Risk management is dedicated to identifying, documenting and prioritizing risks or potential problems and developing measures to prevent or counter these risks. The main task in risk management is to prevent risks from becoming problems and, if this cannot be avoided, to minimize the damage caused by the risk that has occurred.
Early warning systems can be developed and integrated into business processes in order to detect the occurrence of risks in time. This requires various internal and external indicators. Internal indicators include employee satisfaction, cycle times and process conformity. An external indicator, for example, is the economic situation. External factors can be influenced little or not at all. Such indicators make tendencies and developments visible at an earlier stage, which makes it possible to react to these changes. This in turn increases the controllability and responsiveness of the company.
Strategic risk management
Strategic risk management is the basis for all operational risk management. It defines organizational conditions, such as responsibilities, escalation levels and information flows, as well as the process-related execution of the risk management phases.
In addition, it determines how the company generally counters risks. Whether a company avoids risk, acts in a risk-neutral or risk-receptive manner depends on the general orientation of the company. For example, a company that relies on innovation and wants to take advantage of it cannot avoid risk, as every new technology or method that is introduced and utilized entails risks.
Operational risk management
Operational risk management includes the continuous and recurring monitoring of business processes with regard to their risks. Possible causes of risk and potential disruptions are identified. The orientation defined in strategic management is implemented here in the form of measures. Each risk is compared with at least one measure, which is carried out when the risk condition changes. For example, in the event of a delivery failure, the “Inform production manager” measure is implemented. The global standard for risk management is ISO Standard 31000.
Operational risk management is divided into the following phases (strategic risk management precedes operational risk management):
Related terms: Compliance