So who MUST plan the RISK management in an organization?
"The one(s) that understand the business and the events in terms of potential lost revenue."
The team should know the full organization GRC´s issues and of course all the business products / services.
then start to identify the hazards and vulnerabilities the industry and market environment show to the organization life; each of those vulnerabilities has to be asses and prioritized before any resources allocation is made by CLASS "C". The RISKs Assestment is a key activity to mitigate, avoid or accept any of those hazards that could face our business.
So the mission critical facilities -"MCF"- (data Centres, Hospital, C4, etc.) are diverse of this? Nooop
As OPErator´s team we should identify and assest the vulnerabilities (energy, location, social, war, weather, talent,.....) continously during the MCFs life span; this will give to the organization CLASS "C" the better understanding that the conditions can change time to time arising new threats or situations that could jeopardize the MCF´s OPErational status.
As DESigners /CONstructors we have to be aware that our job is to prevent and give a warning to the OPEration staf of those issues that we know can make a future RISK issue for their OPEration.
Risk Management is a matter of organization survival, forsee those industries, market, consumer trends that will impact in a short / medium / long range frame the organization´s business is not only healthy but a issue of survival.
Or what do you think?
roberto sanchez, RCDD