Conquer The Turbulent Tides of Risk: Embrace the power of ISO 31000:2018

American professor of mathematics John Allen Paulos is widely known for his famous quote, “Uncertainty is the only certainty there is, and knowing how to live with insecurity is the only security.”

The environment in which organizations and businesses operate today has become perpetually unpredictable. For example, as organizations and businesses sought to rebound from the effects of the pandemic, the war in Ukraine ushered in a new era of uncertainty, disrupting supply chains and exacerbating commodity prices and inflation. Occurrences of this nature only validate Professor John Allen Paulo’s statement.

It also validates the common phrase that “what is considered risk today may not be risk tomorrow. and that the risk management approaches used to manage yesterday’s risks might not adequately manage the present risks.”

Therefore, to thrive in such uncertain circumstances, organizations and businesses must be foresighted, prepared, and ready to adopt new and agile approaches to risk management. Those who can identify, understand, and deal with not only the present risks but also the future uncertainties.

Uganda is currently undergoing what one may call “a gold rush” in oil and gas following the boost in foreign direct investments to the sector. Organizations and businesses across all sectors are scrambling for opportunities there and are investing in preparation.

Despite the much attention the oil and gas industry has received as the haven of opportunities that could reverse the economic gains of the country and that of many businesses and organizations, these opportunities are not without risk..

For example, whereas common risks to the oil and gas sector, such as price fluctuation, health, safety, environment, finance, may easily be understood, identified and dealt with, dynamic issues such as delayed implementation of oil and gas projects, can easily be left out  by a regular risk management approach, yet the trickle-down effect on interested parties is immense.

For instance, delayed implementation of oil and gas projects was listed as one factor that hindered growth in 2022 by the Bank of Uganda’s State of the Economy Report of April 2022. The uniqueness of the oil and gas industry, therefore, requires risk management techniques that are comprehensive, current, straightforward, adaptable, and thoroughly documented.

The financial sector is another delicate sector that is easily affected by unstructured risk management approaches. According to the Global Association of Risk Professionals, bank failures in any part of the world result from selective risk management. In their article “How to Improve Risk Oversight at Banks,” they opine that there’s a tendency by risk managers to select the risks that they are comfortable with and want to manage while the other risks are swept under the carpet or hidden. This tendency has returned to haunt many financial institutions and other organizations alike and accounts for their failure.

They opine that Risk Managers need to manage risks based on a three-factor approach that identifies all the risks, understands all the risks, and treats all risks with the potential to harm the organization. To achieve this, the Global Association of Risk Professionals advises reliance on foresighted risk management approaches that cut across business barriers to identify, understand, and treat all risks.

This kind of advice comes at a time when the international standards organization has developed a globally recognized method that suits and goes over and above the advised method of risk management and is based on ISO 31000 2018, which is a benchmark or guide that any organization can use or rely on to develop their own dummy, guideline, or method of risk management.

The risk management system based on ISO 31000-2018 is an internationally accepted approach for managing risks. According to the international standards organization, the standard itself explains the fundamental concepts and principles of risk management while describing a framework and outlining processes one should follow for identifying and managing risk.

When a company or organization manages its risks based on ISO 31000 2018, the principles of the standard will require the organization to manage risks in a manner that creates and protects value, integrate risk management into all organizational processes, including decision-making, ensure that risk management explicitly addresses uncertainty, ensure that risk management is systematic, structured, and timely, make sure it is based on the best available information, tailor it to the organization, and take human and cultural factors into account, to mention a few.

Risk management based on ISO 31000-2018 is not static but evolves; ISO 31000-2018 allows the organization to continually improve its risk management methods by continually identifying new risks and developing controls for mitigating the emergent risks.

Should you require more information about ISO 31000 2018 or want to implement this simple approach to risk management in your organization, please reach out to us at this email address: [email protected]. We will be glad to answer your questions. Find out more on our website, www.qamconsultants.com.