The generic ISO risk process

The generic ISO risk process, as defined by ISO Guide 73, is shown below:

Figure 2 - ISO 73 Generic Risk Process

Risk management protects and adds value to the organisation and its stakeholders through supporting the organisation's objectives by:

·         providing a framework for an organisation that enables future activity to take place in a consistent and controlled manner;

·         improving decision making, planning and prioritisation by comprehensive and structured understanding of business activity, volatility and project opportunity/threat;

·         contributing to more efficient use/allocation of capital and resources within the organisation;

·         reducing volatility in the non-essential areas of the business;

·         protecting and enhancing assets and the corporate image;

·         developing and supporting people and the organisation's knowledge base;

·         optimising operational efficiency.

Each of the boxes in the diagram above is explained below: