As part of ISO 31000, leadership need to demonstrate an understanding of the organisation and its context in regards to internal and external influences.
Being able to demonstrate the context of the organisation helps a business to properly align its risk management strategy with its overall risk appetite and risk tolerance in order to gain a competitive edge without compromising business continuity.
Considering PESTLE – Your External Contributors To Risk
Common factors to consider when understanding your organisation’s context in relation to external factors can be assessed using the PESTLE acronym:
There are, of course, further factors which will influence the risk elements of an organisation, but it is these which are key to understand for any business.
With each element of the PESTLE acronym, it is important to consider: trends, external stakeholder relationships or impact, drivers affecting the organisation’s objectives, and contractual relationships and agreements.
Assessment Of Internal Context
Understanding the internal context could include the mission, vision, values and the alignment of strategic goals and objectives; standards or regulations adopted by the organisation (which are not required by legislation – that falls under external); and impact of resource.
Internal context can also cover:
- Complexity of networks
- Knowledge resource, sharing, and management
- Contractual agreements and internal dependencies, and
- Information systems including technological resource or reliance
The Role Of Leadership In Understanding The Context
When leaders have recognised the influence of external and internal factors which may impact on risk, it is up to them to use this information – the context of the organisation – to assess the severity and likelihood of risks posed within these parameters.
As part of the risk management strategy, once the context is defined it is helpful to the progress of an organisation adhering to an ISO 31000 framework to communicate definitions and understanding to key stakeholders.
Next in the series: Clauses 5.4, 5.5, and 5.6 – Implementation, Evaluation, and Improvement