Here at Keepsite our passion is helping organisations make better decisions and learn over time so they can keep delivering more profitable outcomes for their teams and stakeholders. To that end, Keepsite supports and enables ISO 31000 2018-02 risk management guidelines and has been developed explicitly to help leading organisations;
- Implement a consistent risk management approach across the organisation.
- Circulate risk information across the organisation to where it will be most useful. Further, to do so in real time, enabling timely, impactful, risk-informed decision making.
- Learn over time by utilising their ever-growing database of structured risk data to continuously improve operational performance and increase value-for-money for stakeholders.
In this article we discuss how Keepsite can support you in your quest to decision-making nirvana* and operational excellence through the application of the principles underpinning ISO31000.
All organisations face uncertainty. This uncertainty is at the heart of the risk management challenge. Where many organisations had previously, often successfully, utilised spreadsheets and other tools for risk management, the opportunity now exists to better utilise digital technology to completely integrate organisations, their assets, people, processes, and projects, and to circulate risk information throughout the organisation and use it to great effect. Enabling this revolution is the driving motivation for the Keepsite team.
Keepsite is suitable for use by any organisation, whether small, large, simple, complex, decentralised, or centralised, at any current level of risk maturity. It can accommodate any organisation structure without requiring software customisation on a per customer basis (Keepsite is configurable SaaS).
Below we discuss Keepsite with specific reference to the principles enshrined in ISO31000 and detail Keepsite’s approach as we endeavour to catalyse a step change in how risk management is done in the 21st century.
Principle 1: Integrated
For risk management to serve its purpose of enabling better decisions, better foresight, and more stable, predictable organisations, people and information from across the broader organisation structure, as well as key stakeholders (the organisation supply chain, for example) need to be integrated within one common system. This integration must be facilitated in a manner consistent with the organisation structure so that delegated authority and the desired degree of operational autonomy can be provided for across business units and projects.
Where in the past organisations have not been able to effectively integrate risk information due to it being contained within organisation silos, Keepsite’s unique integration model connects the entire organisation (including, where desired, with its supply chain), meaning that organisation resources can be better utilised and organisational expertise deployed more effectively to where it can be most valuable, and trends, for example, common risk and issue types can be quantified in aggregate, meaning that the organisation develops a more accurate understanding of what is working and what is not, and target improvement initiatives at these highest-impact areas.
Principle 2: Structured and Comprehensive
The risk management system should be comprehensive in the sense that it accommodates the integration of all business units and projects across the organisation structure. With the organisation structure ‘federated’, risk management is made consistent across the entire organisation structure.
This structured approach to data management enables data to be aggregated and it is this aggregation-capability that forms the basis of organisation learning - of the risk intelligence system. Where data is aggregated it can be analysed. Where analysis results in deeper understanding, better projects, better operations, better objective setting and greater value for money can be achieved. The more the system is used, each day, week, month, and year, the system increases in intelligence, creating a truly learning organisation.
This approach should not imply rigidity. Any complex system must accommodate edge cases and evolution over time. Keepsite’s model permits for child business units to either inherit or customise the risk configurations / settings made by the parent organisation, thus, should there be arms of the business that require unique treatment, this can be accommodated.
One example of how Keepsite accommodates structure and consistent process while maintaining flexibility relates to the statistical normalisation of risk data for aggregation purposes. Different business units can maintain different risk matrices (a 4*4 or 5*5 likelihood / impact table, for example). Keepsite uses a mathematical technique called statistical normalisation to reduce all scores within any range to a number between 0 and 1. The result is that, with absolutely no complexity added for end users, risk information can be aggregated automatically across the entire organisation structure.
Principle 3: Customised
Customer-level customisation of the Keepsite software is provided not through modifications to the underlying code base but through a range of tools Keepsite provides for customers to configure the software to suit. This configurability enables customers to tailor the software to their preferences and risk management maturity level, making it fit-for-purpose, without the expense, complexity, and inherent fragility that come from underlying code customisation. This is a key aspect of the ‘Configurable SaaS’ model.
Principle 4: Inclusive
In the past, the vast majority of any given organisation was excluded from the risk management system. This was due in part because of the limitations of more manual spreadsheet-based risk management systems, or because risk was seen as a compliance issue, and thus the realm of specific niche job functions, or because risk management has been undertaken using sophisticated but complex mathematical techniques such as monte carlo analysis, which were the domain of trained specialists. The end result was that risk management was exclusive.
Keepsite extols the complete opposite approach. We believe that risk management is best done as a team, including everyone across the business, from entry level or temp positions to senior management. An inclusive risk management system not only makes for a more effective system, buy
Within this structure, organisations can use Keepsite as the risk management backbone and set it up and run with it as best suits them. Further, Keepsite can be plugged in to any other organisational management system so that the information can be made even more useful and put to maximum use as the organisation seeks to deliver value for its stakeholders. Over time, as the organisation evolves, so to can keepsite.
Principle 5: Dynamic
Organisations are dynamic internally and externally. Teams change as people come and go. The external environment changes with project teams, changing demands from the marketplace, and the pressures facing organisations striving to increase value for money are intense.
An effective risk management system responds to this dynamism without complexity, routing information appropriately, enabling visibility across all aspects of the business, allowing for change over time, as the volume of risks and issues rise and fall and different risk trends emerge.
This dynamism by its very nature is difficult to quantify, so you need a system that is flexible enough to accommodate almost any change or eventuality that comes your way. Keepsite is built with this specific challenge in mind.
Principle 6: Best available information
The availability of quality real time and historical risk information is perhaps the biggest challenge and opportunity for organisations preventing effective decision making and resource allocation. Real-time information is necessary to be responsive and to keep on track and deploy resources to where they can best be utilised. Historical information is essential for learning and for improving organisational performance over time. An organisation's best asset, it’s people, have generally had to rely on their own personal experience, which they apply to any current context and make the best decision they can. Where historical information is available this same individual is suddenly armed with all-of-history intelligence, so they can augment their own experience with the data to make date-informed decisions.
In time, the more structured data available within the system the more intelligent the risk system becomes, further empowering your greatest assets to make the right decision when it matters most.
Principle 7: Human and capital factors
Risk management success cannot be achieved entirely through a technology solution, of course. Culture and human factors play in to and impact everything at every step along the way. Keepsite’s approach is to provide a framework for organisations and a system that is considered, sensitive, and inclusive. We provide guidance at the point of use to help educate users at the point at which they engage with the risk management system, so that over time, a familiar and consistent way of working and managing information develops across the business.
Principle 8: Continual Improvement
With visibility across the organisation, data structured and consistent, and an ever-growing database of risk information, continual improvement is possible and can occur in a continuous and iterative manner. Keepste’s system is flexible to accommodate changes you need to make as you learn and change, or learn and improve your organisations risk management maturity.
Wrapping it up
ISO 31000 lays down worthy guidelines for building the future of risk management. Where organisations can implement a consistent risk management process and have visibility across the organisation, they empower their people to make timely, informed, impactful decisions. Further, with the structured data accumulated over time, they create a rich database of potential intelligence, which they can utilise to drive higher value-for-money for all their stakeholders.
* a state of being where one has all available information to hand to make the right decision or provide the right advice right when it is needed most.