Regardless of the sector, risk management in institutions is no longer associated to occupational hazards or financial risks because it needs to be seen as an entity-level strategy and be key in strategic decision making.
This change has been implemented by the rise of a risk based thinking trend in management systems used by legal frameworks and international standards like ISO 31000. As a result, the new concept of risk is introduced to every organizational level and area:
The effects of uncertainty in the achievement of goals.
This new concept no longer labels risk as something negative and gives it a new focus: if we obverse the consequences we expected when we find or assume a risk, this may represent a positive value and generate opportunities. It is important to consider this perspective when developing risk analysis and assessment or self-assessment policies or methodologies.
Risk management is made up of a group of activities aimed at directing, managing and controling anything risk related that may arise in any process and may influence in the achievement of goals.
This process can be summarized in four points:
Follow Up and Examination.
This is the ambit in which organizations aim to accomplish their goals by analyzing the internal and external environments.
Work, economical, political, normative, among other environments can be validated in this ambit and companies must perform this validation at a national and international level, as well as any factor that may cause an impact in the company’s goals.
The internal ambit is made up of all which, at the center of the company, may influence in the way risk is managed. This is why management must be aligned with key organizational aspects: culture, structures, policies, and processes. The definition of risk management policies, risk assessment and distribution of responsibility is very important.
This implies identifying how goals may become affected, analyzing risks based on their posible consequences before deciding if they require additional treatment. This also provides institution officials a better understanding of the risks that may affect organizational goals.
These risk appraisal methods may vary from being very simple to very complex, but the essence must prevail, meaning that an institution must be reasonable in establishing criteria based on the context.
Follow Up and Examination
After assessing risk, and understanding of the available options or alternatives to apply a change in the possible incident materialization must be met, as well as their possible conclusions. This must be followed by instituting the necessary measures, and later re-examining the risk to identify its tolerance.
Finally, but just as important, a re-assessment or continuous monitoring must take place to examine the established criteria and ensure their validity, as long as the established goals are met, and confirming that the strategies and treatments have been efficient.