Managing Cyber Crime Risk

By QRMC / Posted on May 21, 2019

Everyone knows that cyber crime is a serious and growing problem. We hear of incidents regularly in the news, in which data and systems have been irretrievably damaged or private information stolen. The theft and sale or ransom of information, the opening of security loopholes and installation of destructive malware etc. all result in enormous […]

Risks and Opportunities

By QRMC / Posted on December 11, 2018

Historically the word Risk has been associated with the negative – ‘what could go wrong.’ The very definition of risk within ISO 31000:2018 Risk Management, as the ‘effect of uncertainty on objectives,’ is inherently negative with uncertainty not generally being associated with positive connotations or outcomes. However, in the new suite of ISO standards using […]

Reputational risk from supply chains

By QRMC / Posted on October 23, 2018

How many times have we heard Apple come under fire because of terrible employee health and safety practices at supplier factories in China? Or clothing brands held responsible for awful working conditions in India and Bangladesh, or sporting goods manufacturers accused of fostering child labour? Ignorance of poor practices in the supply chain is never […]

ISO 31000 – what were the effects of the 2018 revision?

By QRMC / Posted on August 7, 2018

The 2018 revision of the overarching industry best-practice standard ISO 31000 Risk Management should prompt healthy discussion. While the definition of risk – the “effect of uncertainty on objectives” – remains constant (with risk generally expressed in terms of risk sources, their consequences and their likelihood), the focus of the revised Standard is on tailoring […]

Planning to Manage Threats and Opportunities

By QRMC / Posted on July 17, 2018

The current suite of Industry Standards all include discussion of planning for improvement – whether in the realm of Quality, WHS, Environmental Management, Business Continuity or Information Security Management. To paraphrase ISO 9001, ISO 14001, AS/NZS 4801, ISO 27001 and ISO 22301, the organisation shall identify their risks / hazards / aspects / impacts, including […]

Managing Cyber Crime Risk

By QRMC / Posted on June 19, 2018

Cyber crime and the consequent need for cyber security is a business risk that’s here to stay. It’s not only a technology arms race, with security patches and protective software racing to keep up with the hackers’ latest tricks; it’s also a fundamentally human problem, in which the weakest link of an untrained or unwary […]

ISO 31000:2018 Risk Management – what’s different?

By QRMC / Posted on April 10, 2018

The international standard ISO 31000 Risk Management – Guidelines was first released in 2009, and in Australia the standard soon replaced the local AS 4360. Over the past few years ISO 31000 has undergone its first review, and the revised standard was released in February 2018. The focus of the review was to make the standard […]

Risks from Reporting and Decision-Making Disconnect

By QRMC / Posted on November 14, 2017

Most people have probably heard the phrase “garbage in, garbage out”. This concept holds true in any number of areas, and certainly in the field of risk management. No organisation can properly identify or manage its risks if the data input into the risk management process is deficient. Similarly, it’s impossible to identify or manage […]

Managing Supply Chain Risk

By QRMC / Posted on October 10, 2017

The increasingly complex and often global nature of modern day supply chains exposes organisations to a range of risks. What generally used to be only a business continuity risk from possible supply chain interruptions, has evolved with the potential to raise safety, legal or reputational risks as well. This requires the procurement function to take […]

‘Digging trenches’ in Management Systems

By QRMC / Posted on July 18, 2017

Trench warfare, especially from WWI, involved a harsh and unforgiving environment where often the lives of troops depended on the location and quality of the trench they happened to be in. There are some interesting parallels between trench warfare and the implementation of management systems. During the height of WWI, the average soldier was less […]