#206 – THE ORIGINAL SIX RULES OF RISK MANAGEMENT – ROBERT POJASEK

AAIAAQDGAAwAAQAAAAAAAAuRAAAAJGJmZGQ0Njg0LWFlNDUtNDcyZC04MTVhLWJkNmM1Zjg1MGZmOQ-150x150When AS/NZS 4360:2004 was morphed into ISO 31000:2009, we somehow lost the “six rules of risk management” to a popular investment phrase, ‘risks and opportunities’.  In the financial world, risk is a potential for a loss.  Opportunity is a potential for a gain. 

In the ISO world, managing risks should involves both threats and opportunities.  ISO 14001:2015 defines (i.e. Definition 3.2.11) ‘risk and opportunities’ as “potential adverse effects (threats) and potential beneficial effects (opportunities).”  Congratulations to ISO/TC-207, you helped clarify the risk management mission.

According to AS/NZS 4360:2004, “We manage risks continuously, sometimes consciously and sometimes without realizing it.  The need to manage risk systematically applies to all organizations and individuals and to all functions and activities within an organization.  This need should be recognized as of fundamental importance by all managers and staff.”

Rules for Risk Management 

Now that I have piqued your interest, here are the rules for risk management as found in AS/NZS 4360:2004:

  1. Managing risks involves both threats and opportunities. Risk management is about identifying potential variations from what we plan or desire and managing these to maximize opportunity, minimize loss and improve decisions and outcomes. Managing risk means identifying and taking opportunities to improve performance as well as taking action to avoid or reduce the chances of something going wrong.
  2. Managing risk requires rigorous thinking. Managing risk is a logical and systematic process that can be used when making decisions to improve the effectiveness and efficiency of performance. It is a means to an end, not an end in itself.  It should be integrated into everyday work.
  3. Managing risk requires forward thinking. Managing risk involves identifying and being prepared for what might happen rather than always managing threats retrospectively. Formal risk management encourages an organization to manage proactively rather than reactively.
  4. Managing risk requires accountability in decision making. The leader is responsible for managing risks in an organization and for defining the responsibility and authority for those who must act on a day-to-day basis. It is important to maintain the balance between responsibility for a risk and the ability to control that risk.
  5. Managing risk requires communication. Risk management takes place in a social context and in many circumstances an organization will need to interact with internal and external stakeholders to ensure that all relevant risks are addressed. In order to ensure that risk management actions are properly implemented and adhered to, it is important to ensure that effective communication occurs within an organization.
  6. Managing risks requires balanced thinking. A balance needs to be struck between the cost of avoiding threats or enhancing opportunities and the benefits to be gained.

Adding These Rules to Risk-Based Thinking

As our knowledge of “risk-based thinking” evolves, we should go back to the roots of risk management in the Australian efforts to create the first risk management standard (AS 4360:1995).  Management of risks is an integral part of good business practice and quality management.  Learning how to manage risk effectively enables managers to improve outcomes by identifying and analyzing the wider range of issues and providing a systematic way to make operational decisions.

Management of risk (opportunities and threats) needs to be more clearly articulated and specified in all the ISO management system standards.  However, it is not something that we should put off until the next round of management system.  After all, who is looking forward to that?

Bio:

Robert B. Pojasek, Ph.D.
Harvard University & Pojasek & Associates LLC
Risk Management & Organizational Sustainability
rpojasek@sprynet.com
(781) 777-1858  Office
(617) 401-5708  Mobile & Text
www.linkedin.com/in/bobpojasek
Organizational Risk Management and Sustainability:
A Practical Step-by-Step Guide
Now available as an e-book
http://tiny.cc/xz3fhy

Also available as an online action learning course

http://tiny.cc/y23fhy

Expert as environment, health & safety, and sustainability professional with a record of providing leadership, training and operational support to all levels of the organization; Implements new and revised management systems to drive EHS/sustainability program conformance throughout the operation; Integrates organizational systems of management using the ISO harmonized high-level structure; Provides support for organizations implementing sustainability/risk management practices featured in my book.

Leave a Reply

Your email address will not be published. Required fields are marked *