Let us start with ISO 9000:2015 risk definition.
risk = effect of uncertainty
It's important to higlight the word "uncertainty". Something that we cannot control, something that it is outside of our level of control.
And an effect is a deviation from the expected — positive or negative.
And an effect is a deviation from the expected — positive or negative.
So, one can say that risk is a deviation from the expected (positive or negative) resulting from a trigger event that we cannot control. BTW, the ability to control the trigger event is what separates a positive risk from an improvement opportunity.
What are we talking about when we talk about "the expected"?
Let us keep the conversation here at a strategic level.
Expected results are the results we want the organization as a whole to achieve.
Who expects these results?
The capital owners.
So, the capital owners are an interested party of this organization.
We started with expected results and connected those expected results to an interested party. Normally, things go in the opposite direction. Because we have an interested party with should work for some expected results.
Let us consider another example.
Making money in a sustainable way has a funny particularity, we cannot elect that objective as a first order objective, we should consider that kind of objectives as an indirect consequence of other objectives (something that I learned to call obliquity)
To get a profit an organization must be able to sell a service to a set of target customers at a price above the cost. Why would a set of target customers decide to buy the service to a particular supplier?
Let us consider those target customers as another interested party for this organization.
So, we have here another set of expected results.
A risk would be a consequence, an impact that could afect negatively the ability of an organization to meet an expected result.
When we think about expected results we can immediately realize that although we work for expected results, because the outside world and the organization are complex entities we can get undesired results that affect our ability to serve interested parties.
We started this text with the risk definition and keep coming to interested parties. Why are interested parties so relevant for managing risks and opportunities?
Interest parties are relevant at two levels.
Level 1 - relevant needs and expectations of relevant interested parties determine expected and undesired results.
Events that we can't control can act together to make our organization get an undesired result (no-compliance with legal requirements)
Level 2 - relevant needs and expectations of relevant interested parties can be used as a basis for determining the importance of each risk and opportunity.
This figure has the three topics that I want to include in the video:
Clause 4.1 (context) gives us a potential trigger event (internal ou external) that reacts with another Clause 4.1 (context) issue, an internal strength or vulnerability. The consequence of that reaction (risk - Clause 6.1) is evaluated against the requirements of interested parties (Clause 4.2).
If the consequences are significant an action plan should be developed in order to minimize the risk or take advantage of the opportunity.
What are we talking about when we talk about "the expected"?
Let us keep the conversation here at a strategic level.
Expected results are the results we want the organization as a whole to achieve.
Who expects these results?
The capital owners.
So, the capital owners are an interested party of this organization.
We started with expected results and connected those expected results to an interested party. Normally, things go in the opposite direction. Because we have an interested party with should work for some expected results.
Let us consider another example.
Making money in a sustainable way has a funny particularity, we cannot elect that objective as a first order objective, we should consider that kind of objectives as an indirect consequence of other objectives (something that I learned to call obliquity)
To get a profit an organization must be able to sell a service to a set of target customers at a price above the cost. Why would a set of target customers decide to buy the service to a particular supplier?
Let us consider those target customers as another interested party for this organization.
So, we have here another set of expected results.
A risk would be a consequence, an impact that could afect negatively the ability of an organization to meet an expected result.
An opportunity would be a consequence, an impact that could afect positively the ability of an organization to meet an expected result.
When we think about expected results we can immediately realize that although we work for expected results, because the outside world and the organization are complex entities we can get undesired results that affect our ability to serve interested parties.
We started this text with the risk definition and keep coming to interested parties. Why are interested parties so relevant for managing risks and opportunities?
Interest parties are relevant at two levels.
Level 1 - relevant needs and expectations of relevant interested parties determine expected and undesired results.
This figure has the three topics that I want to include in the video:
If the consequences are significant an action plan should be developed in order to minimize the risk or take advantage of the opportunity.
What is becoming more and more clear to me is the relevance of the expectations and needs of the interested parties in determining the risks and opportunities and their relevance.
Next topic will be focused on the events (Clause 4.1)
Next topic will be focused on the events (Clause 4.1)
Sem comentários:
Enviar um comentário