Risk Management: Back to the Basics
Risk Management and Social Engineering
Risk Management: Back to the Basics, Part 2
Part 1: Why Risk Management and Where to Start
Introduction: Why Risk Management?
Organizations, whether a SME or multi-national corporation face internal and external factors that make reaching their business objectives uncertain at best. This effect of uncertainty on objectives is widely defined as risk. Organizations face risk in all activities and therefore should establish a systematic approach to properly managing risk effectively. Risk management should be approached in a similar manner as any other business process. Your organization has defined it sales process for success, why not define a risk management process with the same goal in mind? Organizations can only succeed and grow through effective and successful risk taking. This article covers the basics of risk management and how to approach the process in a systematic manner.
As stated, in order to prosper, an organization must successfully manage risk. A balance between risk and potential return must be found. By creating this balance, an organization will maximize its return from beneficial risk and limit the damage caused by harmful risk. A successful risk management process will not attempt to completely remove risk, or avoid it at all cost, this approach is not possible. Ergo, an organization must start by identifying the major risk that exist and inhibit processes which enable these risks to be managed to an appropriate level. A level where beneficial risk can be exploited and harmful risk can be limited.
A successful risk management program supports organizations in the all of the following ways, among many others:
- Taking a proactive approach to organizational management
- Increasing the possibility of meeting organizational objectives
- Implementing a reliable decision making process[
- Improving operational efficiencies and effectiveness
There are countless strategies to approach risk management. Multi-national corporations are able to contribute immense resources, such as financial, human, and technical to the process of risk management. However, SME’s generally are unable to commit substantial resource to the risk management process. With this in mind, we will aim to address risk management in terms of SME’s with a simple and effective approach to risk management.
Where to start with Risk Management
Before you begin with the the risk management design and implementation process, your organization needs to determine its objectives, commitments and approach in regards to a risk management policy. Once this is determined, the risk management policy can be designed and implemented.
Step 1: Business Entity, Assets, and Threats Identification
Risk management starts with having a sound understanding of your organization. Risk management can be applied to all aspects of an organization. However, it may be appropriate to start with a single process or department. Determining which business entity’s risk is to be managed is the first step in establishing a risk management program.
Upon identifying the business entity which is to be assessed and treated for risk, a risk manager needs to work with key stakeholders in regards to said business entity to identify assets. Assets can be tangible or intangible, and considered as anything that brings value to the organization. In the spirit of simplicity and effectiveness, only essential assets should be identified. Think, can our business operate effectively without this asset? If the answer is no, include this asset in the risk management process.
Now that you have identified your organization’s essential assets, the next step is to identify the threats that exist to those assets. Similar to the asset identification process, threats should be considered if they would cause a major disruption to the asset, and the organization as whole. Start by identifying five to ten threats that have the potential to seriously harm organizational operations.
Once you have identified your business entity, critical assets, and major threats, it is time to move to the risk assessment and treatment process. We will cover this in our next post on this subject.
We encourage our readers to leave comments and share the topics we discuss with others.
