Risk Management

Effective risk management involves processes being put in place to review whether risks still exist, to assess whether the likelihood and impact of risks have changed, to report significant changes which adjust risk priorities, and to deliver assurance to the organisation on effective controls (HM Treasury, 2004). The Engineering Council (2011) in ‘Guidance on Risk for the Engineering Profession’ states that organisations must “ensure that lasting systems for oversight and scrutiny are in place”. It is essential that ongoing review occurs to ensure that risks remain relevant and up-to-date (Australian and New Zealand Standards, 2004). The National Institute of Standards and Technology (2002, p. 41) states that risk monitoring must be a ‘live’ process “not because it is required by law or regulation, but because it is a good practice and supports the organisation’s business objectives or mission”.