is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment - delivering ROI, saving costs, improving quality and mitigating risk. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.
Viewpoint
Question: Why is risk management important to business?First, there's more to risk management than just managing risk. Most organizations will talk about risk assessments, but the question is: what are they assessing? If you don't know what the threats are, then how can you conduct an effective risk assessment?
Organizations should assess the threats to the business and then determine the risk of those threats coming to fruition and damaging the business. It may be that only a few threats need to be considered. This is important because otherwise businesses could waste time reviewing every single possible risk and try to cope with all of them, when it could be that they don't need to do half as much as they think they need to do. This is where guidance found in standards such as BS 31100 is invaluable.
Second, risk can represent opportunity. After all, there are always risks involved in business, but sometimes those can become opportunities, if handled properly. If organizations conduct their assessments from a positive perspective, wherein risk doesn't automatically equate to a cost, then this can have very positive impact on the business. In some cases, risks are good things and a choice has to be taken whether it's worth the risk.
Third, most business already employ some degree of risk management. However, many do not have a formal risk management system in place; they tend to be reactive, rather than based on potential risks. Instead of asking why risk management is important to business, the real question is: why is it important to implement a formal risk management system, such as that outlined by BS 31100?
The simple answer is that it's important for the same reason that any formal management system is important: they help organizations put controls in place so that risks are kept to a minimum and opportunities are maximized.
All management systems standards - whether ISO 14001 Environmental Management Systems, OHSAS 18001 Health and Safety or BS 25999 Business Continuity have an element of risk management. Any business that has an effective management system in place is already employing a form of risk management or at least risk mitigation. Using BS 31100 to assist with risk management is not difficult and could have tremendous impact on the business as a whole.
John Hele, global product manager - risk, BSI Management Systems
Risk management is the discipline of identifying and evaluating levels of risk using an appropriate, consistent and repeatable process across parts or the whole of an organization. Risk management does not seek to eliminate risk, as this is rarely achievable, rather to create an environment where appropriate business decisions can be made.
The benefit that it brings is to allow an organization's management team to make decisions based on objective and comparable information, rather than subjective intuition. Risk management identifies where resources should be directed to reduce or mitigate unacceptable risks. Just as importantly, risk management also identifies those risks that can appropriately be accepted thereby avoiding or reducing unnecessary spending, or transferred by, for example, insurance or outsourcing. The Combined Code for Corporate Governance describes profit as being, in part, the reward for successful risk taking in business. By adopting a structured and objective approach to risk management, the organization will have a greater control over its destiny and is more likely to reap a higher reward.
Mike Softley, senior risk consultant, Ultima Risk Management Ltd
Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.
How do you put a price on a brand? An international standard in the making will provide a consistent, reliable approach to brand valuation.
A little bit extra for Kitemark® bodyshops and garages
It's all well and good for an automotive bodyshop to earn the Thatcham BSI Kitemark® for Vehicle Body Repair, but it won't have as much impact if potential clients don't know about it. As a consequence, BSI decided to offer an Extras marketing toolkit to bodyshops and garages that have earned the Kitemark.
A clear case for carbon neutrality
"Carbon neutral" sounds good on paper, but what does it really mean? Organizations are making claims about carbon neutrality for everything from products to travel, events, projects and buildings. The problem is that no one quite agrees what "carbon neutral" means or how far it extends.
Gerda, a leading developer and manufacturer of products for the security industry, has become the first company to be awarded the Kitemark for thief-resistant lock assemblies, in line with BS 10621:2007 Thief resistant dual-mode lock assembly.
Security is a challenge at the best of times for a retail bank. If you offer services via the internet, security becomes even more complicated. For Barclays UK Retail Online Banking, information security is at the core of their business, which is one of the main reasons the organization pursued and achieved certification to ISO/IEC 27001 Information security from BSI.
Question: Are health and safety issues at risk of being lost in the current financial turmoil?
When business isn't going well - whether it's due to a recession or simply because a company is going through a slow patch - there is a temptation to cut costs by cutting corners. Instead of treating an issue like product and consumer safety as vital to a organization's growth and reputation, it can become just another expense or regulatory requirement.
Have a standards-related question for BSI or a comment on the website? We'll find the right person to answer.
