When does risk management become a relevant tool in business?

Traditionally, risk management has been something we do only on occasion. It has been a stopping point or an intermittent activity aimed at proving that the current plans and actions are sufficient to steer clear of trouble.

Lately, and even more so recently with the renewal of the COSO ERM framework and the upcoming new version of ISO 31000, there is a trend towards making risk management an integral part of an organization’s processes and management activities.

To help you understand what «making risk management an integral part of an organization’s processes and management activities» really means, I have made a list of the types of questions that would entice risk management as a relevant tool in any business:

  • How might customer requirements impact the way we operate?

  • How might regulatory requirements, and any changes to those, impact the way we are able to operate?

  • Which threats could impact our projects?

  • What might threaten the company’s future?

  • How could our employees, our economy, our ability to deliver products and our reputation be impacted by unforeseen incidents?

  • Does our activity impact the environment and third persons in a negative way?

  • Which actions should be taken to avoid risk or loss of values to our company?

  • Which actions should be taken to improve our results?

  • How can we repeat successes?

  • Are there actions which could be taken to improve our product by e.g. making it more relevant, cheaper, increasing the customer base or improving its environmental impact?

  • How can we develop our work processes to make them more efficient?

  • Is there any way we can improve the performance of work processes for our employ