Management and Assessment to ISO 31000
risk analysis and risk management in the organizational resilience
organizational resilience management system must be based on an
effective risk assessment process. This involves the identification of
possible hazards and threats that could cause disruptive events to occur
that could interrupt part or all of the operational process. These
hazards and threats are not restricted to natural disasters or extreme
weather conditions but should include any event that could disrupt the
smooth running of the organization and prevent production and delivery
of goods or services or result in serious non-compliance situations. The
Organizational Resilience Software supports this risk assessment process
and simplifies what could otherwise be a complex and arduous process.
analysis and assessment processes are based on ISO 31000 concepts
ISO 31000 is the recognized standard of choice for setting up and
maintaining an effective risk framework. These concepts are fully
incorporated into the Organizational Resilience Standard [ASIS
SPC.1-2009] and likewise in the organizational resilience software. Four
of the five organizational resilience software products include a
comprehensive risk management infrastructure based on ISO 31000.
much risk is acceptable
described by Dr. Marc Siegel so succinctly in his paper “Societal
Security Management System Standards”, all organizations face a
certain amount of uncertainty and risk. In order assure sustainability
of operations and maintain resilience, competitiveness and performance,
organizations must have a system to manage their risks. The challenge is
to determine how much risk and uncertainty is acceptable and how to cost
effectively manage the risk and uncertainty while meeting the
organization’s strategic and operational objectives. Given the finite
resources of organizations, it is imperative that they have
business-friendly tools to address any array of threats, hazards and
risks they may face. Standards will be playing an ever increasing role
in the management of operational risks organizations face.
Avoiding segregating or siloing risk
integrated approach can help avoid segregating or siloing risks and
provides an overall risk profile allowing the organization to better
understand the relationships between risks and identify solutions to
problems. It leverages the perspectives, knowledge and capabilities of
divisions and individuals within an organization. Because of the
relatively low probability and yet potentially high consequence nature
of many natural, intentional, or unintentional threats and hazards that
an organization may face, an integrated approach allows an organization
to establish priorities that address its individual needs for managing
operational risks within an economically sound context.
Acceptance of risk is a necessary part of business
Risk analysis is recognized as the cornerstone of any resilience,
continuity or recovery process. Without the risk analysis process being
carried out in a structured manner, any resilience, continuity or
recovery planning will effectively be carried out in a vacuum with poor
prioritization and decision making. Acceptance of risk is a necessary
part of business but needs to be properly understood and managed if you
are going to make it work for you rather than against you.
Acceptance or reduction of risk part of the management process
Risk management has been generally defined as the identification,
assessment and prioritization of risks. However, there is a growing
realization that it should also include the formal acceptance of those
risks and/or an approved program of risk treatments to reduce residual
management framework conforming to ISO 31000
The Organizational resilience software delivers a risk assessment
process covering the risk management policy, risk management framework,
integration, communication, establishing the risk management context,
risk identification, risk assessment, risk analysis, risk evaluation,
risk treatment and ongoing review and accountability.
does the organizational resilience software deliver risk management?
The organizational resilience software delivers an extremely
comprehensive risk management process. Module 1.1 includes the risk
management framework and structure including policy and risk appetite.
Module 3.4 delivers a comprehensive range of potential hazards and
threats where the User can analyze each hazard and also add additional
hazards if desired. It supports the identification of potential
disruptive incidents and also the setting of probability and possible
consequences. It is a really easy process to work through and, when
coupled with the integral business impact process, also enables the
establishment of recovery times and cascades those requirements to all
assets, resources and operational processes.
The Organizational Resilience Software delivers risk analysis and impact
assessment in a unique way where these functions are closely linked so
that predicted consequences can be viewed and cascaded across the
organization. The software uses a clever mapping technique combined with
calculated recovery times and criticality values that are based on
parameters controlled by the User.