Risk Management is Hard Work…

Risk Management Software is complex and unwieldy to manage

Keeping your risk profile up to date soaks up precious time

Getting the control and improvement processes to happen is a struggle

And don’t even mention reporting!

Risk Management is important, but nailing it is hard

There are common causes for this. Provided people understand risk management the way ISO 31000 explains it, it usually comes down to not having the right tools to do the job. You need tools to automate the communications processes. These need to seamlessly flow through to mitigation and improvement. The system must engage everyone in risk management, rather than centralise it to one person. Finally, any good risk management software must make what’s happening (or not happening!) transparent, with great reports.

RelianSys® Risk Management Software incorporates a systems approach to managing risk. This draws on extensive experience and understanding of how organisations actually work. It works because it understands how you work. It takes the ISO 31000 risk management approach and turns it into a logical workflow.

RelianSys® Risk Management Software is a powerful tool, for people who want a practical solution. It sweeps the barriers away, so you can manage risk properly across your organization. It’s flexible, and easy to use. It’s equally effective from the smallest to the largest organization, and across the range of industry types.

How It Works

  • Enables you to put a comprehensive ISO 31000 risk management system in place

  • Works in harmony with your organisational processes

  • Streamlines and integrates all your risk requirements into one powerful system

  • Logical simplicity is built into the software architecture and work flows

  • Integrates proper due diligence into your processes

  • Blends with the systems and workflows you already have in your organisation

Managing Risk

  • Establish and deploy your ISO 31000 risk management system across your site

  • Customise your set-up to your own individual risk framework

  • Maintain visibility of risk profiles by department, consequence area and at the organisational level

  • Risk management is all automated, so it integrates with your management systems and work flows

  • All of this makes control and risk mitigation easy

Easy Deployment

  • Our depth of business experience translates into a solution that will not waste precious time

  • Designed to be the most practical and easy-to-use application possible

  • Easy to navigate and deploy

  • Practical extra features such as Actions Plans, Reminders and Escalations

  • Ensures every employee is a risk manager of their own processes


  • Comprehensive colour coded reports that drill down into your risk status at any time

  • Produce reports by risk level, consequences, departments, sites or across your entire organisation

  • Risk profile visibility and improvements at all levels of your organisational structure and reporting streams

  • Create additional reports to audit your risk controls

  • Ensures you maintain focus on risk management when auditing systems and processes

  • Embeds the due diligence framework that effective risk management relies upon

9 Stages of Risk Management

1. Communicate and Consult

The first step is to involve the people who have an interest in the process, and therefore the risks, which are to be managed. Broad and inclusive communications will enable as much relevant information as possible to be gathered. This ensures the correct context, identification, prioritisation and analysis of risks. Buy-in at this stage is also important to ensure the involvement and commitment needed for the achievement of risk management outcomes.

2. Establish the Context

Establishing the context need not be a difficult concept to understand and apply. Risk is defined as “an opportunity for something to occur that can impact objectives”. Objectives are normally derived from the organisational strategy, so the first step is to understand the strategic and business objectives. We can then look at the influences that will impact on those objectives; for example, political/legal, economic, social, technological, trends and global issues. Within organisations there will generally also be operational or internal objectives at the business unit level. By clarifying these objectives, it becomes easier to understand the context and the environment in which those risks exist. When we have clarified the objectives of and throughout the organisation, we can determine the scope of the risk management activities we are going to undertake. Clear boundaries or reference points, as well as intended outcomes can be established, together with a logical approach to identify and manage risks throughout the organisation.

3. Establish the Risk Framework

We develop our criteria for measuring risk in terms of how likely risks are to impact on our objectives, as well as the consequences if they do occur. This is commonly known as a risk matrix . It is needed in order to rate the severity of risks for our organisation. Most organisations tend to choose 4 or 5 levels of likelihood, from rare through to almost certain. Consequences can fall into many categories. These may include financial, quality, environmental, health and safety, asset, business disruption. When we have established these categories we need to ‘calibrate’ them across the consequence categories. By combining the various levels of likelihood and consequence, we can apply our risk ratings throughout the organisation. Examples of risk ratings could be from low through to extreme. For example if something is almost certain with a consequence of fatality, we would obviously give that the highest risk rating of Extreme.

4. Identify the Risks

This is done by systematically reviewing processes and questioning what could possibly go wrong, or what could possibly be achieved. Risk identification is best undertaken using a multidisciplinary team. This provides a better opportunity to identify all risks and their causes. It is wise to have one or two people who have a very good understanding of the processes involved, and include all levels of management. Other stakeholders from interfacing processes can provide valuable input, as well as stakeholders who may incur the consequences of risks turning into negative or positive consequences. Risk Identification should be undertaken using a systematic approach, starting at interfaces, working through processes and finishing with down stream interfaces. If ad hoc or intuitive approaches are used, important risks may not be identified.

5. Analyse the Risks

Analysis enables us to make informed decisions about prioritisation of risk treatment. It involves starting from the basis of the existing controls we have in place. Then we consider the likelihood and consequences of the risk, in the context of a range of factors, such as historical information, performance, experience, research and stakeholder input.

6. Evaluate the Risks

Once risk analysis has been completed, we can determine the ranking and prioritisation of risks for treatment purposes. This is based on the criteria we established in the risk framework. For our higher level risks, we may undertake some further investigation and analysis to determine treatment plans.

7. Treat the Risks

Risk treatment strategy is the major work of risk management, and depends on what the organisation wants to achieve. For example, the organisation may limit its treatment activities to what is the accepted normal practice in that industry, or it might aim for the absolute minimum risk no matter what the cost. There are generally a number of priorities and methods of treating risk.

For negative risks:

  • Avoid the Risk
  • Reduce the likelihood of the event happening
  • Reduce the consequences if it does happen
  • Share some or all of the risk
  • Accept/Retain the Risk and develop contingencies

For positive outcomes, we want to exploit the opportunity. This may involve:

  • Determining those outcomes to pursue
  • Improving the likelihood of the opportunity
  • Improving the consequences
  • Sharing the opportunity
  • Retention of the remaining opportunity

Risk treatment should be undertaken using a planned approach that can be monitored and evidenced. Some analysis does need to be undertaken to determine the best method of treatment, taking into consideration the cost and the benefit, legal and social issues, and perception of stakeholders.

8. Monitor and Review

We need to ensure that once the previous steps have been implemented, that the risk management process is monitored, with regular review and reporting. Risk likelihoods and consequences can change over time. Risk profiles should be monitored to identify changes, and to ensure that the treatment plans are in accordance with the parameters we set, including time, resources, and responsibilities. Management need to be able to measure the improvements made and demonstrate due diligence in the treatment. Appropriate KPIs may be established, trended and monitored to support this.

9. Records

Risk management is a fundamental element of due diligence. We need to ensure that we have sufficient auditable evidence of how risk management is being applied, both for decision purposes, and to demonstrate integrity in the processes of risk management. This means that we should have documented evidence of each stage including our methods and sources of information and risk treatments.

Want to know more?
Download the RelianSys® Risk Brochure here
Phone us on 1300 793 905 or contact us here.