One of the biggest mistakes of failure in implementing risk management is taking the risk management framework as it is without considering the organization culture
Risk Management is implemented to pursue opportunities and effectively exploit the limited internal capability instead only managing the adverse affects due to uncertainties. It is important to identify up-front the organization expectation when implementing risk management such as improved decision making process in setting corporate strategy, reduced risk exposure in key areas, improve compliance, enhance efficiency on operations and profitability, etc. Organization that is struggling to effectively implement risk management or have not implemented a formal, proactive, structured risk management framework could use ISO 31000 as a useful guidance. ISO 31000 acknowledge the importance of continually enhance the risk management framework using 5 attributes as follows:
Full Accountability for Risks
Application of Risk Management in all Decision Making Processes
Full Integration in the Organization’s Governance Structure
One of the biggest mistakes of failure in implementing risk management is taking the risk management framework as it is without considering the organization culture. In order to enhance or get the risk management right on track using ISO 31000, here is the suggested “to do list” for smooth transition.
the example of transition process on ISO31000
Refine the Benefits/Impact of implementing ERM throughout the organization lead by the Boards and ERM Unit/Project Team and create a measurement process to determine to what extent these objectives will be achieved
Review and Update the existing risk management framework and amend the documentation to align with prerequisite elements in ISO 31000. Keep a record of enhancement as evidence of continual improvement.
Communicate the key changes to all organization personnel and notify them that the organization now follows an international risk management standard
Appoint the key risk owner for risk management ‘refresher’ training in order to encourage the risk owners to undertake a review of their risks and update their risk register
What is the mean of Risk Management Standard to your organization?
In the rising concern of Risk Management today, we have numbers of Risk Management implementation frameworks established by various nationwide bodies. Without one worldwide consensus on standard of Risk Management Implementation, the situation may lead us to various challenging and debating perspectives in deciding the most proper Risk Management implementation standard for our organization. Besides that, International Standard can also help an organization to comply with legal and regulatory requirements and international norms as well. Risk Management standard indeed contribute to the bottom line of organization but Risk Management standard provide only general description of the elements, processes, and activities required for risk management.
ISO 31000 provides a high level concept of Risk Management implementation that should not be in conflict with the existing and specific frameworks or methods of Risk Management implementation. Existing frameworks or methods may be different particularly in that they may not have as broad a perspective as ISO 31000. The most important thing highlighted in ISO 31000 is corporate culture since risk management cannot be implemented as a template;it goes along with the company’s specific needs and circumstances among others: the industry where they do business, complexity, size, strategy, and governance of the company.
In that ISO 31000 Seminar held by APB Group-Indonesia on August 6th, all of us were encouraged to have a new horizon in managing risks, means that Standard is a good guidance in implementing risk management and standard contribute in increasing visibility of the balance between opportunities and risk but standard itself is not a one-size-fits-all solution.
ISO 31000 Risk Management Standard, Jakarta, 06 August 2008