Risk management in other Standards
The common theme between SOX and QMS/EMS is managing risks: financial, quality, and environmental. The last two blog's covered risk management as defined by ISO 9001/9004 quality management, and ISO 14001/14004 environmental management. Also were references to 1 ½ pages in ISO 10006 guidelines for quality management in projects. This blog reveals Risk management in other standards. Two standards on software life cycles have one page definitions of Risk Management phases:
IEEE/EIA 12207.2-1997 Software Life Cycle Processes Annex L
- Risk planning
- Risk identification
- Risk analysis
- Risk mitigation
- Risk tracking and control
And ISO/IEC 16085:2004 (Previously IEEE Std. 1540-2001) Software Life Cycle Processes—Risk Management
- Plan and implement risk management
- Manage the project risk profile
- Perform risk analysis
- Perform risk monitoring
- Perform risk treatment
- Evaluate the risk management process
The details are provided by the Project Management Institute who is the steward of the Project Management Body of Knowledge (PMBOK). Their PMBOK 2004 Third Edition has 22 pages in Chapter 11 Project Risk Management processes to manage project risk. The six processes are:
- Risk Management Planning—deciding how to approach and plan the risk management activities for a project.
- Risk Identification—determining which risks might affect the project and documenting their characteristics.
- Qualitative Risk Analysis—performing a qualitative analysis of risks and conditions to prioritize their effects on project objectives.
- Quantitative Risk Analysis—measuring the probability and consequences of risks and estimating their implications for project objectives.
- Risk Response Planning—developing procedures and techniques to enhance opportunities and reduce threats to the project’s objectives.
- Risk Monitoring and Control—monitoring residual risks, identifying new risks, executing risk reduction plans, and evaluating their effectiveness throughout the project life cycle.
These standards represent the best practices for quality / environmental mangers, and business process owners to work in the risk management processes to manage risks: financial, quality, and environmental.
