Increasingly organisations are turning to the ISO 31000: 2009 “Risk management principles and guidelines” to establish a mature risk culture that delivers a more resilient and better performing organisation.
When coupled with senior executive engagement, a good software tool supports the ISO 31000 principles that make risk management effective:
- Creates and protects value
- Integrated as part of executive decision making
- Addresses uncertainty in a systematic, structured and timely fashion
- Based on the best available information
- Transparent and inclusive
- Inclusive of human/cultural factors
- Dynamic and iterative, facilitating continual improvement
- Incorporated as part of organisational responsibilities
Risk Decisions’ Predict! risk management and analysis software embraces the ISO 3100 Standard’s Principles, Framework and Processes. Predict! delivers all these within a seamlessly integrated working environment that focuses on speed, simplicity and a great user-experience that encourages adoption.
Predict! facilitates ISO 31000 standard’s approach by:
- Removing many of the barriers to successful use of a software tool: designed with workflow at its core.
- Satisfying the needs of different user roles, programs, terminology and processes with its flexible configuration program/ business unit specific scoring systems.
- Bringing the most important information to the attention of programme leaders, business functions, and the executives, through comprehensive reporting capability.
- Enabling users to see at a glance whether action plans are going to deliver the target potential benefits and reduction in cost/schedule impacts.
- Prompting risk and action owners to update and status their assigned actions to ensure that there is an accurate picture of the risk profile as the program progresses. This dynamic view of the program provides distinct advantages in enabling changes to be made to the risk strategy as needs require, and before it becomes too late to make effective changes.
- Making it fast and easy for risk and action owners to update information to improve engagement and productivity.
- Analysing the potential cost and schedule consequences of risks using the seamlessly integrated Predict! Risk Analyser. This includes using ‘What-if’ analysis to explore different scenarios.
ISO 31000 Framework
Predict! also supports the Framework’s main role of providing the structure for risk: identification, analysis, evaluation and treatment. Notably, the ISO 31000 Process steps:
1. Communicate and consult
Facilitating communications with internal and external stakeholders, as appropriate, at each stage of the risk management process and in relation to the process as a whole.
2. Establish the context
Establish the external, internal and risk management context in which the rest of the process will take place. Criteria against which risk will be evaluated are established and the structure of the analysis.
3. Risk Assessment
Identify risks: Identify where, when, why and how events could prevent, degrade, delay or enhance the achievement of the objectives;
Analyse risks: Identify and evaluate existing controls. Determine consequences and their likelihood, and hence, the level of risk. This analysis will consider the range of potential consequences and how these may occur;
Evaluate risks: Compare estimated levels of risk against the pre-established criteria and consider the balance between potential benefits and adverse outcomes. This enables decisions to be made regarding the extent and nature of treatments required and effect on priorities;
4. Treat risks
Develop and implement specific cost-effective strategies and action plans for increasing potential benefits and reducing potential costs.
5. Monitor and review
Monitor the effectiveness of all steps of the risk management process. This is important for continual improvement. Risks and the effectiveness of treatment measures need to be monitored to ensure changing circumstances do not alter priorities.
A core benefit that the ISO 31000 process brings is from encouraging users to follow a structured approach to identifying, accessing and managing risks (assessing program activities that may trigger a risk). Thereby avoiding the frequently seen disconnect between the risk register and the, more important, follow-through on mitigation strategies.
Risk Decisions has designed Predict! to fully support organisations applying all elements of the ISO 31000 standard. We have taken this to the next level by ensuring that users will find it easy to see what they need to do and when to create and protect value within their business.
To find out more about ISO 31000: 2009 or to purchase a copy click here.