Overview
ABSTRACT
Within the framework of a risk management system, the ISO 31000 standard recommends drafting an overall risk mapping i.e. identifying in the most comprehensive way the dangers faced by organizations. However, how is this process to be initiated ? With what partners? How can this notion regarding risks be defined from a rational perspective and not from a subjective one? A frame of reference regarding risks has to illustrate a shared vision of risks. This tool then has the ability to highlight changes, whether it be certain risks increase and others diminish. One of the major challenges of risk management consists in evolving from an individual and intuitive risk management to a collective and coordinated risk mastery.
Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.
Read the articleAUTHOR
-
Jean LE RAY: Co-founder and associate director of AD'APTUS, consulting and training in integrated organization management, Nantes. - Lecturer at the Institut international du management, an institute of the Conservatoire national des arts et métiers, as well as at various French and foreign universities. - Coordinator of Afnor's "Maîtrise des risques" loose-leaf binder
INTRODUCTION
The implementation of a risk management system often begins with the establishment of an initial global risk map, i.e. the most exhaustive possible identification of the risks incurred by the organization, followed by an assessment of the risks thus identified. At least, this is what the ISO 31000 standard on the subject, published at the beginning of 2010, recommends: "draw up an exhaustive list of risks based on events likely to cause, stimulate, prevent, hinder, accelerate or delay the achievement of objectives [...] whether or not their source is under the control of the organization [...]".
In this article, we'll try to describe how to organize a mapping project, but above all what are the prerequisites for implementing such a project.
How do we get started? Which players do we need to bring together? Can we arrive at a meeting with a blank page and ask the participants to tell us what the risks are and how serious they think they are? Wouldn't we risk producing a very partial result, based on recent events, fears and even individual "dada"? How can we ensure that the word "serious" has the same meaning for everyone around the table? Admittedly, there are reference events, effectively inscribed in the organization's collective memory. But is the context the same as that in which these events occurred? Would the gravity of those events be the same today?
Before answering all these questions, we must first assert that risk apprehension is always subjective, and that risk appetite differs from one individual to another: what is perceived as major by one of us may be considered perfectly derisory by another, and vice versa. Apprehension and appetence are the aggregation of a host of criteria. Some of these criteria are the foundation of who we are: our education, our studies, our values, our experiences, our convictions and so on. Others are much more contextual or situational, intra- or extra-professional: our professional motivations, our personal situation, our state of health, and so on.
So it's clear that, in order to establish a cartography, risk assessment has to be organized in such a way as to deal with this reality. We need to find rational elements that enable everyone to understand and share the results of an assessment produced by others. It's true that some of our companies lack risk analyses. But many others, and particularly the larger ones, suffer from having a lot of them, without having the key to reading the assessment made by Mr. X and that made by Mr. Y. Yet it is this "key" that makes risk assessment a genuine decision-making tool. It is "this key" that will give risk management the title of management system. It will enable everyone to share the same vision of the risks to which the organization...
Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference
This article is included in
Environment
This offer includes:
Knowledge Base
Updated and enriched with articles validated by our scientific committees
Services
A set of exclusive tools to complement the resources
Practical Path
Operational and didactic, to guarantee the acquisition of transversal skills
Doc & Quiz
Interactive articles with quizzes, for constructive reading
Risk management framework and global risk mapping
Bibliography
Standards and norms
- Management du risque, principes et lignes directrices. - ISO 31000 - 2010
- Lignes directrices relatives à la responsabilité sociétale. - ISO 26000 - 2010
Events
(non-exhaustive list)
Afnor training courses :
Systems integration and risk management – Risk management. ISO 31000 risk management: implement a risk management system (code 1008).
Systems integration and risk management – Risk Management. Risk Manager training cycle: master the tools of your position to succeed in your missions (code 1800).
...Exclusive to subscribers. 97% yet to be discovered!
You do not have access to this resource.
Click here to request your free trial access!
Already subscribed? Log in!
The Ultimate Scientific and Technical Reference