Risk management

A simple, disciplined approach to risk management

Every organization faces risks, from long-term strategic challenges to short term disruptions to natural disasters. Within your Phrontex system, risk management means —

  1. Making sure that you and your people are thinking about the risks of what they do. Any person who is accountable for an objective is responsible for identifying the risks of failing to meet that objective.
  2. Recording the risk and documenting the steps taken to reduce the likelihood or mitigate the consequences.

Phrontex provides a risk management framework based on the requirements of ISO 31000:2009 Risk management — Principles and guidelines. The risk register provides a simple way to define, track, and manage your organization’s risks. This is not just good management; it can also help manage the owners’ and directors’ legal liabilities, by providing evidence that they have taken reasonable steps to ensure that the organization’s activities are legal and safe.

Phrontex supports this approach to risk management —

Define your risk management policy

The aim is to ensure that the organization has a reasonable expectation of meeting its objectives. The policy might specify the risk assessment criteria (such as with a likelihood-consequence matrix) and stipulate the level of management required for significant risks.

Identify and assess your risks

Good management practice means that risk assessment is built in, as a core component of how the organization functions. Your risk assessment points will depend on the nature of your organization and its activities. They might include these —

Each significant risk should be recorded in the Risk Register.

Manage your risks

The risk register entry should record, or cross-reference, the actions and controls used to manage the risk. These might include —

Review and learn

If something goes wrong, or there is a failure to meet an objective, the circumstances should be reviewed against the risk register to consider if there were risks not identified, not recorded, incorrectly assessed, or inadequately managed.

Business planning and risk management

When you submit a business plan to potential investors, you hope to persuade them that you can achieve the planned objectives. A big question in their minds is: What are the risks? Even if you haven’t thought about it, they certainly will. What happens if the equipment fails? you have a fire? the senior manager gets sick?

You don’t normally include a risk register in business plan; but it might be appropriate to summarize it. New business is always risky: and if there’s no denying the risks, there can be advantage in addressing them head-on: Here are the key risks we face, and here’s how we will manage them... The fact of having a risk register at all will set you apart from many start-ups.