Risk Management is increasingly recognised as
being concerned with both positive and
negative aspects of risk. Therefore this
standard considers risk from both perspectives.
In the safety field, it is generally recognised
that consequences are only negative and
therefore the management of safety risk is
focused on prevention and mitigation of harm.
2. Risk Management
Risk management is a central part of any
organisation’s strategic management. It is the
process whereby organisations methodically
address the risks attaching to their activities
with the goal of achieving sustained benefit
within each activity and across the portfolio of
all activities.
The focus of good risk management is the
identification and treatment of these risks.
Its objective is to add maximum sustainable
value to all the activities of the organisation. It
marshals the understanding of the potential
upside and downside of all those factors which
can affect the organisation. It increases the
probability of success, and reduces both the
probability of failure and the uncertainty of
achieving the organisation’s overall objectives.
Risk management should be a continuous and
developing process which runs throughout the
organisation’s strategy and the implementation
of that strategy. It should address methodically
all the risks surrounding the organisation’s
activities past, present and in particular, future.
It must be integrated into the culture of the
organisation with an effective policy and a
programme led by the most senior
management. It must translate the strategy
into tactical and operational objectives,
assigning responsibility throughout the
organisation with each manager and employee
responsible for the management of risk as part
of their job description. It supports
accountability, performance measurement and
reward, thus promoting operational efficiency
at all levels.
2.1 External and Internal Factors
The risks facing an organisation and its
operations can result from factors both
external and internal to the organisation.
The diagram overleaf summarises examples of
key risks in these areas and shows that some
specific risks can have both external and
internal drivers and therefore overlap the two
areas. They can be categorised further into
types of risk such as strategic, financial,
operational, hazard, etc.
© AIRMIC, ALARM, IRM: 2002, translation copyright FERMA: 2003.
A RISK MANAGEMENT STANDARD
4
© AIRMIC, ALARM, IRM: 2002, translation copyright FERMA: 2003.
2.1 Examples of the Drivers of Key
E
X
T
E
R
N
A
L
L
Y
D
R
I
V
E
N
E
X
T
E
R
N
A
L
L
Y
D
R
I
V
E
N
FINANCIAL RISKS
STRATEGIC RISKS
OPERATIONAL RISKS
HAZARD RISKS
INTEREST RATES
FOREIGN EXCHANGE
CREDIT
COMPETITION
CUSTOMER CHANGES
INDUSTRY CHANGES
CUSTOMER DEMAND
M & A
INTEGRATION
LIQUIDITY &
CASH FLOW
RESEARCH & DEVELOPMENT
INTELLECTUAL CAPITAL
INTERNALLY DRIVEN
ACCOUNTING CONTROLS
INFORMATION SYSTEMS
RECRUITMENT
SUPPLY CHAIN
PUBLIC ACCESS
EMPLOYEES
PROPERTIES
PRODUCTS &
SERVICES
REGULATIONS
CULTURE
BOARD COMPOSITION
CONTRACTS
NATURAL EVENTS
SUPPLIERS
ENVIRONMENT
