In attempting to meet its business objectives, every organisation faces internal and external factors and influences which create uncertainty.
The effect this uncertainty has on an organisation’s objectives can be termed ‘risk’.
Enterprise risk management encompasses those activities which allow us to better identify, analyse and evaluate risks, and manage them proactively, in order to minimise any possible damage and maximise any opportunities.
It is important to note the last point, as risk often has negative connotations, yet there can be positive outcomes.
The other thing to note is that whilst the term enterprise is often perceived in different ways, it really is a universal term that relates to every organisation, irrespective of size (e.g. SME or multinational) or market sector (e.g. public or private).
Enterprise risk management is a continuous process and needs to be managed throughout the year in order to help protect your organisation from an array of everyday threats.
One key requirement is that you need to ensure risks are managed logically and systematically. This is where ISO 31000, the International Standard for Risk Management can help by providing principles and generic guidelines.
While all organisations consciously or unconsciously manage risks to some degree, ISO 31000 establishes a number of principles which your organisation can follow in order to make risk management more effective.
This International Standard is based on developing, implementing and continuously improving a risk management framework which is totally integrated into an organisation’s corporate governance, management system, values and culture.
By adopting an ISO 31000 approach across your enterprise, you can ensure risk is managed efficiently, effectively and consistently.
The versatility of ISO 31000 means that its principles and guidelines can be used to manage any form of enterprise risk in a systematic and transparent manner, and within any scope and context.
As such, the starting point with any risk management process is to establish the context, e.g. capturing objectives, stakeholders, risk criteria.
The fundamental risk management process is depicted in the figure.
Enterprise risk management software can support your organisation by helping you to identify, analyse and evaluate risks across your business in a uniform, predetermined approach.
The end result is that the process for assessing and managing all risks is identical and risks can be treated based on your organisation’s risk appetite.