This is an overview my thoughts on Risk Management. Part I, “Guns, Telephone Books and Risk” discussed Risk Management as long lists of things that will never happen. Part II, “Anti-Fragile Risk Management” considered the concept of Anti-fragility in a risk management concept (ARM). This included an overview of ISO 31000 – Risk Management. The second blog also introduced the Seven ARMed Organization. That is an organization that has mastered these risk mitigation components:
- Purpose: Why Does the Organization Exist, what are its objectives?
- People: Does the Organization have adeptness to achieve its objectives?
- Process & Plant: Do the People have the right Operational knowledge to operate the systems they are responsible for?
- Product: Does the organization have a product or service that the market/society wants?
- Planning: Does the organization know how to do Operational and Tactical Planning to sustain or enhance the above?
- Governance: Does the organization have the strategic and leadership capacity to Change the Above?
- Risk Tested: What identified risks can be used to test the above to ensure they are functioning?
No Ordinary Ordinality
The Seven Components of ARM can be managed and worked on in parallel but there is a method in the selection of the order they are presented. If an organization does not have number 1 (objectives) at least started or well in hand component 2 (people) and onward becomes much more difficult.
Number 6 (governance) may surprise some people with its placement. From a Risk Management perspective, Governance has little impact on day to day risks. This is not to dismiss or discount it – but to put it into context that it has longer term or enduring impact as opposed to being a short term influence on risk management. This concept is demonstrated in the following diagram.
No Business Gurus Were Harmed in the Making of this Blog
The first six components have been fodder for a whole flotsam of business books. My focus will be to provide a high level explanation of why I included the component and answer the question why this component is important from a Risk Management perspective.
A Dive into the Pits of the Seven ARMs
The next series of blogs will consider each of the Seven ARMs in a bit more detail. At a minimum I would like to consider:
- The definition of each of the ARMs.
- Its linkage (if at all) to ISO 31000.
- Why is the ARM important?
- Example of Risks and Mitigation particular to this ARM Component.