assessment Tool or contact us |
