Risk Management with AS 4360:2004
The Australian standard AS/NZS 4360:2004 Risk Management - provides a description of a versatile and widely-applied risk management approach. It defines risk as
"…the possibility of something happening that impacts on your objectives. It is the chance to either make a gain or a loss. It is measured in terms of likelihood and consequence."
The standard is based on an iterative process, centered around the following steps:
- Establish Goals & Context
- Identify Risks
- Analyse Risks
- Evaluate Risks
- Treat Risks
The standard also recommends that the processes of Stakeholder Consultation and Communication, and Monitor & Review, be undertaken in parallel with these activities, both informing and informed by them.
Figure 1 : The AS 4360 Risk Management standard process
This is a generic process framework. We outline an example implementation of this framework below.
Establish Goals and Context
What are the broader strategic goals of the organisation? What part does this project play in achieving these goals? Who are the relevant stakeholders, both internal and external? What is the general risk management approach of the organisation? What resources does the organisation have available to treat risks?
Identify Risks
What events could occur? What are the sources of these events?
Assess Risks
How likely are the identified risks to occur? What would be the consequence if they did occur, as constrained by the existing environment and controls? What is the resultant level of risk ( Likelihood multiplied by Consequence ) ?
Treat Risks
Are each of these risks acceptable? How shall they be treated? How will treatment be planned and managed?
Example implementation
Risk Management Approach to SharePoint
TBD. Coming soon.
Using SharePoint for Risk Management
TBD. Coming soon.