Risk is not something that organisations have a tendency to manage in an effective way. Many organisations give tacit recognition to risk management in their processes or have different people handling different aspects of it.
Times when risk management could be a mere afterthought for organisations are past. It is now essential, if not mandated in law, that organisations take effective steps to manage risk within the organisation.
In the spring of 2011 I wrote an article for this blog titled ‘ISO 31000, the Icelandic volcanic ash crisis and how to cope in similar situations’. This detailed how many organisations had been affected by the eruption of a volcano in Iceland and how to cope using the new (at the time) International Standard for risk management – ISO 31000 .
At the time of writing that article there was not much guidance available on implementing the new risk management standard. This void has now been filled by BS 31100 – which provides guidance on implementing a risk management process that meets the requirements laid down in ISO 31000.
Effective risk management needn’t be exclusive to larger organisations. With the standards above risk management can be employed by any organisation that wants or needs to manage risk effectively.