The other day I was asked if I had done any plans for a specific industry.
I took the question at face value: have I done any plans for an industry, as in "industry association."
The question could have been less global and concerned with a specific organization in the industry (e.g., natural gas exploration) or a specific function of the industry's members (e.g., manufacturing mil-spec monel 16-inch 3-way valves with electronic control modules).
There are lots of ways I could have considered the question.
But in each case, the answer was the same: "Yes."
The reason the answer for each option is the same, "Yes," is because as a risk management practitioner I am looking at risks and means to avoid or mitigate them.
It makes no difference to me if I am working for a Mom-n-Pop corner grocery, Monster Motors, or Sara's Soup Servers charity.
The PROCESS is the same.
Find out why the organization exists.
Mom-n-Pop's grocery exists to sell groceries and, hopefully, make a profit.
Monster Motors exists to make automobiles (and other products) and, hopefully, make a profit.
Sara's Soup Servers exists to provide food for the hungry and, hopefully, to keep donations rolling in.
In each case, the organizations DO something to justify their existence.
There are some common concerns across the board - vendor management and liability as examples - but the bottom line is that each organization has risks and that the risks to each organization must be addressed; means must be identified to avoid or mitigate the risks.
Mom and Pop belong to a grocers' association.
The association's concerns are for the Mom-n-Pop grocery, but they are not the same as harbored by Mom and Pop. The association is concerned with lobbying, with member welfare, with recruiting and retaining members, and with collecting dues to support the association's operations.
Whether creating a plan for Mom-n-Pop or the association, the PROCESS is the same:
Mom-n-Pop | Grocer's Association |
---|---|
1. Identify the reasons the organization exists 2. Identify critical processes to No. 1 3. Identify risks to No. 2. 4. Identify means to avoid or mitigate risks. 5. Prioritize risks based on probability vs. impact. 6. Present recommendations to management. 7. Create response plans based on management's decisions re risk management implementation. 8. Create plan maintenance procedure. |
1. Identify the reasons the organization exists 2. Identify critical processes to No. 1 3. Identify risks to No. 2. 4. Identify means to avoid or mitigate risks. 5. Prioritize risks based on probability vs. impact. 6. Present recommendations to management. 7. Create response plans based on management's decisions re risk management implementation. 8. Create plan maintenance procedure. |
The same PROCESS can be applied to all organizations.
The organization's critical processes will vary, as will the risks, the means to avoid or mitigate them, the risks' priority, and the means to respond to the threats, but the PROCESS remains the same:
1. Identify the reasons the organization exists
2. Identify critical processes to No. 1
3. Identify risks to No. 2.
4. Identify means to avoid or mitigate risks.
5. Prioritize risks based on probability vs. impact.
6. Present recommendations to management.
7. Create response plans based on management's decisions re risk management implementation.
8. Create plan maintenance procedure.
Creating a program for Mom-n-Pop might be completed within a few weeks while a similar program for Monster Motors could require more than a year, especially if the practitioner is expected to train responders and do more than run a basic "desktop walk-through" exercise. Indeed, Monster Motors ought to have a full-time staff of risk management practitioners.
The bottom line for all plans is the same: It's all about the PROCESS.
If I wrote it, you may quote it.
Longer articles at https://sites.google.com/site/johnglennmbci/
No comments:
Post a Comment