Risk management process in the organisation
Risk management in companies and organizations focuses on the identification, analysis and subsequent mitigation of risks. Risk management is continuing process based on the principle of continuous improvement. It means four basic phases of risk management:
- Risk identification - identifying and searching for risks related to the organization's activities
- Risk assessment and prioritization - primarily assessing the impact of risks and estimating the probability of occurrence for each risk and assessing which risks to prioritize
- Action setting - taking effective and controllable actions (CAPA) to eliminate or mitigate risks
- Ongoing assessment of risk status - reporting on significant risks and actions to eliminate or mitigate risks
In order to provide all of these risk management activities and processes, you need to have a place where you can store and share this information. You can conveniently perform all of these risk management steps in Aptien. It allows you to
- Develop a risk catalog (list) where you describe each individual risk using a risk card with impacts, likelihood and other context
- Create a risk matrix that allows you to prioritize risks
- Creating measures, corrective and preventive actions and managing work on them, which will allow continuous assessment
How to create a risk catalog
You can create a risk catalog using the risk register. You create a separate risk card for each risk, where you keep detailed information such as impact, probability and also measures to eliminate or mitigate the impact. You keep the risks in context, so you know what risk is associated with what asset - project, asset, process and other assets, as well as who is responsible for what risk.
How to create a risk map
For risks, you set up your risk map, where you can prioritize and monitor risks according to the defined zones in the risk map. Click on the desired zone and the risks are filtered according to the criteria you set.
How to create and manage measures
For selected risks, you create corrective actions in a separate corrective or preventive action organizer. For each measure, you create a separate record on which you keep detailed information and use assigned tasks to manage and control work on them. You keep risks and their measures in context, i.e. you know which risk is associated with which measure and who is responsible for which measure.
How to report incidents in your company
Incidents are potentially an indicator of events that lead to risks. If you need to establish a systematic control and reporting of incidents in your company, use incident reporting.