- Assist with your "day to day" operations -


"Day to Day" Operations Management

By detailing what is required from your operations to achieve your overall business objectives, you will keep your business focused on the day to day events that are necessary to keep your business going. 

That includes your equipment and facilities management and cost; maintenance management and cost; labor force (number of people required for the production and sales goals); the budgets for each of the operations line items; and the planned operating profit margin for each product. 

Your operating function is the core of your business and it's extremely important to manage it effectively, while integrating the other business functions into your planning. 

Business Operations Management Tools and Techniques

  • Describe how your product is made or how your service is provided.
  • Provide information on costs to produce (or service cost) by item and project those costs to align with sales plan projections.

Identify your labor force requirements (by department) - actual and projected based on sales projections. Also include training and development required to meet your operation's need. Include wages and benefits paid (and future employee compensation costs, e.g. wage increases, benefits increases, insurance increases), employee policies and practices for full time, part time and contract personnel.   

Your Business Operations and Workflow 

Make sure during your planning process that you consider operation or production constraints. Where is the bottleneck in your operation? Understand what slows your process down; then manage those constraints. 

- auditing -


  • API 6 Spec. for Pipeline / Piping Valves
  • API 7 Spec. for Rotary Drill Stem Elements
  • API 8 Spec. for Drilling Production Equipment
  • API Q1 Spec. for Quality Management System requirements for Mfg. organizations for Petroleum / Natural Gas industry
  • API Q2 Spec. for Quality Management System requirements for service supply organizations for Petroleum / Natural Gas industry
  • AS9000 Aerospace Basic Quality Management System
  • AS9110 Aviation Quality Systems for QA in Design, Development, Production, Installing and Servicing
  • AS9120 Quality Management System for Aviation, Space / Defense Distributors
  • ISO 19011:2015 Auditing Management Systems
  • ISO 9001:2015 Quality Management Systems
  • ISO 9001:2015 Gap Analysis Audits
  • ISO 9001:2015 Internal Audits
  • Business Management System Gap Analysis Audits 
  • Company and Supplier Process 
  • Conformity Audits 
  • Customer requested Business Management System Audits 
  • Layered Process Audits
  • Operational Internal System Audits
  • Process Audits
  • Process Waste Audits
  • Product Audits
  • Quality Management System
  • Service Process Audits
  • Site Audits
  • Supply Chain Management

- Business Analysis -


Business analysis is a research discipline of identifying your business needs and determining solutions to your business problems. Solutions consist of your process improvement, organizational change or strategic planning and policy development.  

Eight steps for business analysis: 

  1. Getting oriented: Understanding your existing systems and business processes so you have a reasonably clear picture of the current state that needs to change.
  2. Discover the primary business objectives: Uncovering and getting agreement on your business needs early in a project and before scope is defined is the quickest path forward to a successful project.
  3. Defining the Scope: A clear and complete statement of your scope provides your project team the go-forward concept to realize your business needs. Your cope makes your business needs tangible in such a way that multiple project team participants can envision their contribution to the project and the implementation. 
  4. Formulate the business analysis plan: Your business analysis plan will bring clarity to your business analysis process that will be used to successfully define the detailed requirements for this project. Your business analysis plan is going to answer many questions for you and your project team.
  5. Define detailed requirements: Your detailed requirements provide your implementation team with the information they need to implement the solution. They make scope implementable. Without clear, concise, and actionable detailed requirements, implementation teams often flounder and fail to connect the dots in such a way that delivers on your original business case for the project.
  6. Support the implementation: During the implementation, there are many worthwhile support tasks for you to engage in that will help drive the success of the project and ensure your business objectives are met.
  7. Help your business implement the solution: Your team can deliver a beautiful shiny new solution that theoretically meets your business objectives, but if your business users don’t use it as intended and go back to business-as-usual, your project won’t have delivered on the original objective.
  8. Monitor and assess valued creation by the solution: A lot happens throughout the course of a project. Your business outcomes are discussed. Details are worked through. Problems, big and small, are solved. Relationships are built.

- Contingency planning -


Contingency planning is developing responses in advance for various situations that might impact your business. Although negative events probably come to mind first, a good contingency plan should also address positive events that might disrupt operations - such as a very large order.

The Importance of Contingency Planning

Your business has the possibility of a situation that adversely impacts operations. If the response to the situation is poor, it might have a dramatic impact on the future of the business, such as loss of customers, loss of data, or even the loss of your business. 

A good contingency plan should include any event that might disrupt operations. 

Here are some specific areas to include in the plan: 

  • Natural disasters, such as hurricanes, fires, and  earthquakes 
  • Crises, such as threatening employees or customers,  on-the-job injuries, and worksite accidents 
  • Personnel, such as death of a senior manager, or union  members going on strike 
  • Data loss, such as loss due to natural disasters,  sabotage, or other criminal action (such as an attack on a website) 
  • Mismanagement, such as theft, neglect of critical duties, or accidental destruction 
  • Product issues, such as a huge order that requires reallocation of plant resources, or a product recall 

Seven steps of a Risk Management Process

  1. Identification of your risk(s): Increase the acceptance of the program as everyone is given a chance to document all things that might go wrong.
  2. Analysis of your risk(s): Developing context information for each risk such as moment of risk.
  3. What is the probability and impact of your risk(s): Asses the probability and impact of each risk.
  4. Risk mitigation: Planning a treatment for each risk such as acceptance, mitigation, transfer, sharing or avoidance.
  5. What is the residual risk(s): Assess residual risk including secondary risks that result from risk mitigation, transfer and sharing.
  6. Risk(s) control: Implement identified controls of risk mitigation, sharing, avoidance and transfer.
  7. Monitor and review: Continuously identify new risks as things progress, monitor implementation of controls and communicate risks to stockholders.

- cost of quality (coq) -


Cost of quality (COQ) is defined as a methodology that allows your organization to determine the extent to which its resources are used for activities that prevent poor quality, that appraise the quality of your organization’s products or services, and that result from internal and external failures.

Having such information allows your organization to determine the potential savings to be gained by implementing process improvements.

The COQ categories are:

Appraisal costs: Are costs incurred to determine the degree of conformance to your quality requirements. Appraisal costs are associated with measuring and monitoring activities related to quality. These costs are associated with the suppliers’ and customers’ evaluation of purchased materials, processes, products, and services to ensure that they conform to specifications. 

Appraisal costs could include:

  • Verification: Checking of incoming material, process setup, and products against agreed specifications
  • Quality audits: Confirmation that your quality system is functioning correctly
  • Supplier rating: Assessment and approval of suppliers of products and services.

Internal failure costs:  Internal failure costs are incurred to remedy defects discovered before your product or service is delivered to the customer. These costs occur when the results of work fail to reach design quality standards and are detected before they are transferred to your customer. 

Internal failure costs could include:

  • Waste: Performance of your unnecessary work or holding of stock as a result of errors, poor organization, or communication
  • Scrap: Defective product or material that cannot be repaired, used, or sold
  • Rework or rectification: Correction of defective material or errors
  • Failure analysis: Activity required to establish the causes of internal product or service failure

External failure costs:  External failure costs are incurred to remedy defects discovered by your customers. These costs occur when your products or services that fail to reach design quality standards are not detected until after transfer to your customer. 

External failure costs could include:

  • Repairs and servicing: Of both returned products and those in the field
  • Warranty claims: Failed products that are replaced or services that are re-performed under  your guarantee or warranty.
  • Complaints: All work and costs associated with handling and servicing your customers’ complaints 
  • Returns: Handling and investigation of your rejected or recalled products, including transport costs 

Prevention costs: Prevention costs are incurred to prevent or avoid your quality problems. These costs are associated with the design, implementation, and maintenance of your quality management system. They are planned and incurred before actual operation.

Prevention costs could include:

  • Product or service requirements: Establishment of specifications for your incoming materials, processes, finished products, and services
  • Quality planning: Creation of your plans for quality, reliability, operations, production, and inspection
  • Quality assurance: Creation and your maintenance of the quality system
  • Training: Development, preparation, and maintenance of yprograms

Cost of Quality and organizational objectives:

The costs of doing a quality job, conducting your quality improvements, and achieving goals must be carefully managed so that the long-term effect of quality on the organization is a desirable one. 

These costs must be a true measure of your quality effort, and they are best determined from an analysis of the costs of quality. Such an analysis provides a method of assessing the effectiveness of the management of quality and a means of determining problem areas, opportunities, savings, and action priorities.

Cost of quality is also an important communication tool. Demonstrating what a powerful tool it could be to raise awareness of the importance of quality. Referred to the measure as the "price of nonconformance" and argued that organizations choose to pay for poor quality. 

Many organizations will have true quality-related costs as high as 15-20% of sales revenue, some going as high as 40% of total operations. A general rule of thumb is that costs of poor quality in a thriving company will be about 10-15% of operations. 

Effective quality improvement programs can reduce this substantially, thus making a direct contribution to profits. 

The quality cost system, once established, should become dynamic and have a positive impact on the achievement of the organization’s mission, goals, and objectives.

- customer retention program -


What's better than acquiring one new customer?

It's a Customer Retention Program!

While there's a certain allure that comes with capturing your new customers, keeping your customers coming back will continually result in a greater ROI and  it costs 5 – 25 less money to retain an existing customer than obtain a new customer. 

Client Retention Program Ideas

  • Onboarding program:  Onboarding is a customer success function that teaches new customers how to use your product or service. Rather than learning by themselves, customers are taught by a company representative who personalizes the training according to their needs. This way, customers not only save time but also understand how the product can help them achieve goals. 
  • Customer feedback loop: It's hard to improve your business if you don't know how your customers feel about it. You need a process for obtaining customer feedback and sharing that information with the rest of your organization. This is where a customer feedback loop provides a system for collecting, analyzing, and distributing customer reviews and surveys. 
  • Communication calendar: Even if your customers aren't reaching out with feedback, your team should be proactive with its communication. If customers haven't interacted with your brand for a while, you should reach out to them and re-establish your relationship. Consider adopting a communication calendar to manage customer engagements and create opportunities to upsell and cross-sell.  
  • Customer loyalty program: While it's important to focus on customers who are at risk of churn, you can't forget about your loyal customers as well. After all, what will these customers think if they see you putting all this effort in for users who don't love your brand? It doesn't seem too fair, does it? A customer loyalty program can reward customers for their continued loyalty. 
  • Customer advisory board: Your most loyal customers are also your most valuable ones. Not just because of the money they spend, but also for the information they provide. They tell you why they love your brand so much and make suggestions as to where you can improve it. Creating a panel of these customers can help you fine-tune products and services at your business.
  • Corporate social responsibility program: Your company is more than just a product or service. Customers look at everything your business buys, sells and advertises to its target audience. If they sense any inconsistency between your brand's messaging and its actions, they'll be quick to recognize your ingenuity. Instead, it's important to get involved with your customers beyond product and services. 
  • Company newsletter: A company newsletter is a simple and cost-effective way of retaining customers. You can use email automation to send updates or offers to all of your customers at once. And, you can send the email using an RSS feed on a designated frequency, so you don't have to manually update the content or remember to click "send." Even though its simple, newsletters remind customers of your brand every time they open their inbox. 
  • Customer education program: A customer education program demonstrates a long-term investment in your customer base. Under this initiative, your business creates a variety of customer self-services tools like a knowledge base and a community forum. Then, customers use these features to locate solutions to service problems before reaching out to your support team. 

Excellent customer retention strategies that work:

  • Adopt customer service tools
  • Inspire with mission
  • Empower customers with convenience
  • Leverage personalization
  • Speak to customers
  • Use gamification and referral programs
  • Create a divide between you and your competitors
  • Use subscriptions to bolster the customer experience
  • Use experiences to elicit positive feelings
  • Capital on social proof
  • Educate tour customers
  • Surprise and delight your customers
  • Offer support on the right platforms
  • Always thank your customers
  • Apologize when you make mistake

It costs your company 5 – 25 less  to retain an existing customer than obtain a new customer.

- Documentation development -


Information that describes the product to its users. It consists of the product technical manuals and online information (including online versions of the technical manuals and help facility descriptions).

  • Analytical Reports
  • Business Plans 
  • Check Sheets
  • Company and Customer Quality Plans 
  • Functional Requirements Documents
  • Informational Reports
  • Manuals 
  • Quality Committee Format
  • Procedures 
  • Scope Diagrams
  • Standard Operating Procedures (SOP) / Work Instructions 
  • Special Technical Reports
  • Supplier Business / Quality Manual
  • Supplier Certification Manual
  • System Documentation
  • Transactional Documentation
  • Various types of Forms and Manuals
  • Much more ….

- Manage your "special projects" -


Special Projects are duties performing with a high degree of independence, initiative and judgment. 

Benefits of BMS managing your special projects for you:

  • Better Efficiency in Delivering Services
    • Provides a “roadmap" that is easily followed and leads to project completion. Once you know where to avoid the bumps and potholes, it stands to reason that you’re going to be working smarter and not harder and longer.
  • Improved / Increased / Enhanced Customer Satisfaction
    • Whenever you get a project done on time and under budget, the client walks away happy. And a happy client is one you’ll see again. Smart special project management provides the tools that enable this client/manager relationship to continue.
  • Enhanced Effectiveness in Delivering Services
    • The same strategies that allowed you to successfully complete one project will serve you many times over.
  • Improved Growth / Development Within your Team
    • Positive results not only command respect but more often than not inspire your team to continue to look for ways to perform more efficiently.
  • Greater Standing and Competitive Edge
    • This is not only a good benefit of special project management within the workplace but outside of it as well; word travels fast and there is nothing like superior performance to secure your place in the marketplace.
  • Opportunities to Expand your Services
    • A by-product of greater standing. Great performance leads to more opportunities to succeed.
  • Better Flexibility
    • Perhaps one of the greatest benefits of special project management is that it allows for flexibility. Allows you to map out the strategy you want to take see your project completed. But the beauty of such organization is that if you discover a smarter direction to take, you can take it. For many small-to-midsize companies, this alone is worth the price of admission.
  • Increased Risk Assessment
    • When all the players are lined up and your strategy is in place potential risks will jump out and slap you in the face. And that’s the way it should be. Provides a red flag at the right time: before you start working on project completion.
  • Increase in Quality
    • Goes hand-in-hand with enhanced effectiveness.
  • Increase in Quantity
    • An increase in quantity is often the result of better efficiency, a simple reminder regarding the benefits of special project management.

- Management System Analysis, Development & Implementation -


  • 6S Program 
  • API 6 Spec. for Pipeline / Piping Valves
  • API 7 Spec. for Rotary Drill Stem Elements
  • API 8 Spec. for Drilling Production Equipment
  • API Q1 Spec. for Quality Management System requirements for Mfg. organizations for Petroleum / Natural Gas industry
  • API Q2 Spec. for Quality Management System requirements for service supply organizations for Petroleum / Natural Gas industry
  • AS9000 Aerospace Basic Quality Management System
  • AS9110 Aviation Quality Systems for QA in Design, Development, Production, Installing and Servicing
  • AS9120 Quality Management System for Aviation, Space / Defense Distributors
  • ISO 19001:2015 Auditing Management Systems
  • ISO 9001:2015 Quality Management Systems
  • ISO 9001:2015 Internal Auditor Training
  • ISO 9001:2015 Introduction Training
  • ISO 9001:2015 Management Training
  • Auditing (numerous)
  • Basic or advanced Business / Quality Management System Training
  • Business Management System
  • Business / Quality Management System Overview and Training
  • CA/PA
  • CA/RA
  • Calibration / Metrology System
  • Certified Employee Training Program
  • Company Contingency Planning 
  • Continuous Improvement
  • Cost of Quality
  • Customer Loyalty Program
  • Customer Retention Program
  • Customer Satisfaction Program
  • Documented Business Management System
  • Employee Training and Competency Program
  • Internal Auditor Program
  • Kaizen Events / Process Mapping 
  • Kanban 
  • Lean Manufacturing / Process
  • Management Contingency Planning
  • Management Review Program
  • Manufacturing Excellence
  • Mistake Proofing 
  • Nonconforming Material Program
  • Organizational Excellence
  • Predictive Maintenance
  • Preventative Maintenance Program 
  • Process Controls
  • Process Waste Identification and Reduction 
  • Product and Service Traceability
  • Quality Committee
  • Quality Management System
  • Quality Tools
  • Risk Based Thinking
  • Root Cause Analysis 
  • Service Excellence
  • Supplier Certification Program
  • Supplier Contingency Planning 
  • Supplier Evaluation Program
  • Supplier Performance Management
  • Supply Chain Management
  • Voice of the Customer Program
  • Much more…

- operational excellence -


Operational excellence is a philosophy of your workplace where problem-solving, teamwork, and leadership results in the ongoing improvement in your organization or company. The process involves focusing on your customer’s needs, expectations, keeping employees positive and empowered, and continually improving the current activities in the workplace. 

Ten core principles for achieving Operational Excellence

  1. Respect every individual: However, it’s not enough to have respect for others; you must demonstrate this respect to them as well. One of the best ways to demonstrate respect for your employees is by involving them in any necessary improvements to their department. This will help them feel more empowered and motivated to contribute to the changes in a positive way. Create a culture that engages every employee, from CEO to shop-floor staff.
  2. Lead by humility: Leaders should always exercise humility. After all, the best improvements happen people can acknowledge their shortcomings and look for a better solution. Humility involves a willingness to listen and take suggestions from everyone, regardless of that person’s position or status within the company.
  3. Seek perfection: This step in the model is often met with resistance as most people are quick to point out that perfection isn’t possible. While perfection may feel unattainable that doesn’t mean you can’t strive for it anyway. By setting the bar high, you create a different mindset within your organization. When confronted with a problem, try to look for long-term solutions and always try to simplify your work without compromising the quality of the outcome.
  4. Embrace scientific thinking: Innovation comes from constant experimentation and learning. Hence, it’s always useful to know what works and what doesn’t. By systematically exploring new ideas you can encourage employees to do the same without fear of failure.
  5. Focus on the process: When things go wrong, there is a tendency to want to blame other people. In a lot of cases, however, problem is rooted in the process, not the person. This is because even great employees can’t consistently produce ideal results with a bad process. When a mistake occurs, rather than immediately pointing fingers at the employees involved, assess what part of the process the error occurred in. Once you have done this you can make adjustments to try to achieve the results you want.
  6. Assure quality at the source: High quality can only be achieved once every part of the process is done correctly. It can be helpful to organize work areas in a way that will allow potential problems to become visible right away. When a mistake does occur, stop working immediately to correct the mistake before continuing.
  7. Flow and pull value: The object of every organization is to provide maximum value to its customers. Because of this, organizations should ensure that the process and workflow  are continuous because interruptions create waste and inefficiencies. It is also important to evaluate customer demands to ensure that your organization is only meeting those demands and not creating more than what is necessary.
  8. Think systematically: In a system, there are many different interconnected parts that work together. It is important to understand the relationship between each of these parts because it will help you make better decisions. You should avoid taking on a narrow vision of your organization and get rid of any barriers that interrupt the flow of ideas and information.
  9. Create constancy of purpose: Employees should be informed of the goals and mission statement of the organization from day one. This shouldn’t just stop after day one, however. You should continue to emphasize these goals and principles every day going forward. Every employee should have an unwavering certainty of why the organization exists, where it’s going, and how it will get there. Knowing this will help them align their own actions and goals with those of the company.
  10. Create value for the customer: To create value for the customer you have to understand what the customer needs. The value is simply what that person is willing to pay for. Organizations must continue to work to understand the needs and expectations of their customers. An organization that stops delivering value to the customer is not sustainable over time.

Top three Operational Excellence Methodologies: 

Through operational excellence, an organization can improve its company culture and performance, which leads to long-term sustainable growth. Your business should consider looking past the traditional one-time event and move toward a more long-term system for change. Over the years, numerous methodologies have been introduced to the mainstream business culture as a method of achieving operational excellence.

  • Lean manufacturing / processes includes but not limited to:
    • Overproduction
    • Waiting
    • Transport
    • Motion
    • Over-processing
    • Inventory
    • Defects
  • Six Sigma: Reduce variation
    • Define
    • Measure
    • Analysis
    • Improvement
    • Control
  • Kaizen:  Means continuous improvement 
    • Identify an opportunity
    • Analyze the process
    • Develop an optimal solution
    • Implement the solution
    • Study the results
    • Standardize the solution
    • Plan for the future

- project management (pm) -


Project management is one of the most critical components of your successful business. It affects revenues and liabilities, and it ultimately interacts with your customer or client satisfaction and retention. Your company might have only one project in the works at a time, while other larger corporations and entities might juggle several projects at once. By their very nature, projects are temporary.

Project Management is temporary in that it has a defined beginning and end in time, and therefore defined scope and resources.

Project Management is unique in that it is not a routine operation, but a specific set of operations designed to accomplish a singular goal. So, a project team often includes people who don’t usually work together – sometimes from different organizations and across multiple geographies.

Project Management processes fall into five groups:

  1. Initiating
  2. Planning
  3. Executing
  4. Monitoring and controlling
  5. Closing

Project Management knowledge draws on ten areas

  1. Integration
  2. Scope
  3. Time
  4. Cost
  5. Quality
  6. Procurement
  7. Human resources
  8. Communications
  9. Risk mitigation
  10. Stockholder management

- Provide management and employee training -


Implement a Competency Based Training Programs critical to your business or organization. Training is the easy part, however being curtain that managers and employees are trained and are competent to perform their requires tasks is the “key” to success.  Implemented effectively, competency-based education can improve quality and consistency, reduce costs, shorten the time required to complete, and provide you with true measures of employee learning.  Implement a Competency Based Training Programs critical to any business or organization: 

So how can you implement a competency-based training program? 

Follow these four basic rules:  

  1. Measure employee learning rather than time
  2. Harness the power of technology for teaching and learning
  3. Shift the focus from Trainer to the Trainee
  4. Align competencies with assessments

The Competency Based Training Program could include:

  • Business Assessments and Surveys
  • Business Management System
  • Coaching
  • Change Management
  • Crisis Management
  • Culture Change
  • Customer Experience
  • Customer Requirements
  • Effective Meeting Skills
  • Employee Engagement
  • Goal Deployment
  • Leadership
  • Policy and procedures
  • Pre-Supervisor Training
  • Stress Management
  • Supply Chain Management
  • Strategic Planning
  • Time Management
  • Quality Management
  • And more....

- Source inspections -


A business / quality source inspection in which your buyer or customer required the business / quality verification before your product or service received.
Source Inspections include but not limited to...

  • Complete Assembly Source Inspections
  • Complete Service Source Inspections
  • Customer specified Source Inspections
  • Documentation Source Inspections
  • Fabrication Source Inspections
  • Purchased Product Source Inspections
  • Shipping Source Inspections
  • Sub Assembly Source Inspections
  • Supplier Source Inspections

- supply chain management (SCM) -


Supply chain management (SCM) is the management of the flow of goods and services which includes all processes that transform raw materials into final products. It involves the active streamlining of a business's supply-side activities to maximize customer value and gain a competitive advantage in the marketplace.

SCM represents an effort by suppliers to develop and implement supply chains that are as efficient and economical as possible. Supply chains cover everything from production to product development to the information systems needed to direct these undertakings.

How Supply Chain Management Works Typically, SCM attempts to centrally control or link the production, shipment, and distribution of a product. By managing the supply chain, companies are able to cut excess costs and deliver products to the consumer faster. This is done by keeping tighter control of internal inventories, internal production, distribution, sales, and the inventories of company suppliers.

Supply Chain Management coordinates the logistics of all aspects of the supply chain which consists of five parts:

  1. The plan or strategy
  2. The source (of raw materials or services)
  3. Manufacturing (focused on productivity and efficiency)
  4. Delivery and logistics
  5. The return system (for defective or unwanted products)

Seven principles of Supply Chain Management

  1. Adapt supply chain based on service needs of each customer segment
  2. Customize logistics network for each segment
  3. Align demand planning across the supply chain
  4. Outsource strategically
  5. Differentiate product closer to customer
  6. Develop information technology that support multi-level decision making
  7. Adopt both service and financial metrics

The basics of Supply Chain Management Processes

There are key supply chain processes that you must take into consideration to effectively understand and manage them. These processes are all at play regardless of the type of supply chain you’re using.

  • Customer relationship management (CRM)
  • Customer service management
  • Demand management
  • Product development
  • Supplier relationship management
  • Order fulfilment
  • Returns management

- risk management -


Risk management is the identification, evaluation, and prioritization of risks as the effect of uncertainty on objectives followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

Risks can come from various sources including:

  • Financial markets
  • Threats from project failures  
  • Legal liabilities
  • Accidents
  • Natural causes and disasters
  • Deliberate attack from adversary
  • Events of uncertain
  • Unpredictable root cause

In ideal risk management, a prioritization process is followed whereby the risks with the greatest loss (or impact) and the greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled in descending order. In practice the process of assessing overall risk can be difficult, and balancing resources used to mitigate between risks with a high probability of occurrence but lower loss versus a risk with high loss but lower probability of occurrence can often be mishandled. 

Processes of Risk Management

  • Method
    • Identify the threats
    • Assess the vulnerability of critical assets to specific threats
    • Determine the risks- Identify ways to reduce or eliminate those risks
    • Prioritize risk reduction or elimination measures
  • Principles
    • Create value
    • Be an integral part of organizational processes
    • Be part of the decision-making process
    • Explicitly address uncertainty and assumptions
    • Be a systematic and structured process
    • Be based on the best available information
    • Be tailorable
    • Take human factors into account
    • Be transparent and inclusive
    • Be dynamic, iterative and responsive to change
    • Be capable of continual improvement and enhancement
    • Be continually or periodically re-assessed
  • Establish the context
    • Observing the context
    • Defining a framework for activities and an agenda for identification
    • Developing an analysis of risks involved in the process
    • Mitigation or solution of risks using available technological, human and organizational resources
  • Identification
    • Source analysis
    • Problem analysis
    • Objectives-based risk identification
    • Scenario-based risk identification
    • Common-risk checking
    • Risk charting
  • Assessment
    • Assess as to potential severity of impact
    • Negative impact, such as loss or damage
  • Potential risk treatments
    • Avoidance 
    • Reduction 
    • Sharing 
    • Retention

    Risk management planning

    Select appropriate controls or countermeasures to mitigate each risk. Risk mitigation needs to be approved by the appropriate level of management. For instance, a risk concerning the image of the organization should have top management decision behind it whereas IT management would have the authority to decide on computer virus risks.
    The risk management plan should propose applicable and effective security controls for managing the risks. For example, an observed high risk of computer viruses could be mitigated by acquiring and implementing antivirus software. A good risk management plan should contain a schedule for control implementation and responsible persons for those actions.


    Implementation follows all of the planned methods for mitigating the effect of the risks. Purchase insurance policies for the risks that it has been decided to transferred to an insurer, avoid all risks that can be avoided without sacrificing the entity's goals, reduce others, and retain the rest.

    ·Review and evaluation of the plan

    Initial risk management plans will never be perfect. Practice, experience, and actual loss results will necessitate changes in the plan and contribute information to allow possible different decisions to be made in dealing with the risks being faced.Risk analysis results and management plans should be updated periodically.

    There are two primary reasons for this:

  • Evaluate whether previously selected security controls are still applicable and effective
  • Evaluate the possible risk level changes in your business environment