M_o_R is a framework, which role is to help in risk management introduction throughout the organization – it is complete and leads us from the beginning stage of developing strategies and policies of risk management to the manageing a risk at the operational level.
The first edition of M_o_R was a response to the Turnbull report (related to corporate governance in companies listed on the London Stock Exchange), while the changes introduced in the second release (2007), are a response to SOX and Basel 2. M_o_R was originally designed for use by the UK Government, but since its publications it is used used in the private sector.
But what exactly is the risk? Because it is an entry about M_o_R, the following definition comes directly from the framework:
“Risk is an uncertain event or set of events which, should it occur, will have an
effect on the achievement of objectives. A risk consists of a combination of the probability of a perceived threat or opportunity occurring and the magnitude of its impact on objectives”.
So remember that when talking about risk in terms of M_o_R we mean both threats and opportunity for business.
According to M_o_R risk can occur on any of the following levels:
– Strategic (related to long-term objectives of the organization)
– Mid-term (risk of projects and programs – if you are interested in knowing only this level – consulting the PMBoK should be enough for you)
M_o_R framework consists of the following four components:
1. M_o_R principles – the basic principles of risk management, derived directly from the world of corportate governance
2. M_o_R approach – elements that need to be adapted and adopted to a specific organization, such as risk management policy, records of the risks and issues
3. M_o_R proceses – 5 basic steps to ensure that risks are identified, evaluated and will be adequately controlled.
4.Embedding and reviewing M_o_R – the assist in the implementation of risk management within the organization.
M_o_R principles – 12 rules derived directly from the world of corporate governance:
– Organizational context – the environment, which affects the organization or activity which is in the spotlight
– Stakeholder involvement
– Organizational objectives – the objectives of the organization, must be well defined, because the risk which you manage directly or indirectly influences the organization’s objectives
– M_o_R approach – risk management policies, processes, procedures, etc. should be tailored to a specific organization needs
– Reporting – information on risks, as well as the risk management process should be reported to the appropriate person
– Roles and responsibilities – in the organization should be clearly designated roles and responsibilities for risk management
– Support structure – a team dedicated to risk management must ensure that policy and risk management process are applied and adhered to.
– Early warning indicators – there should be indicators that can warn in advance about the potential risks to critical business areas
– Review Cycle – Politic and the risk management process should be subject to periodical reviews in order to adapt them to changing organization’s objectives
– Overcomming barriers to M_o_R – You have to realize that the introduction of risk management to organizations is associated with many obstacles (such as the resistance against the change
– Supportive culture – culture organizations should support risk management in its daily operations. Risk management must be part of everyday work and responsibilities.
– Continual improvement – The process of risk management should be constantly improved
Management of Risk Approach
M_o_R says that you cannot move the policies, procedures, risk management from one organization to another. There is also the universal risk-management process that shall be tailored for every organizations. In particular, each organization should have adapted themselves to the following elements:
Risk Management Policy – the purpose of the Risk Management Policy is to communicate how risk management will be implemented throughout the organization to support the realization of its strategic objectives, it also provide organizations with common language for risk management.
Risk Management Process Guide
Risk Management Strategies – describes actions related to the management of risk that will be taken in specific areas of an organization’s activities.
Risk Register – it contains all the identified risk for a given area of an organization’s activities
Issue Log – contains information about the materialized risks
Risk Management Process
The following diagram shows the overall risk management process, which consists of 4 steps presented by arrows, and by circle which presents direct communications with risk stakeholders.
Steps of the overall risk management process are:
a) Identify – Context – to gain information on the planned action. What are the objectives, scope, and assumptions have been made while designing action?
b) Identify – Risk – Identify the risks which may reduce the likelihood of success (or raise it, we have to remember that risk may also be positive). The result is the risk register.
a) Assess – Estimate – estimate the likelihood and impact of risks. It is also important to estimate risk ‘proximity’ (how quickly the risk may materialize).
b) Assess – Evaluate – assess the impact of the identified risks to a planned action. Effects should be expressed in monetary value.
3. Plan – How to respond to the risk.
4. Implement – Make sure that the actions planned in the previous step will be actually realized.
More informations about M_o_R you can find blow: