How to do Risk Assessment–Establish the Context-Pt-1

2010-05-18 / How to do Risk Assessment / 0 Comments

[rev 15 Jul 2017]

The basis of sound risk methodology is to establish the context. I’ve found that if people pay attention to risk context at all, they often treat it as background information or a pro forma introduction. But it’s really a tool to ensure a rigorous and comprehensive risk assessment.

The original AZ/NZS 4360 addresses context, although mostly in connection with organization-wide implementation. The CAN/CSA-ISO 31000-10 and the accompanying Q850-10 Implementation of Risk Management – I was on the CSA technical committee – specify context for the purpose of applying the risk process.

Similarly, in the ERM Guideline that I wrote (edited since) when I was in BC Government, you’ll see Establish the Context (section 3.3). The idea is to write a short risk context statement following recommended headings. Use this more complete template for context posted in this article: Risk Assessment Template-Establish Context.

Establishing the context means to define the bounds of what you want to analyze for risk, whether a strategic or operational plan, industrial or administrative process, program, project or other management initiative. The context paper sets out the scope of the analysis and the criteria you will use to assess risk. NB: This means your work will be internally consistent, and the results defensible.

Apart from establishing scope and assumptions, there’s a second purpose to writing a context paper: it serves as an agenda to help the facilitator lead the team to identify risk in a reasonably comprehensive and ordered way.

In the next post I’ll discuss context in more detail.

Read More

Blog launch: risk management professional

2010-05-04 / Uncategorized / 0 Comments

This is blog about enterprise risk management – both ERM implementation in the organization, and how to do risk assessment in individual cases. I was Senior Manager, Enterprise Risk Management, in the provincial government (British Columbia, Canada) until the fall of 2008. I left to set up my own ERM consulting, and developed online risk management courses for RIMS – the Risk and Insurance Management Society, New York. There is still a lot left to say.

Risk assessment for business or public sector organizations needs to be a comprehensive and rigorous process, within a well-defined context. What we see (and studies show) is that people often don’t have great confidence in their risk identification process. Effective risk identification within a properly defined context quickly proves its value as a method to solve business problems.

Later there will be lots of opportunity to give views on related business topics, such as international business practices and innovation.

Thanks for taking the time out – comments welcome!

Read More