Risk Management

As stated by the International Standard ISO 31000:2018 on Risk Management, all activities of an organisation involve risk. Organizations manage risk by means of identification and analysis, followed by an evaluation whether or not the risk should be modified through risk treatment in order to satisfy the applicable risk criteria. Throughout this process the organisation communicates and consults with its stakeholders, and monitors and reviews the risk and the risk-modifying controls to ensure that no further risk treatment is required.

Each specific sector or application of risk management brings forth individual needs, audiences, perceptions and criteria. Therefore, a key feature is the inclusion of ‘establishing the context’ as an activity at the start of this generic risk management process. Establishing the context will capture the objectives of the organization, the environment in which it pursues those objectives, its stakeholders and the diversity of risk criteria, all of which will help reveal and assess the nature and complexity of its risks.

When well implemented, embedded and maintained, the management of risks enables an organization to, for example:

• comply with relevant legal and regulatory requirements
• comply with and international standards and norms,
• improve stakeholder confidence and trust,
• improve governance and controls,
• minimize losses and improve operational effectiveness, loss prevention and incident management, and
• improve organizational resilience.

Risk assessments, as part of risk management, are the structured process that identifies how objectives may be affected. It analyses the risk in terms of consequences and probabilities before deciding on whether further treatment is required. Risk assessment tools are used to answer the following fundamental questions:

• What can happen and why (risk and hazard identification)?
• What are the consequences?
• What is the probability of their future occurrence?
• Are there any factors that mitigate the consequences or that reduce the probability of the risk?

Based on the context, SyRiM can offer a wide range of risk management services and risk assessment tools, for example:

• structuring and integrating your Risk Management as defined in the ISO Standards,
• checklists,
• Hazard and Operability (HAZOP), Hazard Identification (HAZID) and Environmental Identification (ENVID) studies,
• Failure Mode Effect and Criticality Analysis (FMEA and FMECA),
• Layer of Protection Analysis (LOPA),
• BowTie analysis, and
• consequence/probability matrix studies.