In the past decade, the need to improve organizations’ capability of coping with the changing environment and multiple uncertainty factors has risen significantly. Managers from different market sectors are implementing various methods and processes in order to handle uncertain events with an emphasis on managing their negative impact on organizations and projects managed within them.
The reasons for this are many. Technology and work methods are becoming more complex, while the business landscape is characterized by competitive play rules and regulatory norms, such as the Sarbanes- Oxley (SOX) Act and Bazel regulations, and international models, such as CMMI®. Recent research has demonstrated that those organizations that are implementing effective risk management processes are significantly increasing their chance to reach the goals set before them by reducing operational costs.
While attempting to meet the challenge, a project manager is confronted with
a myriad of tools and methodologies hosted under the same roof of “Risk Management” promising streamlined solutions to managing operational uncertainty within an organization. It is not surprising that Googling for “risk management software” yields not less than 135 million results.
In the course of many years, national and international risk management regulations aimed at streamlining risk management methodologies have been circulated in several countries, Australia, the UK, Canada, the US, and Japan among them. In addition to that, many international institutions, such as the Project Management Institute, the Institute of Electrical and Electronic Engineers, the International Electro Technical Commission and the Federation of European Risk Management have done the same.
The Israel Standard for Risk Management
The Israel Standards Institute established a Technical Committee for Risk Management aiming to assess the ways this issue is regulated in the country. The committee set two tasks before itself:
o Formulating the Israel risk management standard customized to the public needs and culture
o Knowledge flow related to risk management and emphasizing assistance to institutions operating on the international market
After two years of extended research activities it was decided to base the new Israel risk management standard on the existing one of the Standards Institute of Australia and New Zealand – AS/NZS 4360:2004. This standard has been updated several times reflecting very well the leading methodologies in this field. The new standard is not intended for certification purposes. It has an instructive purpose for different organizations that target establishing operational risk management processes on the basis of best practices worldwide.
The standard is compatible with a wide range of international standards and its process related concept is similar to the one found in the quality group of standards. The standard contains relatively general instructions; therefore, organizations adopting it can customize tools and methods to its needs implementing the proposed process across its different phases. The standard is accompanied by an instruction guide that details the tools that can be used for implementing the process the way it is set forth in the standard.
The New Israel Standard – Major Characteristics and Updates
Risk Management Concept
The standard defines risk management within an organization as an iterative process aimed at reaching an appropriate balance between profit opportunity utilization and reduced losses on the one hand, and improving decision making and organizational performance on the other.
The standard positions risk management as an integral part of organizational management and culture relating it both to setting up streamlined work processes and customized tools that will enable the organization to manage them. In management circles, it has been customary to regard risk management as dealing with the negative implications of business events and preventing it. However, the risk management standard rules that exposure to risks may have a positive outcome for an organization based on the definition of risk as an exposure to uncertainty results, or a deviation from the planned or the anticipated.
Risk Management Process
The process described in the new standard is presented in Figure 1 below. As it was mentioned above, it fits the internationally acceptable standards and processes to operational risk management and to the risk management definition of the PMI®. The process comprises several iterative phases that have to be assimilated into the procedures and culture of an organization for achieving continuous improvement and the best management practice.
Risk Management Process – Main Components
The analysis of the internal and external contexts of the risk management process that form the process landscape setting up measurements and criteria required for risk measurement and analysis.
Identifying the risks the organization/project/process are exposed to, including their characteristics- period of occurrence, possible reasons for occurrence, ways of expression and impact on organizational activities, including their impact on preventing the realization of organizational goals, or, on the contrary, their contribution to it.
Evaluating the relative significance of identified risks, the probability of their occurrence and implications. This analysis will be performed versus the probability of risk occurrence results.
Risk Ranking and Evaluation
A comparative risk level assessment calculated against the measurements periodically defined, or a calculated comparison of possible gains versus losses, thus, enabling one to make management decisions tailored to the required risk handling scope.
Establishing and implementing action plans assessed in terms of costs benefits aimed at increasing the possible benefits and reducing the possible costs.
Monitoring & Reviewing
The monitoring of risk management phases is aimed at achieving the state of continuous improvement. Moreover, there is a commitment to monitoring the risks themselves and effectiveness of the actions taken to handle them. The monitoring process enables an organization to use relevant action methods versus the changing circumstances.
Communication and Consulting
Consulting with different stakeholders within the organization in relation to the relevant information derived from the risk management process, across all of its phases.
Summary – Added Value to the Organization Working According to the New Standard
Implementing the risk management standard as part of organizational procedures and tailoring it to the specific needs of the organization will yield improved functioning, better organizational culture and more effective resource allocation. Organizations will be better geared to identify threats and utilize the untapped positive potential of uncertainty. PME TEFEN is well-familiar with many market sectors and business landscapes. The company consultants (many are PMP®-certified) have accumulated extensive experience in implementing risk management in leading companies. Our professionals are well experienced training instructors that will assist your organization in establishing a risk management training program and workshops, coaching your stakeholders and supporting the process from the plan preparation phase to customized implementation integrating the process itself within the organizational procedures and culture.