7.- WHO DOES THE RISK ANALYSIS?
“A risk management process requires leadership from the board and the backing of all levels of the organization”.
The
management board of the company is responsible for the organization's
risk management strategy. It's the board's role to ensure there is a
current risk management strategy that includes a written version of:
-
The procedures the organization related to risk assessment and
management.
-
The policies put in place to avert the risks that have been
identified.
- The measures taken to cope with the consequences if the identified risks come to pass.
“The
risk management program must consider activities at all levels of
the organization”.
The board have to assign as well a small number of staff members
(risk committee) to work on the matter. The development of a risk
management strategy involves the exercise of good judgement and
reasonable foresight to identify those risks that are both serious
and likely, and developing strategies to deal with them. When the
responsible party (risk committee) has pulled together a risk
management document that they think is feasible and achievable, then
they must take it back to the management board. The board will need
to be satisfied that:
If you're a very small organization, either do it yourself or appoint one person as a risk manager. If you're a slightly larger organization, set up a risk management committee with representatives from all the groups of people involved - the board, staff, engineering, suppliers, clients - to review the risks you face. Make sure that whoever is responsible for risk management knows they are responsible and is accountable for reporting back to the board on what's being done.
-
The procedures for identifying risks are adequate.
-
The policies are a reasonable balance between cost and risk.
-
The organization will be adequately protected if the worst happens.
- The strategy clearly identifies who is responsible for the implementation of each element of the plan.
- That there is a clear timetable for the achievement of each such element of the plan.
- That the resources necessary for implementation of the plan have been itemised and authorised.
If you're a very small organization, either do it yourself or appoint one person as a risk manager. If you're a slightly larger organization, set up a risk management committee with representatives from all the groups of people involved - the board, staff, engineering, suppliers, clients - to review the risks you face. Make sure that whoever is responsible for risk management knows they are responsible and is accountable for reporting back to the board on what's being done.