With the adoption of the high-level structure, management systems that have already been revised and new ones have given greater importance to an aspect already inherent in previous documents: the need to Risks and opportunities aligning them with the strategic direction, that allows to reach the marked objectives.

For many companies this point can be choked in practice, so in this article I will talk about the different tools that will be adapted and useful in the different stages of risk management.

All this to facilitate the work of carrying out a correct and efficient management of the same, as well as of the opportunities, adapted to the characteristics and needs of the companies.

Overview of risk management in the company.

Tools for risk management in the companyIf we take as a reference the definition of risk adopted by management systems as the effect of uncertainty we will have a very limited vision of what it supposes for companies and their activity in the day to day. To do this, we have to extend it with the definitions of effect and uncertainty to get a complete picture.

In this way, we understand as effect any deviation from the expected, without forgetting that these different deviations can be both negative and positive.

By uncertainty we mean the state in which, because of the deficiency of available information, even partial, it does not allow us to have an understanding or knowledge of an event, its consequences or the probability of occurring over time.

At this point it is important to clarify that, although when we talk about risks we usually focus on the negative side, we must not lose sight of all those elements that allow us and provide an opportunity to improve, either in position, effectiveness or in the future in a general way .

To expand these concepts I recommend reading the article “Risks and opportunities in ISO 9001: 2015”.

ISO 31000 and risk management.

ISO 31000, Risk Management. Principles and guidelines, gives us an overview and objective of risk management so that it becomes a powerful ally in all the activities carried out by the company as these risks and opportunities are not limited to a simple process or activity.

This management system sets out in a schematic way the steps to be taken to properly manage the risks and opportunities.

In this article we are going to focus on the intermediate section of risk assessment that can be observed in the scheme included below. This is where the application of the different tools is more effective and brings greater benefits to companies to:

Evaluate, control, eliminate or assume the different risks to which it may be affected
And to benefit from the different opportunities that are presented since it will also be able to apply for the positive aspects.
For more information on risk management and ISO 31000 I recommend you read the articles “ISO 31000 or Risk Management: brief notes” and “Phases of risk management in the company”.

Infographics of risk management process according to ISO 31000

Tools in the risk identification phase.

Naturally, before beginning to properly manage the risks to which the company may be affected, we must begin by identifying them. In this way, it becomes the foundation that will mark the whole process and a mistake, for example by mistakenly considering a weakness as a risk, will make the actions taken below do not bring any benefit to the company.

In order to correctly carry out this identification work, it is necessary that all those who are involved know the definition of risk and, more importantly, that they understand it, since it will allow the search for common aspects that allow the identification of both negative and Positive, as I mentioned earlier.

To elaborate this list with the identified risks we can use different tools according to the characteristics and needs of the company, such as:

  • Brainstorming Technique of which I have spoken to you in more detail in the article “The technique Brainstorming”.
  • Delphi method
  • HACCP, most commented on in the article “The seven principles of the HACCP system”.
  • HOPP
  • Analysis of historical data
  • Modal Analysis of Failures and Effects of which I speak more in detail in the article “The technique
  • AMFE or Modal Analysis of Faults and Effects”.
  • Check list.
  • Scenario analysis.


We will explain some of these tools in more detail later.

Tools in the risk analysis phase.

Starting from the list that we obtained in the previous point, it is important to emphasize that, as a base in this stage of anáLysis we must make an identification of the controls already existing and implemented in the different processes of the company. It is important to keep in mind that we can not stay here but we must go a step further to acquire a real image of the global state and not fall into a false sense of security. First and with the bases already established, we have to estimate the impact of All risks identified and their probability taking into account the controls and combining both variables to be able to identify the level of risk. For this purpose, for example, the cause-effect tool can be used.

  • Technique Brainstorming Or brainstorming.
  • Delphi Value Method at Risk (VaR) Markov Analysis Vulnerability Assessment Business impact analysis in cases of service interruption in financial and reputational aspects.

Lastly at this stage, to evaluate the effectiveness of controls already We have established in the company we can use, for example: Bow TieACCPPLayer of Protection Analysis Technique or LOPWe will explain some of these tools a little more in detail later. Tools in the phase of risk assessment.We enter the last phase of the risk analysis in the That we have in mind all the data obtained in the two previous stages, especially in the analysis, to evaluate each one of the risks identified. For this we can use, for example: Technique Brainstorming or brainstorming Delphi method Pareto analysis, of which I have already spoken in the article “Pareto analysis as a tool for quality” .Level of risk or general view to some Of risk management tools. Throughout the article, I have been mentioning some tools that need to expand their definition a little more to gain a clearer vision of its importance and usefulness for effective risk management.

To do this, I will briefly explain four of these tools. Delphi Method The Delphi method, used in several stages of risk assessment, is based on the role of the experts and allows to obtain qualitative information about the future seeking the highest precision possible. To do this, it seeks to achieve consensus based on consultation with experts in an interactive dialogue and using questionnaires answered by each of the experts involved. It is a cyclical process that goes from a first round of questionnaires and analysis of results to a subsequent one in which a questionnaire is returned to the experts who already know the results of the previous feedback and is analyzed to return to a third round Of questionnaires and analysis, etc.Infography of the process of the method DelphiTechnica HAZOP The HAZOP technique or Functional Analysis of Operability is based on the premise that all accidents or unwanted situations occur as a consequence of a deviation of the different or one of the Variables with respect to the normal parameters of the process.

For this purpose, a “guide words” are analyzed, the causes and consequences that are produced to reach conclusions that allow to reduce these accidents. Scenario Analysis The Scenario Analysis evaluates possible future events considering a possible results and their implications . It is a prediction technique that poses possible scenarios taking into account factors of greater incidence that will possibly affect the scope of the objectives marked. Bow Tie Technique Finally, the Bow Tie technique is based on describing in a schematic way a risk and its route from the Beginning in its cause to its future consequences, carrying out in all the stages an analysis of all the relevant aspects.


Uso de cookies

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.

Aviso de cookies