A holistic risk assessment is the basis for sustainable, successful and cost-effective risk management. The most important tools for it: balanced methods, standardisation and digitalisation.
A comprehensive risk assessment has never been so easy - thanks to the support of state-of-the-art technology. Digitalisation saves money and time and large amounts of data are available. But: apples must not be compared with oranges. The right methods and suitable tools are needed to identify all risks, analyse them correctly, evaluate them sustainably and manage them sensibly.
Understanding complexity and assessing it correctly
Without a standardised risk assessment, risk management cannot lead to any reasonable result. Only a profound risk analysis that really considers and correctly assesses all hazards can ensure the potential risks do not become dangerous and expensive in the way they were originally assessed. Before an insurance company underwrites a risk, the risk will be assessed and „pigeonholed“. For example, it is only considered in a certain line of business. This greatly limits the view of the respective company, risk potentials are assessed incorrectly or inadequately, and premiums can skyrocket. In addition, the conclusion of an insurance contract is connected to requirements and measures that the insured must implement. – However limited or ineffective they may be in his specific case.
Tension between insurance and entrepreneur
From the entrepreneur‘s point of view, it is assessed which required measures can be implemented quickly, easily and cost-effectively. Understandably, he starts with the simplest and cheapest ones. He therefore acts in the „interests“ of the insurer. In order to step out of this spiral, to adapt the enterprise‘s risk to the wishes of a third party, he has to hold the line himself and develop a concept of how to identify, analyse, evaluate and manage his specific risks - including those that are not insurable, so that the business remains profitable in the future. Those have bad cards - when insurances are in the lead
Orientation for targeted risk identification
ISO 31000, ONR 4900 and ISO 22301 provide guidance for optimised risk management with a focus on comprehensive risk identification:
• The international standard ISO 31000 is a general risk management standard valid throughout Europe. With the help of a top-down approach, all risks are recorded from the general to the concrete and the corresponding measures. The aim is not only to comply with laws, but to optimise already existing risk management processes, to correctly assess the types of risks and to „manipulate“ probabilities of occurrence and effects in a positive sense.
The Austrian risk standard ONR 4900 leans on ISO 31000 and is applied in Austria, Germany and Switzerland.
• ISO 22301, Business Continuity Management (BCM) - focuses on a „Plan B“ when something happens. This involves the development of strategies and processes to deal with risks and damage that have occurred in the best possible way, to reduce them and ensure the continuity of operations.
Four proven methods of sustainable risk identification
The following four methods are recommended in order to identify potential risks for companies without gaps, to analyse them correctly, to evaluate them properly and to manage them sensibly:
1. Entrepreneurs can identify many operational risks very quickly with brainstorming and interviewing. In the process, one idea triggers the next. However, there is no guarantee of completeness. Only in combination with other methods do brainstorming and interviewing make sense.
2. Hazard analysis - Business Impact Analysis (BIA) - aims to record all potential hazards associated with a machine or a component or an event, to assess and evaluate the risk and to ensure safety (e.g. of a plant). This method is mainly used by insurance companies.
3. Basic statistical data is a meaningful basis and guarantees profound comparisons. A company that compares its own risk data with statistical background data relating to the industry, region and location obtains a sound overall view and knows exactly where it stands in terms of risk. This data is „harder“ - it cannot be bent into shape.
4. Quantitative methods are essential in order to transparently compare the risk costs with the control costs and to demonstrate the cost-effectiveness based on the initial and ongoing costs of the control measures.
Mix of methods is the key
One of these methods alone is not enough. It severely restricts the view. What is needed is risk management in the company‘s own interest and a broad diversification - from a healthy mix of sectors in the assessment to creative control measures and sound facts that cannot be glossed over. If one of these four pillars is missing, the entire risk management gets out of balance and becomes inconsistent. Expensive errors in assessment and management that endanger the ability to do business are then the result.
Digital documentation: not a hard work, but a must
It is a must to document the entire risk management process, from risk identification to the analysis and evaluation of potential hazards to the control measures and their effects. The best way to do this is digitally. This is more effective, more efficient and more sustainable. The Austrian software rismo is best suited for this. The user-friendly tool gives entrepreneurs the perfect overview of their company-specific risks quickly, up-to-date and conveniently at any time. Across all sectors and at the push of a button. Comprehensive, transparent and precise. With figures, data and facts. In this way, entrepreneurs can easily, intuitively and immediately record, compare and evaluate their risk potential - supported by state-of-the-art technology and the know-how of the risk on mind® experts.
You can find more information on rismo at www.rismo.io www.rismo.io