Accendo Reliability

Your Reliability Engineering Professional Development Site

  • Home
  • About
    • Contributors
  • Reliability.fm
    • Speaking Of Reliability
    • Rooted in Reliability: The Plant Performance Podcast
    • Quality during Design
    • Way of the Quality Warrior
    • Critical Talks
    • Dare to Know
    • Maintenance Disrupted
    • Metal Conversations
    • The Leadership Connection
    • Practical Reliability Podcast
    • Reliability Matters
    • Reliability it Matters
    • Maintenance Mavericks Podcast
    • Women in Maintenance
    • Accendo Reliability Webinar Series
  • Articles
    • CRE Preparation Notes
    • on Leadership & Career
      • Advanced Engineering Culture
      • Engineering Leadership
      • Managing in the 2000s
      • Product Development and Process Improvement
    • on Maintenance Reliability
      • Aasan Asset Management
      • AI & Predictive Maintenance
      • Asset Management in the Mining Industry
      • CMMS and Reliability
      • Conscious Asset
      • EAM & CMMS
      • Everyday RCM
      • History of Maintenance Management
      • Life Cycle Asset Management
      • Maintenance and Reliability
      • Maintenance Management
      • Plant Maintenance
      • Process Plant Reliability Engineering
      • ReliabilityXperience
      • RCM Blitz®
      • Rob’s Reliability Project
      • The Intelligent Transformer Blog
      • The People Side of Maintenance
      • The Reliability Mindset
    • on Product Reliability
      • Accelerated Reliability
      • Achieving the Benefits of Reliability
      • Apex Ridge
      • Metals Engineering and Product Reliability
      • Musings on Reliability and Maintenance Topics
      • Product Validation
      • Reliability Engineering Insights
      • Reliability in Emerging Technology
    • on Risk & Safety
      • CERM® Risk Insights
      • Equipment Risk and Reliability in Downhole Applications
      • Operational Risk Process Safety
    • on Systems Thinking
      • Communicating with FINESSE
      • The RCA
    • on Tools & Techniques
      • Big Data & Analytics
      • Experimental Design for NPD
      • Innovative Thinking in Reliability and Durability
      • Inside and Beyond HALT
      • Inside FMEA
      • Integral Concepts
      • Learning from Failures
      • Progress in Field Reliability?
      • R for Engineering
      • Reliability Engineering Using Python
      • Reliability Reflections
      • Testing 1 2 3
      • The Manufacturing Academy
  • eBooks
  • Resources
    • Accendo Authors
    • FMEA Resources
    • Feed Forward Publications
    • Openings
    • Books
    • Webinars
    • Journals
    • Higher Education
    • Podcasts
  • Courses
    • 14 Ways to Acquire Reliability Engineering Knowledge
    • Reliability Analysis Methods online course
    • Measurement System Assessment
    • SPC-Process Capability Course
    • Design of Experiments
    • Foundations of RCM online course
    • Quality during Design Journey
    • Reliability Engineering Statistics
    • Quality Engineering Statistics
    • An Introduction to Reliability Engineering
    • Reliability Engineering for Heavy Industry
    • An Introduction to Quality Engineering
    • Process Capability Analysis course
    • Root Cause Analysis and the 8D Corrective Action Process course
    • Return on Investment online course
    • CRE Preparation Online Course
    • Quondam Courses
  • Webinars
    • Upcoming Live Events
  • Calendar
    • Call for Papers Listing
    • Upcoming Webinars
    • Webinar Calendar
  • Login
    • Member Home

by Fred Schenkelberg 2 Comments

4 Considerations When Designing A Risk Management Program

4 Considerations When Designing A Risk Management Program

The risk management framework in ISO 31000 provides a flexible approach to create the right program for your organization. The document doesn’t provide advice or wisdom, so you have to supply that yourself.

The details of the risk management program or specific framework in your organization includes policies, procedures, analysis, and reporting, yet it also has to work within the context of your organization.

Based on the work of Greg Hutchins in ISO 31000: Enterprise Risk Management here are four considerations to supplement your wisdom as you design and implement your program.

1.  Define Clear, Meaningful Program Objectives

As with any process or program, the success of the endeavor improves with a clear vision of the objectives and desired outcomes. A risk management program in general focuses on identifying and mitigating risks. That is too general.

Define the desired outcomes clearly. If it is to reduce the consequences of adverse surprises in the market, or from your products, say so. Be specific and clear.

“Over the next year our risk management program will identify and mitigate xx types of risks reducing adverse consequences by xx% year over year.”

The statement of the program objectives provide direction and guidance for all involved both inside and outside the organization.

2.  Keep It Simple

Risk identification and risk mitigation are complex tasks, your risk management program should not be complex. A clear objective is a start. Streamline and simplify data collection, analysis and reporting, for example.

The design of a product along with it’s verification may be complex, and it helps to avoid product recalls. Yet, when a recall is the right course of action, the triggers and implementation should be kept simple.

An overly complex risk management program increases the risk of making poor decisions, mitigating minor risks, or diverting resources unnecessarily. A simple system and it’s clear objectives permit effective implementation. An effective approach to reduce risk in an organization is reducing ambiguity.

3.  Include Cultural Elements

Beyond the technical procedures and reporting channels, also consider the behavioral elements, that culture, within your organization. How does information effectively inform the right individuals? How are messages, good and bad news messages, typically received.

The cultural elements concerning the relaying of bad information, in particular, is important to understand. A trigger or event of a significantly adverse risk may receive little attention or forwarding when the culture tends to ‘shoot the messenger’.

Blame, privacy, secrecy, all play a role to stifle the transmission of both good and especially bad news. A part of the risk management plan may need to explicitly address the cultural elements that otherwise will retard the effectiveness of your program.

4.  Define the Program Scope

The overall purpose of a risk management program is to identify and mitigate risks to the organization and to their customers. Yet a risk management program does not imply unlimited scope and authority to act in the name of addressing risks.

Establishing clear boundaries that include:

  • Who has authority to take specific actions (initiate a recall, for example)
  • Who has what spending authority, decision authority
  • What are the time lines and deadlines for routine and event related activities
  • Who can stop production
  • Who can speak to the media and when

Other elements to consider as you define the scope for your program include context, capabilities, maturity, and objectives. In many situations the existing decisions and spending authorities will map to similar risk management program responsibilities. Think it through for your organization and adjust as needed to create an efficient program.

Summary

These are just a few considerations to create a risk management program within your organization. The framework provides a structure that you can use to build your program that is unique to your organization and situation.

What else should you consider? Add your insights and suggestions in the comments section below.

Reference: ISO 31000: Enterprise Risk Management by Greg Hutchins supplemented by discussions about establishing risk management programs with Greg one the past few years.

Filed Under: Articles, CRE Preparation Notes, Risk Management Tagged With: risk management framework, Risk management techniques

About Fred Schenkelberg

I am the reliability expert at FMS Reliability, a reliability engineering and management consulting firm I founded in 2004. I left Hewlett Packard (HP)’s Reliability Team, where I helped create a culture of reliability across the corporation, to assist other organizations.

« Estimating the Normal Distribution Parameters and Tolerance Limits
What Can Value Added Auditing ™ Do for You? »

Comments

  1. Braden Bills says

    April 4, 2019 at 7:25 AM

    It makes sense that a risk management system would be important for businesses. That way they can ensure that they know what risks they face. It’s best to know what you’re facing so you can minimize potential risks.

    Reply
    • Fred Schenkelberg says

      April 4, 2019 at 9:40 AM

      Well said Braden – thanks for the comment. cheers, Fred

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

CRE Preparation Notes

Article by Fred Schenkelberg

Join Accendo

Join our members-only community for full access to exclusive eBooks, webinars, training, and more.

It’s free and only takes a minute.

Get Full Site Access

Not ready to join?
Stay current on new articles, podcasts, webinars, courses and more added to the Accendo Reliability website each week.
No membership required to subscribe.

[popup type="" link_text="Get Weekly Email Updates" link_class="button" ]

[/popup]

  • CRE Preparation Notes
  • CRE Prep
  • Reliability Management
  • Probability and Statistics for Reliability
  • Reliability in Design and Development
  • Reliability Modeling and Predictions
  • Reliability Testing
  • Maintainability and Availability
  • Data Collection and Use

© 2025 FMS Reliability · Privacy Policy · Terms of Service · Cookies Policy