Management of Risk, M_o_R ® is a structured framework and process for taking informed decisions about the risks that affect an organization, at strategic, program, project or operational level.
Business managers, risk management officers, CIO, information security officer, program and project managers
M_o_R® was first published in 2002; its current version is the Third Edition (2010). The approach was originally designed for use by the UK Government and is owned by the Cabinet Office. It is now used in the public and private sectors alike.
Management of Risk is of enterprise-wide importance, and can be applied to the three core elements of a business:
- Strategic – business direction
- Change – turning strategy into action, including program, project and change management
- Operational – day-to-day operation and support of the business
In this way, the strategy for managing risk should be managed from the top of the organization while being embedded into the normal working routines and activities of the organization.
There are eight principles, which are consistent with corporate governance principles and the international standard for risk management ISO 31000: 2009. The principles are: Aligns with objectives; Fits the context; Engages stakeholders; Provides clear guidance; Informs decision-making; Facilitates continual improvement; Creates a supportive culture; Achieves measurable value.
An overall strategic framework, including a policy document, is also of key importance. It needs to include the following elements: risk identification; risk evaluation; setting acceptable levels of risk; identifying suitable responses to risks; risk ownership; implementing responses to risks; gaining assurance about the effectiveness of the responses; embedding, reporting and review.
Once a framework is in place, a common approach can be used across the business, bringing together disparate risk disciplines and functions into a consolidated and consistent approach.
Scope and constraints
M_o_R is appropriate for any type of organization regardless of its size, complexity, location, or sector.
- Improved corporate decision making through the effective communication of risk exposure throughout the organization;
- An open and supportive approach to the identification, analysis and communication of risk;
- Better awareness in all personnel of the cost and benefit implications of their actions.
In practice, it is often difficult to ensure that all risk related disciplines and resulting work are captured within a consolidated view of risk, as there can be a tendency to work in segregated functional areas – especially in larger organizations.
Want to know more?
Title: Risicomanagement op basis van M_o_R® en NEN/ISO 31000 (dutch version)
Authors: Douwe Brolsma & Mark Kouwenhoven
Price: 22,50 euro
Order here your copy or view the sample file on our website