1.2 Areas of risk management

We divided an organization’s risks into strategic and operational above. Different functions look at risks from their own perspective. Typical risk management review areas are as follows:

  • Personnel: Turnover, the adequacy of skills and training, conflict management and compliance with regulations
  • IT and information security: Preparedness for various attacks, the functionality of systems and the adequacy and performance of infrastructure
  • Supply chain: Disruption of the supply chain, the reliability of suppliers, product and service quality, dependence on key suppliers
  • (Business) operational processes: Non-disruption of critical processes
  • Project activity: Project governance and management
  • Legality: Compliance with laws and regulations and operating in accordance with industry standards
  • Economy: The level of financial management, avoidance of abuses, credit risks and adequacy of economic controls
  • Health and Safety: The well-being of employees and customers
  • Reputation: Public image, social media communication and protection of the brand value
  • Environment: Compliance with environmental regulations and consideration of climate change
  • Continuity: The ability to recover from business disruptions

Siloed risk management may be harmful as the organization’s functions form a network, the parts of which may influence each other. Obtaining an overall picture is also challenging in this case. Therefore, when planning management measures, it is worthwhile ensuring that it is possible to look at the risks regarding different areas as a whole.