This document outlines the steps and principles of risk management in enterprises, including risk management planning, risk identification, and risk monitoring.
Extract
[...] Risk and uncertainty can have good and bad outcomes for companies. Risk management is not a new concept; the principles and applications of risk management have existed since the 17th century in Europe. Many companies go bankrupt due to both unforeseen circumstances and their inability to consider the interrelations between different types of risks, such as operational, financial, and strategic risks. The concept of enterprise risk management proposed over the last decade has sparked growing interest among practitioners and academics. [...]
[...] The ISO 31000 standard uses the general term of ""risk management" in its standard. It defines risk management as 'coordinated activities to direct and control an organization with regard to risk; and defines the risk management framework as a 'set of elements that provide the foundations and organizational arrangements for designing, implementing, and maintaining, monitoring, reviewing and continually improving risk management throughout the organization ». The strength of the ISO 31000 risk management approach lies in the identification of the following elements: the risk owner, which is essential for accountability, communication and the importance of information. [...]
[...] Risk management tools and methods Various tools are available to enable the risk manager to set the levels of vulnerability of the company. In the first place, financial and accounting statements are an indispensable tool. Indeed, the examination of the financial statements updates the vulnerabilities to which the company is exposed. Therefore, it is wise to carry out an analysis of the balance sheets, as well as the income statements and the reports of the statutory auditor. These analyses make it possible to identify the risks likely to affect the company in the short or long term. [...]
[...] These documents may include board of directors' reports. Similarly, a competitor's advertising may turn out to be a risk and must be studied seriously. The diagram is a tool that describes through a graph or a sequence the activities of a company's process. This document allows updating certain failures of a process undertaken by the company, which could be the source of a shutdown of the entire system. Other tools can be used to diagnose risks. We thus find questionnaires both internally and externally, site visits to assess vulnerabilities, consultation of internal or external experts to audit the company, as well as projections into the future through an analysis of possible scenarios and development of fault trees. [...]
[...] Another popular risk management framework called Active Threats Opportunity Management (ATOM) was developed by Hillson and Simon (2007). Within the ATOM framework, threats and opportunities can be controlled in a single process by identifying and evaluating risks during two-day workshops. Kahkonen and Artto (2008) have also developed a holistic process model for GR, in which they have divided the GR process into base processes and auxiliary processes. The authors of this model have found that most existing GR process models are rigid, which sometimes limits the ability to cope with the dynamic nature of risk. [...]
