The basis of sound risk methodology is to establish the context. I’ve found that if people pay attention to risk context at all, they often treat it as background information or a pro forma introduction. But it’s really a tool to ensure a rigorous and comprehensive risk assessment. (In future articles, we can discuss subsequent steps in risk assessment.)
The original AZ/NZS 4360 (now replaced by ISO 31000) addresses context, although mostly in connection with organization-wide implementation. The CAN/CSA-ISO 31000-10 (public review copy) and the accompanying Q850-10 Implementation of Risk Management – I was on the CSA technical committee – specify context for the purpose of applying the risk process. Similarly, in the ERM Guideline ver. 2.2 that I wrote when I was in BC Government, you’ll see “Context Analysis to Prepare for a Risk Identification Session” (section 2.2.2, page 17). The idea is to write a short risk context statement following recommended headings. Use this more complete template for context posted in this article: Risk Assessment Template-Establish Context.
Establishing the context means to define the bounds of what you want to analyze for risk, whether a strategic or operational plan, industrial or administrative process, program, project or other management initiative. The context paper sets out the scope of the analysis and the criteria you will use to assess risk. NB: This means your work will be internally consistent, and the results defensible.
Apart from establishing scope and assumptions, there’s a second purpose to writing a context paper: it serves as an agenda to help the team identify risk in a reasonably comprehensive and ordered way.
In the next post I’ll discuss context in more detail.