The ISO 31000:2009 standard consists of risk management processes, frameworks and principles. It can be used by any organization, regardless of the size and sector of the business.
Businesses today exposed to a number of risks. These risks are inevitable and manageable. ISO 31000 without providing certain procedures and without the need for certification; focuses on some key principles and guidelines. The first step to take here is to understand the risks to be managed.
The concept of risk has traditionally been associated with the possibility of injury or loss. means exposure to hazards. However, the ISO 31000 standard adds a new dimension to the concept of risk and defines risk as: it is the positive or negative effect of uncertainty on targets. Considering this definition, the ISO 31000 standard gathers risk under 3 important categories. These categories are:
Disaster (If the event causing the uncertainty occurs, it will have negative consequences)
Control (the consequences of uncertainty are also uncertain)
Opportunity (If the event causing the uncertainty occurs, it will have positive consequences)
classified as.
Risks Causing Disaster:
Elements that threaten security; harmful chemicals, high current electricity or moving machinery. Typically in identifying such risks A 3-pronged approach is used:
one. Eliminating risk using engineering controls - This step involves redesigning equipment or processes. The goal of engineering controls is to eliminate all possible negative consequences.
2nd. Reducing risk using managerial controls - putting in place standards, procedures and practices to avoid contingencies that could have adverse consequences. For example, marking the floor with tape tape to separate forklift traffic from pedestrian traffic in a factory. Preparing work programs so that harmful activities can be carried out when fewer personnel are at work.
3. Protection of individuals from risks by using Personal Protective Equipment. For example, the obligation of employees to wear protective glasses and face shields during the welding process.
In addition to these, the ISO 31000 standard is not related to security, theft, etc. handles risks.
Control Risks:
Some types of risks are risks that can have uncertain consequences. Such risks are defined as control risks. Control risks are often associated with project management. Typically, they are at risk due to the project plan, budget and specifications, unknown and unexpected events and conditions. Most businesses make efforts to eliminate such risks. When assessing such risks, the benefits obtained should be compared with the risks incurred.
Opportunity Risks:
Examples of such risks the investment that any business makes in new technologies. Although new technologies are more costly in the long run, the benefit may outweigh the risk.
Risk Assessment and Risk Matrix
The two most important dimensions of risk are the severity of the outcome and the probability of its occurrence. These 2 dimensions should be taken into account when making a risk assessment.
Risk matrix; One of the tools used in risk assessment is the risk matrix. Risks can be compared with each other with the help of this tool, in which the severity and probability of the current risk are graded from 1 to 10 and graphed. According to this matrix, the risk exposure is equal to the probability of being significant multiplied by the severity level.