Starting point – Is there any tool to help me manage risk?
For any student or practitioner of risk
management (RM), it can be challenging to implement RM procedures in a project
or policy in practice. This applies to any type of project (and subsequently, its
manager), no matter if it is building infrastructure, a financial investment,
or a proposed change in policy. Also, it holds true for the public, private and
not-for-profit sector.
Thus, I would like to briefly introduce the
attempt to codify RM – and consequently, necessary steps to reduce and/or
manage risk – by norms and standards, more specifically ISO standard 31000: Risk Management. I
will also attempt to apply the suggested principles to the example of the Challenger accident in 1986.
1. Purpose of ISO 31000
In its own words, "ISO 31000:2009 [i.e. last updated in 2009], Risk
management – Principles and guidelines,
provides principles, framework and a process for managing risk. It can be used
by any organization regardless of its size, activity or sector. Using ISO 31000
can help organizations increase the likelihood of achieving objectives, improve
the identification of opportunities and threats and effectively allocate and
use resources for risk treatment."
[ISO is the abbreviation for the International Organization for Standardization, the highest and largest international standardization body in the world.]
2. Principles/Actions Steps
ISO 30001 offers the following steps to
properly evaluate and manage risk:
- Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk
- Accepting or increasing the risk in order to pursue an opportunity
- Removing the risk source
- Changing the likelihood
- Changing the consequences
- Sharing the risk with another party or parties (including contracts and risk financing)
- Retaining the risk by informed decision
[A scheme that shows both the needed steps as well as the complexity of setting up a systematic RM system, which is obviously only dealt with in a highly simplified manner here.]
3. Application – Reducing Risk of accident during Challenger space shuttle launch
Please watch the video (below) from the Discovery
Channel documentary on the Challenger disaster in 1986. https://www.youtube.com/watch?v=mG8BPB_oPlg
- Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk – Reschedule the Challenger launch – don’t launch on that particular day, in that particular area, with the jetstream in place above.
- Accepting or increasing the risk in order to pursue an opportunity – In this case, a cost-benefit analysis should reveal that there is not much to gain from this strategy, as the increased risk (of shuttle destruction) is higher than the benefit (of an earlier start).
- Removing the risk source – Checking/replacing the frozen O-rings from the left booster rocket (see video at 5:40).
- Changing the likelihood – See above.
- Changing the consequences – If possible, include additional (emergency) safety features in order to make external tank withstand heat and flames (see video at 6:30).
- Sharing the risk with another party or parties (including contracts and risk financing) – Insurance can deal with the financial consequences of the disaster, but cannot prevent the loss of life. However, an external team of scientists and engineers to independently evaluate risks, perform safety inspections and create a checklist before launch (instead of the team who designed and built the space shuttle itself) would possibly have helped to discover the O-rings were frozen, and properly assessed the connected risks for the Challenger launch.
- Retaining the risk by informed decision – Perform meteorological pre-launch tests at the site itself (as intended), not several dozen kilometers away due to weather balloons drifting downwind from the launch site (see video 2:10)
4. Summary - Benefits of systematic and standardized ’check-list approach’ to RM
It should have become clear that there are many
advantages to reduce risk by applying a systematic and standardized ’check-list
approach’ to RM, as described in great(er) detail in ISO 31000.
The benefits of this method are numerous,
including (according to ISO):
- · Increase the likelihood of achieving objectives
- · Encourage proactive management
- · Be aware of the need to identify and treat risk throughout the organization
- · Improve the identification of opportunities and threats
- · Comply with relevant legal and regulatory requirements and international norms
- · Improve financial reporting
- · Improve governance
- · Improve stakeholder confidence and trust
- · Establish a reliable basis for decision making and planning
- · Improve controls
- · Effectively allocate and use resources for risk treatment
- · Improve operational effectiveness and efficiency
- · Enhance health and safety performance, as well as environmental protection
- · Improve loss prevention and incident management
- · Minimize losses
- · Improve organizational learning
- · Improve organizational resilience.
Sources:
- http://www.iso.org/iso/home/standards/iso31000.htm
- http://www.iso.org/iso/home/news_index/news_archive/news.htm?Refid=Ref1586
- http://en.wikipedia.org/wiki/ISO_31000
- http://en.wikipedia.org/wiki/Space_Shuttle_Challenger
