Varsle Kystverket
Selvbetjening Siste Nytt
English

Stage 6 recording and reporting

The risk management process and its outcomes should be documented and reported through appropriate mechanisms. Recording and reporting aims to:

  • communicate risk management activities and outcomes across the organization;
  • provide information for decision-making;
  • improve risk management activities;
  • assist interaction with stakeholders, including those with responsibility and accountability for risk management activities

Decisions concerning the creation, retention and handling of documented information should take into account, but not be limited to: their use, information sensitivity and the external and internal context.

Reporting is an integral part of the organization’s governance and should enhance the quality of dialogue with stakeholders and support top management and oversight bodies in meeting their responsibilities.

Factors to consider for reporting include, but are not limited to:

  • Differing stakeholders and their specific information needs and requirements;
  • Cost, frequency and timeliness of reporting;
  • Method of reporting;
  • Relevance of information to organizational objectives and decision-making.
  • Parallel activity A: Communication and consultation

    Good communication and consultation is usually crucial for effective risk management. As shown in Figure 1.3.1, ISO 31000:2018 indicates that stakeholders may have an important role in all stages of the risk management process. Understanding the needs, interests, and influence of stakeholders, including their risk perceptions, and their legal and social context, can greatly affect the effectiveness of the definition of the context, the risk assessment, and risk treatment. Stakeholder communication and consultation is often also critical in sourcing funding for risk control options. It is rather common that certain risk analysis techniques produce information and lead to risk assessment findings where other actors have the authority to implement changes in the system. This is especially the case in large-scale, distributed systems where legal and operational responsibilities are divided between private actors and public authorities. In such cases, communicating the findings to relevant actors should be appropriately considered. Risk matrices and probability-consequence diagrams are often applied in risk communication activities, for decision makers and stakeholders to obtain a common understanding of the relevant risks. Depending on the application, also maps displaying the risk levels over spatial areas, or diagrams showing the evolution over time, are used.

  • Parallel Activity B: Monitoring and review

    Monitoring and review in the risk management process is another important parallel activity, which cuts across the various risk management stages. Focusing on the implementation of an ongoing risk management process, quality management activities ensure that the information processed in the five stages is adequately utilized to establish the context, perform the risk assessment, and implement appropriate risk control options. Such monitoring and review is critical to ensure high-quality, timeliness, and useful risk assessment for making good risk management decisions. This monitoring also concerns the consultations and communication with the stakeholders. Another aspect of the monitoring and review activity addresses the fact that systems, as well as the nature of the activities and processes within the system, and their environment, change over time. It is, therefore, vital that risk management is up-to-date, which requires a periodic re-evaluation of the adequacy of the applied tools and information sources. This aspect aligns with the continuous improvement of the overall risk management framework, see Section 1.2.

Lenker

Til toppen