Accendo Reliability

Your Reliability Engineering Professional Development Site

  • Home
  • About
    • Contributors
  • Reliability.fm
    • Speaking Of Reliability
    • Rooted in Reliability: The Plant Performance Podcast
    • Quality during Design
    • Way of the Quality Warrior
    • Critical Talks
    • Dare to Know
    • Maintenance Disrupted
    • Metal Conversations
    • The Leadership Connection
    • Practical Reliability Podcast
    • Reliability Matters
    • Reliability it Matters
    • Maintenance Mavericks Podcast
    • Women in Maintenance
    • Accendo Reliability Webinar Series
  • Articles
    • CRE Preparation Notes
    • on Leadership & Career
      • Advanced Engineering Culture
      • Engineering Leadership
      • Managing in the 2000s
      • Product Development and Process Improvement
    • on Maintenance Reliability
      • Aasan Asset Management
      • AI & Predictive Maintenance
      • Asset Management in the Mining Industry
      • CMMS and Reliability
      • Conscious Asset
      • EAM & CMMS
      • Everyday RCM
      • History of Maintenance Management
      • Life Cycle Asset Management
      • Maintenance and Reliability
      • Maintenance Management
      • Plant Maintenance
      • Process Plant Reliability Engineering
      • ReliabilityXperience
      • RCM Blitz®
      • Rob’s Reliability Project
      • The Intelligent Transformer Blog
      • The People Side of Maintenance
      • The Reliability Mindset
    • on Product Reliability
      • Accelerated Reliability
      • Achieving the Benefits of Reliability
      • Apex Ridge
      • Metals Engineering and Product Reliability
      • Musings on Reliability and Maintenance Topics
      • Product Validation
      • Reliability Engineering Insights
      • Reliability in Emerging Technology
    • on Risk & Safety
      • CERM® Risk Insights
      • Equipment Risk and Reliability in Downhole Applications
      • Operational Risk Process Safety
    • on Systems Thinking
      • Communicating with FINESSE
      • The RCA
    • on Tools & Techniques
      • Big Data & Analytics
      • Experimental Design for NPD
      • Innovative Thinking in Reliability and Durability
      • Inside and Beyond HALT
      • Inside FMEA
      • Integral Concepts
      • Learning from Failures
      • Progress in Field Reliability?
      • R for Engineering
      • Reliability Engineering Using Python
      • Reliability Reflections
      • Testing 1 2 3
      • The Manufacturing Academy
  • eBooks
  • Resources
    • Accendo Authors
    • FMEA Resources
    • Feed Forward Publications
    • Openings
    • Books
    • Webinars
    • Journals
    • Higher Education
    • Podcasts
  • Courses
    • 14 Ways to Acquire Reliability Engineering Knowledge
    • Reliability Analysis Methods online course
    • Measurement System Assessment
    • SPC-Process Capability Course
    • Design of Experiments
    • Foundations of RCM online course
    • Quality during Design Journey
    • Reliability Engineering Statistics
    • Quality Engineering Statistics
    • An Introduction to Reliability Engineering
    • Reliability Engineering for Heavy Industry
    • An Introduction to Quality Engineering
    • Process Capability Analysis course
    • Root Cause Analysis and the 8D Corrective Action Process course
    • Return on Investment online course
    • CRE Preparation Online Course
    • Quondam Courses
  • Webinars
    • Upcoming Live Events
  • Calendar
    • Call for Papers Listing
    • Upcoming Webinars
    • Webinar Calendar
  • Login
    • Member Home

by Greg Hutchins Leave a Comment

Integrating Your Risk Management Framework into Your Organization

Integrating Your Risk Management Framework into Your Organization

Guest Post by Peter Holtmann (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

This article is the third of fourteen parts to our risk management series. The series will be taking a look at the risk management guidelines under the ISO 31000 Standard to help you better understand them and how they relate to your own risk management activities. In doing so we’ll be walking through the core aspects of the Standard and giving you practical guidance on how to implement it.

In our previous articles (1st, 2nd) we introduced you to the core elements of the risk management framework. This included integration, design, implementation, evaluation, improvement, and the role of leadership and commitment.

In this article, we’ll be looking at integrating and adapting the risk management framework to your organisation. In particular, we’ll be focusing on how you can best understand your organization’s structures and context, appreciate the role of governance and strategy, appreciate risk management accountability, and the importance of being iterative and dynamic with your approach to integration.

So, why is integration important? Well, risk management doesn’t work well when it’s disjointed. For risk management practices to work well, they need to be cohesive and in tune with the rest of the organisation, and they need to be a part of all other parts of the organisation. Failing to have integrated practices can lead to poor decision making, which increases your risk exposure. When we’re able to address each of the factors that we identified above, we’re able to have the best opportunity at successfully managing risk within our organisation.

Understanding your organization’s structures and context

Firstly, we’ll begin with getting you to grasp a solid understanding of the structures within your organisation. There are three steps to understanding your organisation’s structures and context.

The first step is to begin by recognising your organisation’s structures. Structures in this sense can include the likes of organisational hierarchies, functions, and the networks within it. For example, you might begin with recognising a risk management reporting line that spans across different hierarchical levels of your organisation.

Once you’ve identified the structure, the second step is to then ask yourself about the purpose of the structure. This includes questions like ‘what does it do?’, ‘why?’, ‘is it effective?’, and ‘how can it be improved?’. If you work in a large organisation, you may find that there are a number of different structures that interact in quite a complex manner, so this step may be a little more tedious than that for smaller organisations which typically have simpler structures. Regardless of the size of your organisation, starting with simple questions like these can be the best way to help guide successful risk management integration.

Once you have a solid understanding of the structures within your organisation, the third step is to consider them in the context of your organisation. Giving thought to context is required for successful integration as it helps recognise barriers to integration. You then have the opportunity to design strategies to overcome those barriers.

This requires giving thought to both your internal and external operating environments. For internal environments you should be considering the effect that current structures have on that environment. For example, this can include whether a reporting process is too complex so your workers don’t report at all. It can also include giving thought to your organisational goals, and how well current internal structures align with those goals.

For external environments, you could consider market forces such as what others within your industry are doing in terms of risk management, as well as what you can learn from them. This doesn’t just include competitors, but can also include risk management bodies such as the ISO. You may also like to look at what your suppliers are doing in terms of risk management, depending on what industry you work in.

Regardless of the size of your organisation and the industry you operate in, your actions towards integrating the risk management framework needs to be relevant and context specific.

If you work in a small organisation, there is no benefit to creating complex risk management structures that exceed the needs of your organisation. By the same token, if you work in a large organisation, there is little benefit to oversimplifying your approach when you know the complexity of your organisational structures.

In any event, ensuring that you effectively integrate risk management into your organisation begins with having a solid understanding of its structures and context.

Governance and strategy

Governance is the steering head of your organisation. It helps to inform the decisions you do and don’t make, it regulates the relationships within and outside of your organisation, and it also ensures that the purpose and goals of your processes and procedures are being achieved to the best of their ability. In essence, good governance is holistic and doesn’t focus explicitly on one particular aspect of an organisation to the detriment of others. Rather, it gives consideration to each of these aspects in the context of the organisation as a whole. It is also key to helping to effectively integrate the risk management framework.

For good governance to be effective, it needs to work closely with your organisation’s strategy. This is because good governance informs your strategy, and strategy is a tool for good governance objectives to be executed. This assumes, firstly, that you actually have a strategy. If you don’t, you should build one. This is because strategy is particularly relevant to guiding how an organisation can perform well with its risk management activities.

Together, governance and strategy can help respond to the understanding that you built of the structures and context of your organisation. They work hand in hand, and together they can work to guide you in integrating the risk management framework to the best degree possible.

Determining risk management accountability

Your organisation’s people are central to effectively integrating the risk management framework. This is because everyone within your organisation is responsible for risk management. If they’re at the top of your organisation, they’re responsible for risk management. If they’re at the bottom of your organisation, they’re responsible for risk management. Without this holistic approach to accountability, your risk management practices would not integrate well.

Now, while everyone within the organisation is responsible for risk management, you may choose to have someone explicitly dedicated to such a role. This may take the form of a safety officer, for example. This may be a more feasible option for larger organisations, whereas smaller organisations may choose to integrate aspects of such a role into current positions. Explicit allocation of risk management can be achieved at any level of your organisational structure, and as we touched on briefly before, can help to create reporting lines across different levels of the organisational hierarchy which then vertically reinforces integration within the organisation.

Whether or not you choose to explicitly allocate accountability for risk management, you need to have effective and relevant structures, procedures and processes in place to support your team in managing risk, whether it is explicitly their job or not. As we mentioned previously, your choice on this matter will depend on the needs and context of your organisation.

Being iterative with your approach

Risk management integration is a dynamic and iterative process. It requires feedback to be taken from those within and outside your organisation to help recognise risk management pitfalls and then design proactive strategies to address them. This is essential for ensuring that your approach remains continually tailored to your organisation’s context, needs, and culture, of which can change over time. There’s no benefit to having risk management mechanisms in place if they’re not relevant or not effective to their purpose. If it doesn’t integrate and remain integrated, you don’t want it.

Integrating risk management frameworks into your organisation can be tricky. It requires considerable attention to be given to your organisation’s structures and context, governance and strategy, accountability functions, and iterative processes. When these factors are effectively attended to however, we give ourselves the best opportunity to integrate risk to the wants and needs of our organisation.

If you have any stories – good or bad – about how you’ve integrated the risk management framework into your organisation, I would love to hear them.

If you’re looking at integrating the risk management framework into your practices and procedures and would like some guidance or a conversation to help you on your journey, please contact me. I’m more than happy to guide you.

About the author

Peter is the Founder and Director of Holtmann Professional Services, a global provider of executive coaching, business excellence consulting and career path development. Peter has 20 years of experience in executive roles and has been the President and CEO of a global non-profit. Peter has written for many journals and blogs, is a keynote speaker and is a champion of prosperity through excellence of leadership.

If you are interested in working with Peter, please reach out to enquiries@holtmann.com.au.

Filed Under: Articles, CERM® Risk Insights, on Risk & Safety

About Greg Hutchins

Greg Hutchins PE CERM is the evangelist of Future of Quality: Risk®. He has been involved in quality since 1985 when he set up the first quality program in North America based on Mil Q 9858 for the natural gas industry. Mil Q became ISO 9001 in 1987

He is the author of more than 30 books. ISO 31000: ERM is the best-selling and highest-rated ISO risk book on Amazon (4.8 stars). Value Added Auditing (4th edition) is the first ISO risk-based auditing book.

« Self Ownership Part 5
Reliability Assessment and Acquisition Method »

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

CERM® Risk Insights series Article by Greg Hutchins, Editor and noted guest authors

Join Accendo

Receive information and updates about articles and many other resources offered by Accendo Reliability by becoming a member.

It’s free and only takes a minute.

Join Today

Recent Articles

  • test
  • test
  • test
  • Your Most Important Business Equation
  • Your Suppliers Can Be a Risk to Your Project

© 2025 FMS Reliability · Privacy Policy · Terms of Service · Cookies Policy