Risk Management Tool

The RiskManagementTool (RMT)

The world is going through rapid change, with an extremely great increase in interdependence. All it takes is something of any magnitude to happen, such as a pandemic or the credit crisis of 2008, and it is felt all over the world. Even bankruptcies of large organisations have their impact on society.

Governments are therefore trying to reduce the possibility of this with mandatory legislation and regulations, such as the Sarbanes Oxley Act (SOx), IFRS and the Basel II accords. On the other hand, both large and small profit and non-profit organisations also want to guarantee their continuity and growth and will therefore have to be aware of the internal and external risks to be able to steer a course through them.

Some organisations have therefore defined a risk management policy and decided what their risk appetite (their maximum acceptable risk) is.

The background to risk management is the desire to reduce all kinds of risks. To make this possible you first have to become aware of the potential risks, for which they first have to be identified and analysed. Following assessment and prioritisation, management measures have to be determined and implemented, after which the effects can be evaluated. This has to be a cyclical process and is described for instance in ISO 31000 and COSO. The RiskManagementTool dovetails perfectly with it.

The RiskManagementTool (RMT) is a simple risk analysis tool, consisting of 16 risk modules, that is Material, Information, Personnel/employment, Legal, Product, Process, Technical, Environmental, Strategic/market, Operational, Organisational, Compliance, Image, Financial, Economic and Political risks. The risk modules can be used one module at a time or with some or all together as a RiskManagementTool.

In choosing the modules you can be guided or not by the advice about which modules are found to be the most suitable for small, medium-sized and large organisations with or without production capabilities.

Each risk module is made up of six events, each of which is supplemented in turn with six causes, which means that each risk module is filled with 6 x 6 = 36 pre-defined risks applicable to most large and small organisations.

To enable the organisation to take specific risks into account, there is also a facility for it to supplement the pre-defined events and causes itself with organisation-specific risk events and/or causes.

Using a small number of simple follow-up questions, which can be answered in less than ten minutes, the possibility and extent of the risk is determined in broad terms, after which the action plan can be drawn up. It can include the name of a responsible person who can analyse the risk in more detail within a certain time frame and implement preventive and/or limiting measures.

There are three different ways of going through the module: by way of the question about the most likely risk (the risk is a frequent occurrence, but its impact is relatively limited) and/or by way of the question about the most disastrous risk (the risk is a rare occurrence, but its impact will be great) this RiskManagementTool provides the opportunity to link to both serious and less serious risks, but the claims burden can immediately be limited; or you can simply choose to go through the module in respect of an arbitrary risk.

By using the RiskManagementTool (RMT) one or more times a year, the continuity of the organisation can be better guaranteed on the one hand and a contribution is made to a better result of the organisation on the other.

At the same time an immediate gain for external interested parties such as financiers and insurers through the use of the RiskManagementTool (RMT) cannot be ruled out.

On the other hand the use of the RiskManagementTool (RMT) offers no guarantee that the organisation will not be affected by a greater or smaller risk. The RiskManagementTool (RMT) does help the organisation to become more aware of the risks it is running, enabling it to steer a path through them with greater awareness. With the right preventive and limiting measures the possibility and extent of damage can be reduced, but as long as the risk has not been entirely eliminated and a possibility therefore continues to exist, however small, the risk can affect the organisation to the full extent.