The purpose of risk management is to enable decision makers to make (better) decisions with risks in mind to achieve their goals. But how does risk management work? There are different views in this area and we call them risk management methods. The different methods are summarized in risk management models or risk management frameworks.
The different models are standard included in RISKID, a practical risk management software tool. One of these models is RISMAN. This is the term used in the Netherlands, but internationally, it is better known as PESTEL analysis for risk management. This model was originally developed for projects, but it is also well suitable for programs and organizations. What does the RISMAN method entail?
The RISMAN method defines risk management process steps, RISMAN perspectives and RISMAN impact classes. We will tell you more about these later on. The thing is that often times the different aspects are forgotten or confused with each other. So bookmark this page as a reference (e.g. for the full list of the RISMAN perspectives and impact classes).
RISMAN method: this is what it means
So the RISMAN method is suitable for projects as well as for organizations and programs. In order for RISMAN to work properly, your organization must meet two basic requirements:
- Risk management must be aligned with your current business and operational processes.
- Everyone involved must be responsible for identifying the risks and taking action for the risks within his or her area of responsibility.
The RISMAN method aims to achieve the following aspects:
– Continuous identification of risks and making them discussable
Together with all stakeholders, the risks are identified using the RISMAN perspectives. This causes a strong risk awareness within the organization, so that risks can be regularly identified and discussed. Continuous identification and discussion of risks enables management to make effective decisions in the risk management process.
– Proactive instead of reactive risk management
The RISMAN method is based on a proactive approach. This is enabled by identifying and implementing control measures before risks actually arise. This is of course an iterative process. For this to work, it is important that you always provide an open communication on risks.
Steps within the RISMAN risk management process
The RISMAN method is used as an iterative risk management process. This process consists of several steps. When using the RISKID software, you go through all these steps in a structured way. If you are interested in this, you can request a demo.
The RISMAN risk management steps are as follows:
Step 1: Integrated risk analysis
A risk analysis consists of the following (sub)steps:
1.1. Identifying risks
As indicated earlier, you identify risks from the RISMAN perspectives. You do this together with all stakeholders. This way you ensure a higher risk awareness in the team. The 7 RISMAN perspectives are:
- Financial / economical
1.2 Evaluate risks on probability and impact
When evaluating the risks, the RISMAN method distinguishes 6 impact classes:
Step 2: Define control measures
After step 1 you have an agreed upon and prioritized list of risks. In step 2 you will determine control measures for the most important or critical risks. As soon as these have been mapped out, a choice is made as to which measures will actually be taken.
It is important for the subsequent follow-up, that a risk owner has been assigned for the risk and an actioner for a measure.
The results of step 2 of the RISMAN method are:
- Defined control measures per (critical) risk
- Responsible person for each risk and control measure
Step 3: Implement control measures
The responsible persons implement the defined measures. The basis for this is the list made in step 2. If you are one of the risk owners, then it is possible for you to adjust the risk profile or risk score after implementation of the associated measures.
Step 4: Iterative control measure evaluations
Regular and iterative evaluations of the implemented control measures are very important in the RISMAN method. Questions to be asked are: Has the desired effect been achieved? If so, adjust the probability or impact score of the risk. If not, find out why and process it in the “lessons learned”. Evaluation should be done regularly, for example monthly.
Step 5: Update risk analysis
After the evaluations have been carried out, the risk analysis is optimized and adjusted. Are all risks still current? If not, you can “remove” less relevant risks from the list by changing the risk status.
Make sure to check with stakeholders whether new risks need to be added. This can happen, for example, due to (major) changes in the environment or the start of a new (project) phase. Assess these new risks on probability and impact as well.
RISMAN perspectives for integral risk analysis
In step 1, for the risk identification, we already saw them: the RISMAN perspectives. These are “angles” in identifying risks. They indicate in which areas risks can arise. The 7 RISMAN perspectives are:
- Financial / economical
Impact classes: assess the impact of the risks
What is the probability of a risk and what impact can you expect? Risks can influence various aspects. With the RISMAN method you assess the risks based on 6 different impact classes:
RISMAN perspectives and impact classes: this is the difference
CAUTION: do not confuse the RISMAN perspectives and RISMAN impact classes with each other! The RISMAN perspectives are used to widen one’s field of vision during the risk identification (step 1.1). An engineer, for example, tend to exclusively focus on technical risks, but bearing the various perspectives in mind, he/she is encouraged to think of other perspectives as well, e.g. organizational or financial risks. Only when you have considered all 7 perspectives during the risk identification, the chance of “forgetting” important risks will be minimized.
The RISMAN impact classes on the other hand, help you determine the various types of impacts of the risks (step 1.2). In other words: you gain insight into the size of the possible damage of the risks on the different impact classes. So when a risk materializes, how much financial or reputational damage could we expect? By properly scoring risks on the different impact classes, you create a good start for determining effective control measures.
RISKID: an automated risk management tool
So now that we know all the ins and outs of the RISMAN/PESTEL method for risk management, the question arise: how do you perform such a risk analysis? In practice, this is often done manually. (Risk) management teams work with Excel, post-its and e-mail, for example. But even better is of course an automated and structured risk management tool, such as RISKID! This allows you to easily involve all stakeholders in the risk management process. You also make it simpler and more attractive for them to participate! And that’s what it’s all about; collaborative risk management.
RISKID supports the implementation of risk management models
Do you want to implement risk management methods such as RISMAN within your team or organization? Then you may still be looking for an effective and efficient way. The RISKID software gives you tools to tackle this! Are you curious or do you want more information? We are happy to explain how RISKID supports the RISMAN/PESTEL methodology.
The RISKID risk analysis process can help professionalize your risk management team or organization, making your risk management method even more professional. Feel free to contact us if you have any questions.