SIGNS OF POOR RISK MANAGEMENT?
5 common symptoms:
- Uncertainty – the organization struggles to collect the right, or enough information about its risks. Checks are too infrequent. The scope of information about the organizations risk is narrow.
- Complexity – the organization is collecting enormous amounts of information about risk. Decision makers cannot interpret the information. Opportunities are overlooked.
- Ambiguity – the organization is not able to formulate the correct questions in order to understand its risk. Additional information is useless because risk is not understood.
- Equivocality – there are multiple interpretations of risk between individuals across the organization. Risk management is mutually exclusive or in conflict. A power struggle usually ensues between individuals with conflicting views and beliefs.
- Silo mentality (larger organizations) – different business units resist communicating information about risks across the organization. This typically leads to a condition of both uncertainty and equivocality.
HOW TO FIX THE PROBLEM
Choose the right risk management tools. Digitization, globalization, deregulation and the speed of competitive rivalry have changed the nature of business – almost beyond recognition in recent years. Risks are no longer linear, and many of the tools developed to provide risk management in the 1980s and 90s are now largely redundant.
It is also worth appraising new management tools and experimenting with different approaches while your management system is in operation: your management system needs to evolve = Never Stop Improving.
Understand the standards. You need to correctly interpret the terminology applied to ISO management systems. Risk is not always stated explicitly in each ISO standard. Terms like “suitable” and “appropriate” will often imply that you need to demonstrate a balanced approach towards risk based thinking.
Transitioning into a risk-intelligent business can take a considerable length of time and experience. The value of implementing an ISO management system (in particular the new 2015 standards) is that it determines the focus for a Risk-Based approach. But it does not tell you which business tools to apply – this choice is yours.
Risk is now a common thread within ISO standards and is weaved throughout ISO 9001:2015, ISO 14001:2015, OHSAS 18001 (soon to be ISO 45001) and ISO 27001:2013.
It is therefore of crucial importance that all systems and quality managers not only understand risk, but also adopt a risk based approach to both thinking and auditing.
Only then will you ensure that you proactively mitigate risks and strive towards continual improvement