The Risk Management standard
Business activities and decisions can be classified in a range of ways, examples of which include:
- Strategic – These concern the long-term strategic objectives of the organization. They can be affected by such areas as capital availability, sovereign and political risks, legal and regulatory changes, reputation and changes in the physical environment.
- Operational – These concern the day-today issues that the organization is confronted with as it strives to deliver its strategic objectives.
- Financial – These concern the effectivemanagement and control of the finances of the organisation and the effects of externalfactors such as availability of credit, foreignexchange rates, interest rate movement andother market exposures.
- Knowledge management – These concern the effective management and control of the knowledge resources, the production, protection and communication thereof. External factors might include the unauthorized use or abuse of intellectual property, area power failures, and competitive technology. Internal factors might be system malfunction or loss of key staff.
- Compliance – These concern such issues as health & safety, environmental, trade descriptions, consumer protection, data protection, employment practices and regulatory issues.
What I found slightly peculiar though, was this sentence on page 12:
An organisation’s risk management policy should set out its approach to and appetite for risk and its approach to risk management.
Note the word “appetite” for risk. Indeed, risk goes both ways, and sometimes deliberately seeking out risk can deliver a competitive advantage. Risk is not something that should be avoided at all costs.
Download
The Risk Management standard can be downloaded here: IRM Risk Management Standard
The Risk Management standard is available in Arabic, Chinese, Danish, English, French, German, Greek, Italian, Japanese, Dutch, Polish, Portuguese, Russian, Spanish and Swedish.