Implement a Simplified But Effective Risk Management System
How to Implement a Customised System For Small Entities That Is Effective and Does Not Take Up Too Much Time and Effort
Updated on Nov, 2023
Language - English
Duration -51 mins
This is the only practical risk management course that seeks to equip you with essential how-to knowledge to develop a simplified but effective risk management system, especially for small-sized organizations or entities. This course sets out the step-by-step simplified approaches and practical considerations for developing and implementing your organization's customized risk management system without over-engineering it.
At the end of the course, you will acquire practical but relevant information that will enable you to develop and implement your organization’s simplified risk management system with minimum effort and with maximum results and outcomes.
This course has been developed based on my in-depth experience working alongside small-sized organizations that have often struggled with putting in place the right-sized risk management practices that are effective and do not take up too much of their time and resources.
What I have often seen (and read) is that many smaller organizations implement the ‘standard’ risk management practices that are commonly found in larger organizations without much thought or understanding as to whether it is fit-for-purpose, and whether it is effective and efficient.
Unfortunately, many of these smaller organizations, especially not-for-profits, adopt these risk management ‘standard’ practices without fully understanding the essence and purpose of risk management, which is to increase the likelihood and extend of their organizational success, and to achieve organizational objectives within their given limited resourcing level.
I am conscious that these small organizations do not have dedicated staff to do risk management.
Instead, identifying and managing their risk, whilst it is an important management practice, is a small part of many other management actions they have to do as part of their everyday work. In most cases, many small-sized organizations do not have money to hire people to do their business-as-usual work.
To overcome many of the issues and challenges faced by small-sized organizations in implementing a robust but effective risk management system that does not take up too much time and effort, I have developed a strategic risk management approach that is both effective and simple.
Let's avoid over-engineering things. Life is already over-complicated and it has to be.
Having a ‘complicated’ or ‘off-the-shelf’ risk management practice is like using a mallet to kill a fly. And I see it all the time. It is truly a waste of time, a waste of precious limited organizational resources.
The key to implementing a successful and effective risk management system is to ruthlessly implement additional treatments that will only increase the likelihood and extend of their organizational success and achieve organizational goals.
Many organizations that I have been involved in as an independent member of their risk committee, and as a board member, and have seen through my advisory work have put so much effort into documenting their risks in a risk register as a compliance exercise that they have neglected the essence of risk management, that is being successful.
There is no discipline in ensuring that additional treatments are implemented within the stated timeframes. There is no simplified way of ensuring that their organization achieves its stated objectives within the clear boundaries of risk-taking and opportunity-seeking, which is their risk appetite and risk tolerance.
Many organizations have also struggled with articulating and applying the concepts of risk appetite and risk tolerance in their organization.
Therefore, it is pointless to have a ‘great’ documented risk register with lots of nice or fluffy words when it does not do its job of mitigating the identified risk to an acceptable level of risk tolerance.
There is poor execution and completion of the proposed mitigation actions, which only leads to poor organizational performance.
The only way we know whether an organization is doing effective risk management is when the organization is successful and achieves its stretched goals and objectives. Given that risk management is an objective-focused concept, your discussion of organizational performance and risk information must go hand-in-hand.
Great organizational performance must be conducted within the clear boundaries of risk-taking and opportunity-seeking. There is nothing wrong with having lots of critical risks that are well-managed in a well-performing organization.
The reality is that many of the risks documented in risk registers are common risks that organizations may face. There are not many unique risks that would require a new description or analysis.
For me, there is enough historical information available to tell us not to reinvent the wheel in spending too much effort on the content of the risk register, but to focus instead on the actions arising out of documenting, mitigating the risk, and performing well within the boundaries of risk-taking and opportunity-seeking.
Instead, the critical success factor of any risk management action is to focus on action-taking.
The key is to implement all planned or additional treatments to mitigate the risks, commencing with those treatments that are related to the highest level of risk. It requires organizations to ruthlessly implement mitigation actions and religiously track the implementation progress of all proposed treatments, especially those that relate to issues, or known events that are currently in play.
It is pointless to document proposed mitigation actions in risk registers when there is no discipline in completing their implementation. The level of risk will not be reduced with poorly executed treatment actions.
Organizational risk registers should document only effective controls that matter most to either mitigating a downside risk or maximizing an upside risk or opportunity. These controls must also be actionable or controllable for the organization to achieve its objectives.
To be successful in creating an effective risk management system that enables your organization to achieve its objectives within the boundaries of risk-taking and opportunity-seeking, you need to try a different approach by having a renewed mindset. You need to be creative in your approach to risk management if you want to achieve your objectives.
As the saying goes, “Insanity is doing the same thing over and over and expecting different results.”
If you are expecting a better outcome, I have provided you with the framework and guidance for you to think strategically without wasting any more time and effort. All you need is a renewed mindset to develop something implementable for your organization, rather than seeing risk management as a compliance exercise.
If you forget everything you have read, remember this – effective risk management will enable you to be successful. It will help you achieve your objectives by implementing the right-sized actions to keep you on track to achieving your objectives.
When you enroll in the course, you will also get a template of a complete risk universe and sample likelihood and consequence rating tables for small-sized organizations in MS Word format.
Who this course is for:
- Board members and CEOs who want to simplify their risk management system and achieve their objectives and become successful within acceptable boundaries of risk-taking and opportunity-seeking
- People who are struggling or have struggled with implementing an effective risk management system that works in their organization
- People who want to try something different to revitalize their risk management system
- People who don’t have a lot of time or resources to implement and maintain an effective risk management system
- People who want to simplify their risk management system
- People who want to improve organizational performance through better risk management
- People who are responsible for developing or implementing a risk management system that works
- Risk management professionals who want to improve their current risk management system
- Risk management professionals who want to improve their organizational performance through better risk management
What will you learn in this course:
Learn and apply the international risk management process, ISO 31000
Understand the key purpose of doing risk management, which is about increasing the likelihood and extent of your success
Learn that the key to a successful risk management system is action-taking and focusing on what matters most to your organization
Understand that risk registers should document actionable treatments that will increase the likelihood of achieving your organizational objectives
Understand the difference between a risk and an issue within the context of allocating limited organizational resources
Learn what a risk universe is all about and how it can be used strategically to simplify your organization’s risk management and risk appetite approach
Develop a customized list of risks impacting your organization – positively or negatively – using a risk universe
Understand the elements of effective control and how to evaluate their control effectiveness
Learn to evaluate the level of risk at the category level rather than at the activity level taking into account the overall control effectiveness
Understand how to identify additional treatments to further mitigate the level of risks and track their implementation progress
Learn to use key performance indicators for measuring progress towards achieving your objectives that are within the levels or boundaries of risk-taking
Understand the importance of simplifying your organizational approach to articulating and creating awareness of your organization’s risk appetite and tolerance
What are the prerequisites for this course?
Willingness to try something new that has been proven to work
Openness and desire to learn new contemporary risk management concepts and approaches
No prior risk management experience is required
Check out the detailed breakdown of what’s inside the course
ISO 31000, Risk Management - Guidelines
- Introduction to ISO 31000 13:42 13:42
- Risk management in practice 10:57 10:57
Strategic approach to risk management
As a Chartered Accountant and Risk Specialist with over 25 years of international risk management and corporate governance experience in the private, not-for-profit, and public sectors, I help individuals and organizations make better decisions to achieve better results as a corporate and personal trainer and coach.
(1) Business continuity management and organisational resilience
(2) Risk governance, management, training, facilitation, and reporting
(3) Corporate and strategic planning
(4) Risk-based decision-making
(5) Governance and accountability frameworks
(6) Performance management and improvement
(7) Corporate facilitator, trainer and educator
Authored several eBooks (available from Amazon):
(1) Strategic Risk Management Reimagined: How to Improve Performance and Strategy Execution
(2) How to Improve the Performance of Collaborations, Joint Ventures, and Strategic Alliances: The Shared Risk Management Handbook
User your certification to make a career change or to advance in your current career. Salaries are among the highest in the world.
Our students work
with the Best
Related Video CoursesView More
Become a valued member of Tutorials Point and enjoy unlimited access to our vast library of top-rated Video CoursesSubscribe now
Master prominent technologies at full length and become a valued certified professional.Explore Now