Key to ISO 31000 Success – Theme 3: Focus Initially on a Small Number of Top Risks
For an organization just starting out with Enterprise Risk Management, it might make sense to first identify a small number of critical risks that can be managed, and then evolve from this starting point. For some organizations, such an approach might mean keeping the initial Enterprise Risk Management focus on only those strategic risks that are deemed critical to the organization achieving its strategic business objectives.
Focusing initially on a smaller, manageable number of key risks would also be beneficial in developing related processes such as monitoring and reporting for those specific risks. This focused approach also keeps the developing Enterprise Risk Management processes simple and lends itself to subsequent incremental steps to expand the risk universe and Enterprise Risk Management processes.
Another way to keep Enterprise Risk Management manageable is to focus initially on a few top risks in just one critical business unit. This limited focus could be used to develop initial risk management processes that can be expanded across the enterprise to other business units. And when dealing with much smaller organizations, it can be useful to start things off by identifying just one critical risk or risk category and building Enterprise Risk Management processes around that one risk.
Whichever specific risk approach is utilized, the critical success factor is to focus attention on a manageable number of key risks and then apply the lessons learned to identifying and managing additional critical risks across the enterprise.