Accendo Reliability

Your Reliability Engineering Professional Development Site

  • Home
  • About
    • Contributors
  • Reliability.fm
    • Speaking Of Reliability
    • Rooted in Reliability: The Plant Performance Podcast
    • Quality during Design
    • Way of the Quality Warrior
    • Critical Talks
    • Dare to Know
    • Maintenance Disrupted
    • Metal Conversations
    • The Leadership Connection
    • Practical Reliability Podcast
    • Reliability Matters
    • Reliability it Matters
    • Maintenance Mavericks Podcast
    • Women in Maintenance
    • Accendo Reliability Webinar Series
  • Articles
    • CRE Preparation Notes
    • on Leadership & Career
      • Advanced Engineering Culture
      • Engineering Leadership
      • Managing in the 2000s
      • Product Development and Process Improvement
    • on Maintenance Reliability
      • Aasan Asset Management
      • AI & Predictive Maintenance
      • Asset Management in the Mining Industry
      • CMMS and Reliability
      • Conscious Asset
      • EAM & CMMS
      • Everyday RCM
      • History of Maintenance Management
      • Life Cycle Asset Management
      • Maintenance and Reliability
      • Maintenance Management
      • Plant Maintenance
      • Process Plant Reliability Engineering
      • ReliabilityXperience
      • RCM Blitz®
      • Rob’s Reliability Project
      • The Intelligent Transformer Blog
      • The People Side of Maintenance
      • The Reliability Mindset
    • on Product Reliability
      • Accelerated Reliability
      • Achieving the Benefits of Reliability
      • Apex Ridge
      • Metals Engineering and Product Reliability
      • Musings on Reliability and Maintenance Topics
      • Product Validation
      • Reliability Engineering Insights
      • Reliability in Emerging Technology
    • on Risk & Safety
      • CERM® Risk Insights
      • Equipment Risk and Reliability in Downhole Applications
      • Operational Risk Process Safety
    • on Systems Thinking
      • Communicating with FINESSE
      • The RCA
    • on Tools & Techniques
      • Big Data & Analytics
      • Experimental Design for NPD
      • Innovative Thinking in Reliability and Durability
      • Inside and Beyond HALT
      • Inside FMEA
      • Integral Concepts
      • Learning from Failures
      • Progress in Field Reliability?
      • R for Engineering
      • Reliability Engineering Using Python
      • Reliability Reflections
      • Testing 1 2 3
      • The Manufacturing Academy
  • eBooks
  • Resources
    • Accendo Authors
    • FMEA Resources
    • Feed Forward Publications
    • Openings
    • Books
    • Webinars
    • Journals
    • Higher Education
    • Podcasts
  • Courses
    • 14 Ways to Acquire Reliability Engineering Knowledge
    • Reliability Analysis Methods online course
    • Measurement System Assessment
    • SPC-Process Capability Course
    • Design of Experiments
    • Foundations of RCM online course
    • Quality during Design Journey
    • Reliability Engineering Statistics
    • Quality Engineering Statistics
    • An Introduction to Reliability Engineering
    • Reliability Engineering for Heavy Industry
    • An Introduction to Quality Engineering
    • Process Capability Analysis course
    • Root Cause Analysis and the 8D Corrective Action Process course
    • Return on Investment online course
    • CRE Preparation Online Course
    • Quondam Courses
  • Webinars
    • Upcoming Live Events
  • Calendar
    • Call for Papers Listing
    • Upcoming Webinars
    • Webinar Calendar
  • Login
    • Member Home

by Greg Hutchins Leave a Comment

How to Design an Effective Risk Management Framework

How to Design an Effective Risk Management Framework

Guest Post by Peter Holtmann (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

This article is the fourth of fourteen parts to our risk management series. The series will be taking a look at the risk management guidelines under the ISO 31000 Standard to help you better understand them and how they relate to your own risk management activities. In doing so, we’ll be walking through the core aspects of the Standard and giving you practical guidance on how to implement it.

In previous articles (1st, 2nd, & 3rd) we’ve looked at the core elements of the risk management framework generally, as well as the role of leadership and commitment, and integration more specifically. In this article, we’ll be looking at how to effectively design your risk management framework.

Introduction

In order for your risk management framework to be as effective as possible, it needs to be well designed. In this article, we’ll be looking at how to design an effective risk management framework by focusing on some key design considerations.  These considerations include understanding your organisation and its context, how commitment to risk management is articulated, the assignment of risk management roles, responsibilities and accountabilities, the allocation of organisational resources, and the establishment of communication and consultation.  Together, these key considerations will inform you to effectively design your own risk management framework.

Understanding the organisation and its context

In order for you to best design your risk management framework, you need to firstly begin by grasping a firm understanding of your organisation and the environment in which it operates. This involves both an internal and external assessment.

For the internal assessment, one of the best places to start is by looking at the vision, mission and values of the organisation. This can then lead into assessing the governance, structure, roles, strategies, objectives, policies, culture, and capabilities within the organisation. This list is not exhaustive. Whatever the internal assessment relates to, it’s also important to understand that each of these internal factors are intimately related, and they are also often influenced by external factors. This requires us to conduct an external assessment as well.

For the external assessment, you need to consider a wide variety of factors. This includes the likes of the social, cultural, political, regulatory, technological, economic and environmental factors, as well as how they work and interact act as key drivers of trends impacting your organisation. Matters which may influence such trends can also include the contractual relationships you have with external stakeholders, and how these relationships contribute to and are influenced by the complexity of your external networks. When assessing external factors, effective risk management design recognises that there is often little we can do to control those factors. Rather, we need our risk management framework to be robust to adapt to these external influences as best as possible and as efficiently as possible.

After completing the internal and external assessment of your organisation, you should have gained a solid grasp on the factors which influence your organisation’s risk management behaviours and practices, especially those which are within and beyond your control. With this knowledge, you are able to best design, adapt and iterate your risk management framework to the context and needs of your organisation.

Articulating risk management commitment 

Your organisation’s management team and relevant oversight bodies should be effectively communicating and articulating their commitment to risk management. This is natural to assume, given our previous articles have touched on the notion that leadership and commitment regarding risk management runs from the top down. For this reason, management and relevant oversight bodies need to do more than just articulate their commitment with words; they also need to actually be acting as risk management exemplars.

Although actual behaviour is important, articulation of what that behaviour should be is also important. In doing so, you may select tools such as policies, statements, or forms to highlight the importance and necessity of good risk management practices. Now, these tools shouldn’t just be used internally. They should also be used externally in order to potentially attract resources. Resources in this sense may include government grants for safe practices, accreditation, as well as human capital who value working in safe environments.

Without the articulation of your organisation’s commitment to risk management, calculated risk behaviours will likely be absent from your organisation; a matter which can lead to significant costs both financially and non-financially. However, written tools articulating best risk practices should not be used at the cost of actual, observable risk behaviours within your organisation.

Assigning organisational roles, authorities, responsibilities and accountabilities

As we’ve mentioned in previous articles, one of the key aspects of risk management is having people accountable for doing so. Part of the accountability aspect of this is choosing and knowing who to assign these responsibilities and accountabilities to. Before we dive into specifics, it should be noted that while it is critical to have clear cut roles for who is responsible for risk management, this shouldn’t defeat your whole organisation also being responsible for risk management. Risk management is a core responsibility of everyone in your team.

When assigning these types of roles, you may like to identify the ‘risk owners’ within your organisation. It’s reasonable to assume that the most popular ‘risk owners’ are managers. Managers are typically a good option as they already have the authority to manage risk within the scope of what they’re already appointed to manage. If you work with a smaller organisation or if you’d like to spread out the specific responsibility across your organisation, you may also choose to appoint ‘safety champions’ to manage risks within the specific environment they work. Appointing these types of roles can also help to reinforce a culture of safety.

Allocating resources

One of the most pressing points about risk management is having the resources to do so. Even when we know we do have the resources, we need to ensure that we allocate them effectively. Insufficient or inadequate allocation of resources towards risk management activities can completely undermine your efforts, and therefore the safety of your team.

When allocating resources, you need to consider things like your organisation’s processes, methods, and tools, documented processes and procedures, information and knowledge management systems, and professional development and training needs.

When considering these things, ask questions along the lines of whether or not they’re currently effective, and if they are effective, whether or not they can be improved. This will then help guide you to figuring out what aspects need the most investment, and you can therefore allocate your resources accordingly. This approach to resource management operates as a design mechanism which helps support a robust and effective risk management framework

Establishing communication and consultation

One of the most important characteristics of an effective risk management framework is that it is consistently adapted and iterated to the changing needs of the environment in which it operates. To do this, solid lines of communication and consultation need to be established.

In doing so, you should have an approved approach which both sends and receives messages relating to risk. Having a platform for your organisation to do this can operate as an important cultural factor to support positive risk behaviours.

When sending messages on such a platform, it is critical to ensure that the medium used reflects the needs and expectations of the stakeholder to which it is directed. The message being sent should also be timely and appropriate in the context of risk.

When receiving messages, it’s important for management to interpret and synthesise that data to then effectively action it. Messages received can be particularly useful for gaining insight into aspects of your organisation which may be missed in policy drafting, as well as any changes that may arise from new policies or procedures, for example. When this data is actioned, changes should then be communicated to your organisation.

As we can see above, solid communication and consultation mechanisms are a critical support tool for helping to both design and maintain the design of an effective and relevant risk management framework.

Conclusion

Ultimately, appropriate design factors are fundamental for supporting a solid and effective risk management framework. When the factors that we’ve touched on in this article are properly and thoroughly addressed, we are then able to build, adjust and adapt our own frameworks as needed and in the best interests of our organisation’s safety practices.

If you have any stories – good or bad – about how you’ve designed your risk management framework, I would love to hear them.

If you’re looking at designing a risk management framework in light of your practices and procedures and would like some guidance or a conversation to help you on your journey, please contact me. I’m more than happy to guide you.

About the author

Peter is the Founder and Director of Holtmann Professional Services, a global provider of executive coaching, business excellence consulting and career path development. Peter has 20 years of experience in executive roles and has been the President and CEO of a global non-profit. Peter has written for many journals and blogs, is a keynote speaker and is a champion of prosperity through excellence of leadership.

If you are interested in working with Peter, please reach out to enquiries@holtmann.com.au.

Filed Under: Articles, CERM® Risk Insights, on Risk & Safety

About Greg Hutchins

Greg Hutchins PE CERM is the evangelist of Future of Quality: Risk®. He has been involved in quality since 1985 when he set up the first quality program in North America based on Mil Q 9858 for the natural gas industry. Mil Q became ISO 9001 in 1987

He is the author of more than 30 books. ISO 31000: ERM is the best-selling and highest-rated ISO risk book on Amazon (4.8 stars). Value Added Auditing (4th edition) is the first ISO risk-based auditing book.

« Duration of Job vs Labor Hours Required
Why Understanding Statistical Process Control Is Important »

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

CERM® Risk Insights series Article by Greg Hutchins, Editor and noted guest authors

Join Accendo

Receive information and updates about articles and many other resources offered by Accendo Reliability by becoming a member.

It’s free and only takes a minute.

Join Today

Recent Articles

  • test
  • test
  • test
  • Your Most Important Business Equation
  • Your Suppliers Can Be a Risk to Your Project

© 2025 FMS Reliability · Privacy Policy · Terms of Service · Cookies Policy