BUSINESS STANDARDS
is the quarterly magazine of BSI Group, highlighting the vital role that standards play in today's business environment. Regular features include interviews with leading business figures, as well as news on the latest developments in management systems and standards.
Viewpoint
Question: Why is risk management important to business?First, there's more to risk management than just managing risk. Most organizations will talk about risk assessments, but the question is: what are they assessing? If you don't know what the threats are, then how can you conduct an effective risk assessment?
Organizations should assess the threats to the business and then determine the risk of those threats coming to fruition and damaging the business. It may be that only a few threats need to be considered. This is important because otherwise businesses could waste time reviewing every single possible risk and try to cope with all of them, when it could be that they don't need to do half as much as they think they need to do. This is where guidance found in standards such as BS 31100 is invaluable.
Second, risk can represent opportunity. After all, there are always risks involved in business, but sometimes those can become opportunities, if handled properly. If organizations conduct their assessments from a positive perspective, wherein risk doesn't automatically equate to a cost, then this can have very positive impact on the business. In some cases, risks are good things and a choice has to be taken whether it's worth the risk.
Third, most business already employ some degree of risk management. However, many do not have a formal risk management system in place; they tend to be reactive, rather than based on potential risks. Instead of asking why risk management is important to business, the real question is: why is it important to implement a formal risk management system, such as that outlined by BS 31100?
The simple answer is that it's important for the same reason that any formal management system is important: they help organizations put controls in place so that risks are kept to a minimum and opportunities are maximized.
All management systems standards - whether ISO 14001 Environmental Management Systems, OHSAS 18001 Health and Safety or BS 25999 Business Continuity have an element of risk management. Any business that has an effective management system in place is already employing a form of risk management or at least risk mitigation. Using BS 31100 to assist with risk management is not difficult and could have tremendous impact on the business as a whole.
John Hele, global product manager - risk, BSI Management Systems
Risk management is the discipline of identifying and evaluating levels of risk using an appropriate, consistent and repeatable process across parts or the whole of an organization. Risk management does not seek to eliminate risk, as this is rarely achievable, rather to create an environment where appropriate business decisions can be made.
The benefit that it brings is to allow an organization's management team to make decisions based on objective and comparable information, rather than subjective intuition. Risk management identifies where resources should be directed to reduce or mitigate unacceptable risks. Just as importantly, risk management also identifies those risks that can appropriately be accepted thereby avoiding or reducing unnecessary spending, or transferred by, for example, insurance or outsourcing. The Combined Code for Corporate Governance describes profit as being, in part, the reward for successful risk taking in business. By adopting a structured and objective approach to risk management, the organization will have a greater control over its destiny and is more likely to reap a higher reward.
Mike Softley, senior risk consultant, Ultima Risk Management Ltd
Business Standards © 2007. Editorial produced by Caspian Publishing in association with the British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
Are you "Fit to supply" 2012 Olympic Games?
Business Link, the support and networking agency funded primarily by the Department for Business, Enterprise and Regulatory Reform (BERR), is working with BSI to help companies in their goal to win contracts for the 2012 Olympic Games.
With over 30,000 commercial fires handled by the fire service in the UK every year, the demand for a more fire-safety conscious approach to commercial buildings has been high for years.
BSI British Standards has launched its online Draft Review system for national Drafts for Public Comment (DPCs).
"Close protection services" in the UK are intended to establish and maintain a safe working environment for a person at risk. Close protection operatives - otherwise known as bodyguards - face the unique challenge of using their specialized training to protect their charges as they go about their duties.
World Standards Day 2008 was on 14 October and this year, the theme was "Intelligent and Sustainable Buildings". The day highlighted the role of standards in everything from safety requirements to new technologies in the design and construction of such buildings.
Question: Do companies need to verify their carbon footprint?
Unless a business is regulated by some form of greenhouse gas (GHG) reporting and/or cap-and-trade regulation (as is the case for some 12,000 installations in Europe), rarely is there the need to either calculate or verify the accuracy of a carbon footprint.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
