that provides businesses with guidelines and principles for risk management from the International Organization for Standardization . ISO 31000 seeks to help organizations take a methodical approach to risk management through a well-defined risk management process .
There are three high-level steps in the risk assessment process that are described by the risk management process : Identifying risks , analysing them , and evaluating the business impact ( s ) of the identified risk .
Risk assessments are an excellent tool to lessen uncertainty when making decisions , but they are frequently used incorrectly when they are not directly related to the broader decision-making process . The inability to conceptualize a risk assessment as decision support , decouples the analysis effort from business goals . It is timeconsuming to conduct assessments when there is no decision to be made , when there is insufficient information , or when it is unclear what the decision-makers ' preferences are . Understanding the factors that led to a decision , as well as their motivations and available options , aids in framing the assessment in a relevant way .
Components Of A Decision
Every organization deals with risk . However , because the majority of investors in a business are risk-averse , businesses should only assume additional risk if they anticipate a “ larger than fear Return on Investment ”.
Intelligence activity stage , design activity stage , and choice activity stage are the three stages of a decision . They provide the basis of decision-making ; one cannot make an effective decision without all three . Enterprise Risk Management ( ERM ) therefore has a connection to the three stages of the decision-making process . It is simple for risk managers to recognize how these stages support a risk decision once they are aware of how they interact with one another .
I will rely on ISO 31000 framework and guidelines to illustrate the application of risk-assessed decision-making principles in the context of a business or project .
Intelligence activity stage
At this stage , we pinpoint the problems and difficulties a company is facing . While middle managers focus on operational issues and challenges that pose a risk to operations , the board and senior management analyse strategic issues and challenges that lead to strategic risks . The assurance function ' s role is to identify issues and challenges leading to compliance risks against defined rules , procedures and regulations .
According to ISO 31000 , this stage mirrors the Risk Management Process of establishing the context . The context here comprises of the establishment of internal , external and risk criteria . In particular , the context defines the scope for the risk management process and sets the criteria against which the risks will be assessed . The scope should be determined within the context of the firm ' s organisational objectives . Further , the Intelligence activity stage is also linked to the step of risk assessment , which consists of three substeps : risk identification , risk analysis , and risk evaluation .
Design activity stage
At this point , we identify the problems and challenges and the corresponding risk category , and we examine potential solutions . The board and senior management search for suitable strategies , potential courses of action , and workable solutions . They weigh the benefits and drawbacks before deciding on a specific strategic move . While this is going on , the middle management is entrusted with making sure that a practical plan has been chosen and put in place to keep the organization ' s operational risk exposure within its risk appetite and tolerance and to comply with all the rules and regulations now in effect .
According to ISO 31000 , this phase is connected to risk assessment , particularly at the sub-step of risk analysis , determining the likelihood and impact of the risk . Additionally , it is connected to the other ISO 31000 phases because all potential options must be effectively conveyed to the relevant parties and routinely monitored and reviewed by the organization .
Choice activity stage
Following the creation of a list of alternatives , the choice activity stage begins , which involves critically analysing and evaluating the potential ramifications of all options before deciding on the most appropriate course of action . Creativity , sound judgment , and quantitative analysis abilities are needed at this stage .
According to ISO 31000 , this stage is connected to risk assessment , particularly at the sub-step of risk evaluation , which determines the scale of the risk impact and likelihood . The defined threshold is then used to determine if risk mitigation is necessary or not . If risk mitigation is necessary , the best course of action should be determined using a cost-benefit analysis . According to the decision theory , when making a decision , we must have a specific level of confidence that our choice is feasible and with a high likelihood of being carried out .
To effectively and efficiently manage the above three stages of the decision-making process an organisation must work towards establishing whether it is a risk mature or risk intelligent organisation .
A risk intelligent organization attempts to promote an integrated approach to risk management and assurance and to match risk management with organizational strategy . The Risk Intelligent Enterprise is made possible by ensuring risk governance permeates all levels of the enterprise .
To ascertain whether indeed in decision making an organisation is risk intelligent , the organisation ’ s leadership must ask the following hard questions and be true to themselves in answering the same : Do we currently exercise risk governance in decision making at the enterprise level ? How can we better align risk governance and risk management in decision-making across the enterprise ? How can we drive seamless risk management into our day-today business decisions ?
Conclusion
The performance of an organization can be greatly impacted by effective decisionmaking . You can exercise solid judgment and lead your team through the necessary frameworks and processes by honing your decision-making skills , which will lead to more data-driven decisions . These skills should include anticipating and overcoming organizational challenges by taking into account the risks associated with past decisions and the potential risks associated with current and upcoming decisions .
Its only when we understand the business value of incorporating risk in our decisionmaking process that we shall deliberately build the requisite risk management capabilities in our organizations .
Reuben Kisigwa is a strategic consultant and a certified competency-based curriculum developer . You can engage him vide mail at : RKisigwa @ gmail . com .