Risicomanagement in grote en kleine bedrijven
2020.04.02
As accredited risk professional (ISO-31000) I like working with risk management systems. This can be with large companies but also my own company and that of my friends require managing risks. This can be done in a cost effective manner.
Risk management is not understood by many. For instance, that you can't manage risks without managing processes is not known by many people. RIsk management sounds like it's something banks do and large organisations. However, also independent contractors manage risks.
Small organisations will not find it very effective to install a whole system around this. This isn't necessary either, the area is rather small in their case. Even if you have an office and employees, you can still supervise the work on a daily basis and check the results. Risks are always there, but you can manage to stay ahead of them. When they do arise, the impact is manageable.
An easy way to manage is to learn from experiences from organisations around you. Do they buy an information system for the maintenance of their risks? You can set up a spreadsheet with the risks you can define yourself. Do others appoint a risk anager? Make yourself a risk manager or one of your partners. Do they document their processes? Then define your most important processes (around payments, conflicts, delivery, purchasing, etc), print them and stick them on the wall.
Larger organisations have a need for a risk management system by definition. It is not possible to fully oversee a large company. Use of a set of principles is a good step in the right direction but it isn't enough. Communication is essential, and so is the handling of events and staying in contorol. This does not have to cost an arm and a leg. A rule of thumb is that for an organisation with a turnover of 10000X a system implementation can cost 1X given that you can expect for the system to reduce the cost around unexpected events to be reduced by 10X easily.
Companies do not have to go directly to the large risk management system providers of the world, but instead can look for low code solutions or build them themselves containing the most important features. Which features? That is somethign I can advise on on-site.