Every business faces risk. Risk can be defined as threats or uncertainties, real or potential, to an organization’s ability to meet its business goals and objectives.Managing risk to mitigate the impact of threats which have materialized, as well as prevent the occurrence of potential threats, is key element of any business process system.
It is impossible to manage risk in a business system whose processes have not been defined, documented, and standardized. In such systems, the lack of knowledge and understanding about the business system processes and their interaction is a major source of risk in itself. Where the business system is not understood and managed as a system of interdependent and interconnected processes, such systems tend to be unstable and unpredictable. Event-driven management and firefighting tend to be the order of the day in such systems.
Once the business system has been defined at the process level, the organization should work assiduously to improve process behaviour to reduce the causes of process variation and instability. A large part of this work will be concerned with standardizing process inputs and outputs, and reducing the sources of variation in the way daily work is executed.
At the same time, the organization should develop and wrap a formal risk management process around the entire business system. A formal risk management process can be developed and installed in the business system following best practice models, such as that defined by the ISO 31000 standard (Risk management – Principles and guidelines on implementation).
Risk management in the organization should always be value adding and systematic. it should be dynamic and responsive to changes in an organization’s internal and external environment, and it should be subject to continuous improvement and advancement. Developing, implementing, and managing risk management as a formal business process allows an organization to achieve these objectives.
One of the major, but often overlooked, function of processes is to mitigate risk and uncertainty. Processes are not just a series up of economic, physical, and virtual transactions – they are transactions which occur in an uncertain world. Risk management formalizes how an organization will ensure that the risks inherent in its business processes are effectively identified, assessed, measured, prioritized, and prevented.