|
Risk analysis has been one of the keywords related to business
world in the recent years. Taken out of
context, this term can relate to a variety of issues concerning projects,
finance and technology. It has to be stated, however, that risk analysis is a
part of a broader concept, i.e. risk management which helps to manage a given
organisation in a more effective way. The scope of risk to be managed is
organization specific and it can concern strategic, financial and operational
risks together with risk connected to fortuitous events. In order to cover all
kinds of possible risks, experts in this field have developed a comprehensive
approach to risk management called Enterprise
Risk Management (ERM), a perfect tool for the board and top management of
an organization to maximise its value.
Risk
management is not always directly presented in different management ideologies,
standards or legal regulations. As far as organisational order is concerned the
COSO standard is sometimes implemented. Moreover, each and every public company
in the US has to follow sox regulations and the ISO 27001 standard is
recommended for data security management. These good practices may have
different background and management objectives but they all have one common
denominator, namely, they are all concerned with risk analysis and risk
management.
Various
practices utilized around the world as far as ERM is concerned do not define
one and only way of implementing it. They only provide us with some guidelines
on how mechanisms crucial to ERM should be organised and at the same time they
capitalise on some already existing reliable solutions. As a result, no
standard determines how e.g. information on various incidents should be
collected.
When
implementing a risk management system in an organisation we have to make sure
that proper data collection channels (e.g. about critical points) as well as
response mechanisms to various incidents are operational. The collected data can be then used in a given
method to assess the risks and take preventive measures in case of unacceptable
risks. By monitoring the implementation of preventive measures and monitoring
the changing environment the organisation can to a certain degree become immune
to events with negative consequences.
Identifying
critical points, analysing and assessing the risk related to them, giving
information on the consequences and possible scenarios gives the management a
tool to achieve set objectives by optimizing the activities. Two basic factors
are the key to success. First of all, an effective mechanism by which the
management could assess risks and collect data essential to decision making on
a regular basis. On the other hand, top management has to be involved in
raising the awareness on the importance of risk management and its advantages
for an organisation to be managed in a modern way.
Offered
services:
- Identifying critical points taking into account
existing threats and risks
- Selecting an approach to and developing a method
of risk management
- Performing risk analysis and giving feedback on
risk assessment
- Determining risk mitigation plans
- Designing organisational solutions that mitigate
risk
- Creating risk monitoring mechanisms in an
organisation
- Running workshops for top management raising risk
management awareness
- Evaluating the existing risk mitigation
mechanisms
- Verifying and evaluating existing mechanism of
risk analysis and risk assessment
- Reviewing and updating critical points map in an
organisation
- Verifying the completeness and adequacy of risk
management in chosen areas
- Validating compliance with AS/NZS 4360, COSO, BS
7799-3 standards
|
