|
|
2. Risk management process In the Australian and New Zealand Standard 4360:2004 the risk management process is described with seven phases: 1. Establishing a context for risk management in your
organisation 1. Establishing a context for risk management in your organisation This includes:
2. Communicating risk management to your organisations Good communication and consultation is essential for risk management and attempts to:
3. Identifying risks in your organisation The aim is to develop a comprehensive list of the sources of risks and their consequences. There is not one right way to do this. Some strategies are:
4. Analysing risks in your organisation Some of the key questions in analysing the risks are:
Similar questions can be asked in relation to opportunities (ie risks with positive consequences):
5. Evaluating risks in your organisation Some of the key questions in risk evaluation are:
6. Treating risks in your organisation To effectively treat risks one needs to understand how risks arise. Some of the ways that risks are treated are:
In treating risks there will be trade offs between costs and benefits. One will have to make a judgment that the cost of reducing the risk is worth the benefit of the reduced risk. Key question: What is acceptable risk? 7. Monitoring and reviewing risks in your organisation Risk management is an ongoing process:
|
|