Fundamentals for the Challenge of Controlling Risk Through Standardization

Introduction

Nowadays, digital transformation allows the reduction of risk and uncertainty associated with decision making and the choice between alternatives. However, in order to meet properly this goal, it seems to be necessary a kind of standardization or levelness on processes and management frameworks. As a consequence, controlling risk is a task that has to be consistent with organization’s values and policies. In order to manage risk, the organization’s processes have to provide tools for the identification and assessment of risks to be avoided, eliminated or controlled (BS25999-1:2006). Since risk can change with time, condition and usage, mitigation actions should be documented and monitored for a proper control. Therefore, the use of nowadays disrupted and practical technologies related to data mining and analytics is a requirement for managing risk, aligned to the overall company management process. Of course, risk management shall be proportionate to the level of risk under consideration so, every risk should not be treated in the same way (Jakoubi & Tjoa, 2009). On the contrary, it is understandable to vary risk management effort to reflect the level of risk.

As commented, risk can vary with time, boundary condition, environment, customer expectations etc. Thus, the method or models for risk management should be consistent with the organization operating experience and capability (BS25999-2:2007). In other words, it is important to manage properly the organizational knowledge, which reflects basically how the organization manages risk. Risks have to be classified and managed appropriately i.e. avoided, eliminated or controlled. Consequently, risk management includes monitoring of control or mitigation actions in order to ensure they are implemented in an effective way and in timely manner. Of course, it is clearly better to be proactive applying preventive tasks, rather than reactive. Hence, establishing the context of the risk provides alignment with asset strategy and objectives and the organizational strategic plan. Additionally, a monitoring and review process needs to be in place to ensure that the assessment process is appropriate and to create feedback if revision is required. At each stage there needs to be appropriate consultation and communication with affected stakeholders (Tjoa et Al., 2011).

In search of that purpose, this chapter analyzes the state of the art today, observing recent trends and studies regarding risk management and uncertainty control, mainly in its application to different areas or sectors. With this, it will be reviewed the concept of risk, the evolution of its management, and some application models that can be improved or complemented by the use of emerging technologies. After that, norms and standards will be indicated that aim to facilitate and / or standardize decision making, in order to achieve a better knowledge management and, consequently, risk control. Finally, possible future research lines will be discussed, together with some conclusions about the key aspects of this document.