Programme Lead, Chris Smith, looks at the impact of Covid-19 across the global economy and how a robust, ongoing and fluid risk management plan should now be a prerequisite for organisations to counter the Covid-19 crisis.

Over this last 12 months we have experienced the adverse effects and consequences of Covid-19 across every sector of the global economy. There are many questions being asked as to the when, what, how, why it started and how it was allowed to permeate every country. However, that is for future governmental bodies and WHO to determine and mitigate etc. and therefore thankfully out of the scope of this blog.

However, what has been very evident is the vital need for robust and ongoing fluid risk management plan within every organisation. It is no longer and quite frankly never was, a document to be created and filed away in the archives as a one off or annual activity. A robust Risk Management framework should be agreed, applied, reviewed and audited to ensure compliance is maintained.

Just to set the scene, ISO 31000 Risk Management, does exactly that. The standard outlines guidelines, provides principles, a framework and a process for managing risk. As such it can be used by any organisation regardless of its size, activity or sector.

The ISO 31000 Risk management was First published in 2009, with the most current version being 2018, it describes a set of guidelines intended to streamline risk management for organisations.

The ISO 31000 standard defines risk as the “effect of uncertainty on objectives”
 and an effect is a positive or negative deviation from what is expected.  The current operational environment is never more uncertain, and the outlook is steeped with an array of disconnects such as nationally Brexit and disunification. Whilst risk and opportunities from these and many other potential issues cannot always be treated successfully from a risk management prospective. Non the less, a rigorous risk management plan should go quite a way to reducing or eliminating the probability and therefore exposure.

ISO 31000:2018 explains the relationships between the risk management principles, framework and process. The diagram below shows the relationships covered by the standard.

It can be argued that most Risk Management plans focus on the negatives, for example issues that if they occur will cause problems to the organisation if they are not mitigated in some way. The organisation has to therefore understand its appetite for risk in order to make these decisions, and in doing so determine their potential exposure to risk. In order to make this meaningful risk exposure it is usually expressed in monetary terms. This also has the added advantage of being a common denominator to evaluate a range of potential business risks in order to prioritise risk to determine the risk treatment strategy to be deployed.

The key consideration point is risk management plans are now a prerequisite for organisations and staff should be coached and trained in the concepts of risk management to ensure the seamless adoption of the process ideally in conjunction with accreditation to ISO31000:2018.

Chris Smith PCQI
Programme Lead in Quality Management, rove
You can find out more about Chris here.


If you are interested in developing your leadership skills in the application of risk management, you may be interested in the CQI and IRCA PR307 Leading Enterprise Risk Management Course.  This Professional course looks at risk within the context of an enterprise/organisation, providing you with the capability of coaching top management teams in the deployment of a system approach to the leadership of risk management. Find out more about our Professional Quality Management courses here.