Risk Management Ltd

 
A new exotic disease is identified each year
A new exotic disease is identified each year
Transport links and supply chains cut - effective business continuity management needed
Transport links and supply chains cut - effective business continuity management needed
A risk management training course for 200 people in the Philippines
A risk management training course for 200 people in the Philippines
Fire-fighting water run off into an ecologically sensitive lagoon
Fire-fighting water run off into an ecologically sensitive lagoon
The 2007 Ruapehu lahar resulted in closure of roads and the main rail line - supply chains were cut
The 2007 Ruapehu lahar resulted in closure of roads and the main rail line - supply chains were cut
Risk communications should be plain English and written for the target audience
Risk communications should be plain English and written for the target audience
Effective corporate governance requires effective risk management
Effective corporate governance requires effective risk management
The timber industry, a key New Zealand industry
The timber industry, a key New Zealand industry
Fire destroyed a distribution centre in two hours resulting in sale of the business
Fire destroyed a distribution centre in two hours resulting in sale of the business
LPG storage site meeting international best practice
LPG storage site meeting international best practice
Major disasters can prevent access to otherwise undamaged workplaces
Major disasters can prevent access to otherwise undamaged workplaces
Counterfeiting is a major source of risk
Counterfeiting is a major source of risk
New Zealand wool carpets in store
New Zealand wool carpets in store
Unreinforced masonry buildings can collapse in earthquakes, damaging adjacent property
Unreinforced masonry buildings can collapse in earthquakes, damaging adjacent property
Access to good risk management information is critical
Access to good risk management information is critical
Change in iron ore price resulted in thefts
Change in iron ore price resulted in thefts
Aerosols proved to be a key risk source for a supermarket chain
Aerosols proved to be a key risk source for a supermarket chain
A simple human error
A simple human error
Do your communications give the right message?
Do your communications give the right message?
Most organisations are now highly dependent on telecommunications
Most organisations are now highly dependent on telecommunications
Damage to a water main - a key infrastructure
Damage to a water main - a key infrastructure
Terns living (mostly) undisturbed on a marine platform
Terns living (mostly) undisturbed on a marine platform
A risk management training workshop in action
A risk management training workshop in action
Oil pollution after a tank was over-filled
Oil pollution after a tank was over-filled
Critical services require effective risk assessments and business continuity planning
Critical services require effective risk assessments and business continuity planning
Bridge destroyed and gas pipeline out of action due to flooding
Bridge destroyed and gas pipeline out of action due to flooding
Blue asbestos was used illegally as insulation
Blue asbestos was used illegally as insulation

Publications

Risk identification: how and how many?

Risk is “the effect of uncertainty on objectives” which begs the question: “What are the objectives?”. Leaving that question for another short article, the questions here are “how should risks be identified?” and “how many risks should be identified?”.

Effective risk assessment – beyond the matrix

Many risk assessments are based on a simple analysis using a 5x5 matrix or similar. Such analyses may lack understanding of the organisational context and relevant risk criteria, and naming of risks may fail to describe them in adequate detail.

Often, analyses do not use techniques that provide more detailed information about risk events, consequences and their associated likelihoods; uncertainty may not be adequately considered and impacts on objectives not fully understood.

This paper uses some case studies to explore risk assessment techniques set out in ISO 31010: 2009 Risk Management – Risk Assessment Techniques to aid understanding of the nature and level of risks. Key definitions are drawn from AS/NZS ISO 31000:2009 Risk management – Principles and guidelines and ISO Guide73 Risk management – Vocabulary.

“All that man is; all mere complexities”: managing disruption-related risks

The first section of this conference paper briefly reviews some recent disruptive events in New Zealand and elsewhere and some disruption-related risks.

Some research into disruptions and management responses is then reviewed, showing many organisations consider themselves to be ill-prepared for disruptive events and that, in a world increasingly networked, they may have overlooked loss of key components of their networks. Further, highly threatening disruptions can arise from new business models implemented by competitors or as a result of a disruptive technology. It is argued these factors demonstrate the need for management of disruption-related risks and that this should be part of the overall business strategy of an organisation.

The paper then explores how organisations can more effectively assess and treat potential disruptive events, including changes in particular circumstances. Assessing disruption-related risks requires techniques that seem rarely to be applied at a strategic level. Examples of some appropriate techniques and a brief discussion of business impact analysis are given.

It is argued that, in contrast with traditional emergency and business continuity management, the management of disruption-related risks should extend to include potential changes in the organisational context.

It is concluded that resilience is an ephemeral condition: as soon as the context changes, resilience must change to match the new conditions. Plans alone are insufficient for resilience.

The paper draws information from New Zealand and elsewhere and advocates adoption of the AS/NZS 5050: 2010 Business continuity: management of disruption-related risk framework and process, as this facilitates an integrated, management-led approach to continuity, discontinuity and context-sensitive resilience, competitive advantage and stakeholder value.

But how do you integrate risk management? A book review

Risk Management in Organisations: an integrated case study approach by Margaret Woods, publisher Routledge; 176 pages.

How do other organisations implement risk management? How does it work for them? Where can I find some case studies to give me some ideas? Consultants glean ideas from experiences with clients but, in all honesty, do we know how long the apparent successes last? Risk managers may learn what works in one or a few organisations but can their successes be replicated elsewhere? Such questions are often asked within the risk management community. Answering them may be difficult in New Zealand where we have a small economy; how do we get answers from larger economies and organisations?

MORT and all that

The Management Oversight and Risk Tree (MORT) method was developed in the 1970s by the US Government to help ensure high levels of safety and quality assurance in the American energy industry. MORT is a generic analytical procedure still used for inquiring into causes and contributing factors of events. It can also be used to analyse risks.

Risk appetite and criteria compared, considered and developed

Risk appetite is defined in ISO Guide 73 Risk management – Vocabulary as “the amount and type of risk an organisation is prepared to pursue, retain or take”. Other definitions exist including the COSO 2004 definition “risk appetite is the amount of risk, on a broad level, an entity is willing to accept in pursuit of value”.