The Risk Management standard ISO 31000:2009, released in 2009, has been guiding organizations with applicable and adaptable standards for best practices in Risk Management for the past 4 years. This set of standards can be applied to public, private, group or individuals and was not developed for specific industries or groups.
Implementing an ERM Solution
Whether you manage risk at the municipal, provincial, state or federal level, a framework to incorporate your risk management process is important. Putting tools in place to help planners address uncertainty, identify risk and analyze it in order to evaluate is critical. Tools help with documentation and storage of risk information such as scoring, checklists and assessments in one central repository.
This helps in providing an accurate view into organizational vs. enterprise risks so that when putting treatment plans together we can segregate the two and implement correct treatment actions. Implementing an ERM solution can be developed from existing business processes or re-engineered to find if there are gaps, but ultimately we want to follow the framework and remember a few key factors:
- Transferring accountability gaps within ERM
- Aligning objectives of the framework with ISO 31000
- Providing management reporting tools
- Creating standard risk criteria and evaluation metrics
In 4+ years ISO 31000 has become the standard for government and private enterprises to manage risk. We have recently seen a spike in the need for web based solutions to various government agencies to manage organizations’ and enterprise risk. We have found that the benefits of a centralized system have an easier time gaining traction with management as it impacts the bottom line, while creating a safer work environment.
One of my favorite resources to read and keep up to date on the ERM Landscape is the NC State University Poole College of Management. They have a fantastic ERM Initiative; check out their Library of Business Case Studies for ERM articles.
Note, if you’re looking for more information on this topic, you can join this week’s webinar, Risky Business: Eliminating Risk Exposure in the Government Sector, discussing further how government organizations can mitigate hazards through data centralization.