What is M_o_R?

No organization is immune to critical conditions, uncertainties and dangers. It's good to know what to do when that happens! Conscious and structured risk management is beneficial and can ultimately increase value creation. M_o_R^® (Management of Risk) provides a guideline for this in the current version 4.

People and companies are confronted with risks on a daily basis - whether on the way to work, in the car or when deciding on a new business strategy. According to the definition (based on the ISO 31000 standard), a risk is an event whose occurrence is uncertain and can have an impact on the achievement of objectives. It is important to note that this event can have not only negative but also positive consequences. A risk is assessed on the basis of the probability of occurrence of the event and the impact on the achievement of objectives.

In terms of organizations, the topic of risk management (Management of Risk, M_o_R^® a central component of business strategy. Every company has to deal with the issue of risk management in one way or another. This usually does not take place in a transparent and comprehensible manner. In particular, there is a lack of appropriately defined processes within the framework of risk management.

M_o_R^® Trainings

Why is risk management necessary?

The aim of risk management is to provide companies with tools that enable them to better assess their current situation and evaluate impending effects in defined steps.

With conscious risk management, organizations can ensure better results, experience fewer surprises, deliver more reliable products and services, use resources more optimally, and identify opportunities for innovation. Above all, risk management supports decision-making at all levels. The goal is not necessarily to avoid risks and their effects entirely. It is much more important to assess the situation correctly and initiate appropriate measures to achieve strategic corporate, program, project, product or operational goals.

When and where should risk management be applied?

Risk management is recommended wherever critical decisions are made. Aligned with long-term goals, risk management focuses on evaluating risks in relation to an organization's strategic goals. In most cases, strategic risk management is opportunity management at the highest corporate level.

In the medium term, too, risk management within the framework of projects, programs or product development must be an essential part of any planning. The same applies to safeguarding operational functions. Here in particular, it must be ensured in daily operations that threats are detected and that operations are safeguarded.

Principles of risk management

Various principles must be defined for the development of procedures for enterprise-wide risk management. These should be precise, understandable as well as easy to implement. Within the framework of the best practice approach, M_o_R describes^® The following generic principles or requirements:

• Understanding of the organizational context
• Role and integration of stakeholders
• Knowledge about the objectives of the organization
• Establishment of M_o_R methods
• Implementation of management information (reports)
• Definition of roles and responsibilities
• Structured operating procedures
• Early warning systems
• Review circle, quality assurance
• Recognizing and overcoming critical success factors and obstacles
• Culture and organization
• Continuous improvement processes (CIP)

These principles can also be seen as success factors for the implementation of risk management.

Like all success factors, the principles of risk management are continuously evolving and need to be adapted from time to time. Organizations should adapt their strategies to the needs of the market, which includes the continuous assessment of risks.

Risk management methods

Each company uses different approaches to the Risk management. To formulate these methods and bring them closer to the stakeholders, M_o_R recommends^® The development of appropriate documents that capture and disseminate risk management approaches.

In principle, the aim is to create an awareness within the organization of the company's risks and to develop suitable procedures for this purpose. The following guidelines are recommended for this purpose:

• Risk Management Policy: A basic document that defines guidelines for risk management, specifies how risks are to be handled within the organization, and describes how they are to be communicated. These guidelines are strategically oriented.
• Risk Management Process Guide: Description of the processes in risk management from identification to implementation
• Risk Management Approaches: Description of risk management activities for (specific) parts of the organization.
• Risk Registers: Capture or summarize any threats and opportunities for each area of the organization.
• Issue registers: factual recording of all identified issues including risks that have already occurred

Awareness of these issues must become part of the organizational culture. To this end, the documents summarize tasks, responsibilities and competencies within the framework of risk identification and assessment.

Risk management processes

Risk management can be divided into eight processes:

• Definition of the context and objectives
• Identification of opportunities and threats
• Prioritization of risks
• Evaluation of a combined risk profile
• Measures planning
• Measures agreement
• Monitoring and reporting of progress
• Review and customization

The eight processes provide a cohesive, logical approach to risk management implementation. Each subsequent step cannot provide useful statements in the context of risk management without the results of its predecessor.

M_o_R ^® Trainings