Risk management is an essential part of how government organisations mitigate risk on a day to day basis.  It underpins a systematic approach to ensuring that we manage key risks through appropriate controls being put in place to bring the risk down to a tolerable level.

This process is documented through the ISO31000:2009 risk management standard.  It details the process we need to follow to assess strategic, operational and project risk as well as key principles critical to rolling out risk management successfully.

One of the major changes when the risk management standard was changed from AS/NZ 4360:2004 to ISO 31000:2009 was the focussed and intentional shift in two key areas:

  • risk management was no longer to be seen as a separate event but something to be focussed on that could prevent you from achieving your business or organisation objectives; and
  • there was a greater emphasis on focussing on not only risk but also opportunity.  That is, they sought to alter the balance to focus on both when undertaking risk and now opportunity assessments.

Since these subtle but important changes in the risk management standards, I have unfortunately not observed a shift in the approach to risk and opportunity management in government organisations.  Rather, there is still an emphasis on treating risk management as a separate process rather than ensuring it links to strategy, business planning, capital works, projects and other key processes.  Further, very few government organisations call risk management what the standard focuses on which is risk and opportunity management.  Nor do they balance the assessments to really challenge people to think about both.  This reflection of both risk and opportunity assessment in the title of key policies and documents is important!

Think about what this could do in terms of the mindset of those involved in the risk assessment process.  People might look forward to the risk and opportunity assessment process.  There might be more opportunities pursued that could benefit organisations and their customers.  There could be more time and energy freed up to focus on what matters and possibilities rather than what could go wrong.

Think about your balance around risk and opportunity management within your organisation.  Go back to the risk and opportunity management standard and ensure your approach reflects their intent.  Chances are that this could shift how this process is not only viewed but how change the value it provides to your organisation.  Think about the opportunities!