RCS - Risk Management

Lijntoelichting 2 (rand en accentlijn):    Back to competences

Robert attended the Risk Management in Banking programme at INSEAD and is practicing the ISO31000 standard for Risk management based on his ISO auditor competency.

Risk management is the identification, assessment, and prioritization of risks (defined in ISO 31000 as the effect of uncertainty on objectives) followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

Risk management is performed in a very structured and pre-defined way:

1. identify, characterize threats

2. assess the vulnerability of critical assets to specific threats

3. determine the risk (i.e. the expected likelihood and consequences of specific types of attacks on specific assets)

4. identify ways to reduce those risks

5. prioritize risk reduction measures based on a strategy

 

The International Organization for Standardization (ISO) identifies the following principles of risk management:

 

Risk management should:

· be an integral part of organizational processes

· be part of decision making process

· explicitly address uncertainty and assumptions

· be systematic and structured process

· be based on the best available information

· be tailorable

· take human factors into account

· be transparent and inclusive

· be dynamic, iterative and responsive to change

· be capable of continual improvement and enhancement

· be continually or periodically re-assessed

 

Robert includes all these principles in his work as a risk manager. In the end, risk management processes generate only four possible outcomes:

· Avoidance (eliminate, withdraw from or not become involved)

· Reduction (optimize – mitigate)

· Sharing (transfer – outsource or insure)

· Retention (accept and budget

.

Where enterprise meets excellence ……..