Risk managementThere have been dramatic changes recently in the field of risk management. These changes are accelerated in particular by increasing pressure from the side of the legislation field and ISO standards revision as well. This is the key driver of reinforcing the importance of risk management. There are more and more new obligations while strengthening the penalties for their breach.
A few typical examples:
- The Directive on security of network and information systems (NIS Directive)
- The EU General Data Protection Regulation (GDPR)
- The ISO 9001:2016 revision (QMS)
- and a few others
What does it mean for you?
- Establish a Risk Management System
preferably based on best practices according to the international ISO 31000 standard. It provides guidance on how to develop, implement and continually improve the risk management process across all activities in your organization.
- Hire external experts
and they will help you to avoid dead ends, so you save your time using best practices within your industry. You also get valuable inspiration “how it works” (or does not work) elsewhere. Theoretical knowledge is one thing, but its successful application in practice is the second one.
- Implement appropriate software solution
both for Risk and Audit management
Advanced software solutions should allow you to at least
- identify and analyze risks and opportunities in relation to assets and processes;
- implement and evaluate prevention plans for them;
- refer all this stuff to the requirements of applicable laws, regulations, or ISO standards, so that you can easily demonstrate compliance with these requirements to your internal audit;
- data records and users’ activities being tracked by system, means it is always possible to trace what has been inserted, edited or deleted, by whom and when it has been done.
What if the investment in such software is a sunk cost?
Absolutely not. It is a must have. Because you can be sure that pen & paper nor Excel are not enough for such a challenging mission.