#194 – ISO AND ORGANIZATIONAL RISK – ROBERT POJASEK

Posted on by

AAIAAQDGAAwAAQAAAAAAAAuRAAAAJGJmZGQ0Njg0LWFlNDUtNDcyZC04MTVhLWJkNmM1Zjg1MGZmOQIn my online class at Harvard University, I teach my students how organizations create their strategic objectives from their mission statement, whether this is done explicitly or implicitly. Risk can be defined as the “effects of uncertainty” on setting and achieving their strategic objectives.  These “effects of uncertainty” are a deviation from what is expected in an organization’s internal and external context (Clause 4.1) of every new and revised ISO management system standard.

Effects are positive (opportunities) and negative (threats).  ISO 14001:2015 defines actions to address risks and opportunities (Clause 6.1) in planning as potential beneficial effects (opportunities) and potential adverse effects as threats.  No longer do we need to focus only on threats in the business of organizational risk.

RISK BASED TOOLS
We use a TECOP tool to find the opportunities and threats in the internal operating environment.  A PESTLE tool is used to determine the opportunities and threats in the external operating environment.  It helps to use a SWIFT tool ask the questions needed to work through the influences and factors to find the opportunities and threats.  It is easy to find hundreds of opportunities and threats with a well-executed search. Risk can only be assessed or successfully managed if the nature and sources of uncertainty are understood. Stakeholders (interested parties) may contribute additional opportunities and threats during the engagement process (Clause 4,2).

Similar to the process to determine the “significant” aspects in ISO 14001 (Clause 6.1.2), we can create a uncertainty assessment process using sense making and knowledge management to provide what is referred to as evidence-based information and analysis that assists leaders in making informed decisions on how to manage the uncertainty (Clause 5.1). An uncertainty identification and analysis process was developed in Australia when we used AS/NZS 4360:2004 before it became ISO 31000:2009.  This enables an organization to determine how to respond to opportunities and threats.

TYPES OF RISK RESPONSE
For the threats, the sequence of uncertainty evaluation is as follows: avoid, transfer, mitigate, or accept.  When deciding on opportunity response options one considers: exploit, enhance, share, and ignore.  An uncertainty management plan should provide fully defined and accepted accountability for opportunities and threats, controls, execution, and uncertainty responses for significant opportunities and threats. The evaluation of traditional risk assessment is prone to focus solely on threats. This organizational risk method favors capitalizing on the opportunities as a means of offsetting the threats.  This is very helpful since the treatment of threats has been known to create more threats – a nasty reality brought to us by the discipline of systems thinking.

As a practitioner in the world of organizational risk management, I realize that many leaders do not like opportunities. Author Edward De Bono states, “It is difficult to generate within an individual leader a feeling that there is a need to look for opportunities. Opportunity means hassle of one sort or another.  These leaders are trained to solve problems as they arise.  They are not trained to select opportunities in areas where they can avoid the treatment of threats.

LOOKING AT RISK OPPORTUNITIES
Times are changing. The ISO 31000 brand of risk management will help companies aspire to continual improvement, innovation and learning as captured in ISO 9004. This will be accomplished by acting on opportunities as opposed to the sole focus on threats.  Perhaps this is the beginning of the disruption that is taking place in the field of risk management. Now we can focus risk on meeting those critically important strategic objectives without the distraction of threats.

Bio:

Robert B. Pojasek, Ph.D.
Harvard University & Pojasek & Associates LLC
Risk Management & Organizational Sustainability
rpojasek@sprynet.com
(781) 777-1858  Office
(617) 401-5708  Mobile & Text
www.linkedin.com/in/bobpojasek
Organizational Risk Management and Sustainability:
A Practical Step-by-Step Guide
Now available as an e-book
http://tiny.cc/xz3fhy

Also available as an online action learning course

http://tiny.cc/y23fhy

Expert as environment, health & safety, and sustainability professional with a record of providing leadership, training and operational support to all levels of the organization; Implements new and revised management systems to drive EHS/sustainability program conformance throughout the operation; Integrates organizational systems of management using the ISO harmonized high-level structure; Provides support for organizations implementing sustainability/risk management practices featured in my book.

Leave a Reply

Your email address will not be published.