The Institute of Risk Management (IRM) is risk management’s leading international professional education and training body. Together with The Association of Insurance and Risk Managers (AIRMIC) and Alarm (The Public Risk Management Association) they published their Risk Management Standard in 2002. Good corporate governance requires that companies adopt a methodical approach to risk management, and the IRM Risk Management Standard provides the toolbox. Interestingly, but perhaps not so surprising, that standard shares much common views with the current views on supply chain risk.
The Risk Management standard
The risks facing an organization and its operations can result from factors both external and internal to the organization, and the risk management standard features a diagram that summarizes examples of key risks and shows that some specific risks can have both external and internal drivers, and therefore overlap the two areas. Risk identification sets out to identify an organization’s exposure to uncertainty.T his requires an intimate knowledge of the organization, the market in which it operates, the legal, social, political and cultural environment in which it exists, as well as the development of a sound understanding of its strategic and operational objectives, including factors critical to its success and the threats and opportunities related to the achievement of these objectives.
Business activities and decisions can be classified in a range of ways, examples of which include:
- Strategic – These concern the long-term strategic objectives of the organization. They can be affected by such areas as capital availability, sovereign and political risks, legal and regulatory changes, reputation and changes in the physical environment.
- Operational – These concern the day-today issues that the organization is confronted with as it strives to deliver its strategic objectives.
- Financial – These concern the effectivemanagement and control of the finances of the organisation and the effects of externalfactors such as availability of credit, foreignexchange rates, interest rate movement andother market exposures.
- Knowledge management – These concern the effective management and control of the knowledge resources, the production, protection and communication thereof. External factors might include the unauthorized use or abuse of intellectual property, area power failures, and competitive technology. Internal factors might be system malfunction or loss of key staff.
- Compliance – These concern such issues as health & safety, environmental, trade descriptions, consumer protection, data protection, employment practices and regulatory issues.
What I found slightly peculiar though, was this sentence on page 12:
An organisation’s risk management policy should set out its approach to and appetite for risk and its approach to risk management.
Note the word “appetite” for risk. Indeed, risk goes both ways, and sometimes deliberately seeking out risk can deliver a competitive advantage. Risk is not something that should be avoided at all costs.
Download
The Risk Management standard can be downloaded here: IRM Risk Management Standard
The Risk Management standard is available in Arabic, Chinese, Danish, English, French, German, Greek, Italian, Japanese, Dutch, Polish, Portuguese, Russian, Spanish and Swedish.