NIG Risk Management

Risk management is a term that covers a very wide spectrum and a range of disciplines.  A classic definition is 'the total process to identify, control and minimise the impact of uncertain events'.

There is a BSI British Standard for Risk Management - Code of Practice (BS1100:2008).  The standard sets out the principles, framework and process of risk management and gives guidance on developing risk management activities.

The basic principle for the risk management process is that risks needs to be identified and assessed.  There then needs to be a response to each risk, deciding how best to deal with it.

The risk management process will produce key outputs which should be communicated to relevant stakeholders.  Subsequently, there should be a periodic review.  Those responsible for managing risks should carry this out.

Risk management is often split into risk categories.  The number and type of these will vary, depending on the nature of the organisation.  At NIG we are mainly concerned with Operational.

Operational risk management relates to day to day operations including areas such as health and safety, business continuity, information security, people and processes.