A risk management plan has to meet your organizations needs as the organization identifies, manages, and mitigates potential and actual risks. The ISO 31000 framework does not detail how an organization should plan or what elements are required for an effective plan.
This short article outlines a few details that may comprise a starting point as you build a risk management plan within your organization. Or, the suggestions here may help you review and improve your existing plan.
The Plan Supports the Implementation of a Risk Management Program
In the simplest terms, the plan is the details on who does what and when to execute activities such that the organization achieves the risk management program objectives. The plan may be quite simple for a small team or as complex as necessary for the larger organization.
The plan makes clear the roles and responsibility along with specific activities (meetings, reviews, assessments, audits, actions, etc.) required to identify, manage, or mitigate risks.
The plan will require regular updates, refinements, and adjustments as the team involved changes roles, and as the organization learns to implement their risk management plan effectively.
Fundamental Elements to Consider for Your Plan
The following tasks may work well for any organization:
- Training/Awareness of risk-based thinking, along with specific roles and duties across the organization.
- Overt and active engagement of senior management – this may be meetings, reviews, and decision points.
- Include specific tasks for each element of the risk management framework and principles
- Checklists supporting the risk-based thinking system
- The SWOT (strengths, weaknesses, opportunities, and threats) document
Larger or Complex Organization Plan Elements
Beyond the fundamental elements of a plan, a larger organization with more ‘moving parts’ may require a more complex plan. Again the plan has to meet the needs of the organization including the context, business requirements and stakeholder requirements.
Here are a few suggestions to consider including in such a plan:
- A supporting business case to provide the scope and budget for the plan
- Work breakdown strcuture that includes milestones, deliverables, resources, timelines, deadlines, and scope.
- Protocols to identify and respond to appropriate risks
- Protocols to assembly and report information to senior management on a regular basis
Best Practices for the Development of a Risk Management Plan
The ability to tailor your risk management program to best meet your organizations needs implies that you likewise need to tailor your risk management plan to fit within your organization current context and requirements. The purpose of the plan is to set in motion the specific activities that achieve your risk management program’s objectives.
Here are 6 best practices to consider when building your risk management plan:
- Identify the specific tasks, activities, and milestones toward achieving the ISO 31000 framework implementation.
- Create and regularly update a Work Breakdown Structure including activity/task sequences, start and end dates, milestones, and implementation guidelines
- Identify technical and development tasks to support the program
- Identify individuals, authorities, and other stakeholders and detail responsibilities and accountability related to implementing the plan
- Develop conflict resolution reporting and escalation mechanisms
- Identify plan risks along with mitigation strategies
If your organization does not have a plan, create one. If there is a plan, review it. If you are part of an existing program that has a working plan, understand your role and responsibilities.
As a reliability professional you have an important role to play in risk management, being an active part of the program and plan allows you to identify, manage, and mitigate reliability related risks effectively.
How do you currently fit into your organizations reliability management program and plan? Leave a note or question below.
Leave a Reply