Printable version

Best practice for managing organizational risk

Blog posted by: Allan Thomson – PPM Product Ambassador, AXELOS, 31 March 2020.

Section of flowchart with 'RISK?' at centre of cell and arrows leading to 'YES' and 'NO' on desk next to calculator, pen and pair of glasses

How do organizations identify and mitigate risk at a time of international emergency, like the current Coronavirus (COVID-19) pandemic?

In the circumstances affecting countless enterprises, leadership must find a way to keep “business as usual” going and people functioning while in a completely unique and alien situation.

And what senior executives need to acknowledge is the importance of risk at the corporate, strategic level and how – when risks become issues – they can threaten the organization’s strategic objectives and, at worst, its existence.

The size of an organization doesn’t matter; managing risk must be principles-driven to protect the enterprise. Therefore, the Management of Risk (M_o_R) best practice guidance is principles-based and designed to treat risk as a strategic management discipline.

Managing risk at a time of COVID-19

Right now, in the context of the current pandemic, managing risk begins with individual behaviour: complying with Government instructions to avoid becoming ill, spreading the virus and averting further fatalities.

Organizations are also facing new risks, such as shutting down their operational sites and having employees work remotely.

To understand what the risks are and how to mitigate them, leaders should compile a risk register – basically a tool to document risks – which is designed to “record uncertain events that would affect one or more business objectives”. This should identify and prioritize risks, including:

  • Risk description
  • Probability of the risk occurring
  • Impact on one or more business objectives
  • Proximity of the risk
  • Risk mitigation
  • Risk owner.

For example, the risk register could include information such as:

  • If staff don’t stick to social distancing rules, they could become ill with the virus and put themselves in jeopardy
  • If the organization doesn’t provide adequate IT support, employees can’t work remotely
  • Staff unaccustomed to working from home may be faced with multiple distractions that affect their performance and quality of work.

Having identified several risks in the current climate, organizations need to mitigate them:

Promoting social wellbeing

Organizing online meetings or one-to-one chats with line managers or simply phoning team members to ensure they’re OK are key actions to ensure a business is looking after its people in uncertain times.

Facilitating online working

Though people need to be patient in an abnormal situation, organizations need to ensure their IT systems can handle the volume of people logging on remotely.


It’s important to have a clear point each day or a weekly update when senior management will know exactly what they need to tell their employees/stakeholders and share that information, ensuring it’s both relevant and current.

A question I’ve sometimes heard in relation to managing risk is: “Why are we doing all this risk stuff? It might never happen?”

Nobody can predict the future, which is precisely the point of preparing for and managing risk. If risks become issues, and organizations are ill-prepared, they will ultimately pay for it; not only with dollars and cents but also their brand reputation.


Channel website:

Original article link:

Share this article
Home Qualifications Training Licencing Store News


Latest News from