ISO 31000 is a set of guidelines that set out the basic principles of risk management which are applicable to any organization. Reading this article will help you understand why we adopted ISO 31000 in its 2018 revision and what benefits it brings to an organization that is about to become our partner (customer, vendor, creditor, or any other stakeholder that is involved in the values Infranet creates). This resource is not a debate on right or wrong risk management practices, but merely an explanation of a basic framework that set's out our commitment to strategically manage risk. Examples listed in this document are here merely to describe what risk management means for Infranet and its partners (stakeholders).
In order to understand the importance of ISO 31000:2018, it is important to understand what a risk is.
"Risk is an effect of uncertainty on objectives." It is important to unpack this statement so anybody can understand it by explaining what does it mean in real life by explaining these keywords:
Objective refers to any business goal or a set o goals that we want to achieve. In order to correctly define any goal it should have all of the following attributes defined:
Those goal descriptions are oftentimes described as SMART goals (combining the first letters of all goal attributes). If a goal is missing any of its attributes then it's not a goal anymore.
A good example of a clearly defined simple SMART goal definition would be:
"Infranet aims to acquire 1.100 new paying customers for its new time-tracking SaaS product TeamBench withing 12 months from its market launch by gaining 200 new customers every month, and losing 20 of paying customers each month."
Achieving a goal creates value for any organization (Infranet included). Achieving a goal as set out in the previous example obviously creates value for Infranet. After defining a goal, a question arises: How can anyone be certain that the goal will be achieved? The answer is self-evident: no one can be 100% certain. Why? Because there are risks involved. Those risks bring uncertainty to achieving a specific goal and the effect of that uncertainty can have a consequence manifesting as a hindrance to achieving that goal.
Uncertainty can have different effects on a goal or objective. Let's unpack those kinds of effect:
Uncertainty can influence the desired effect a goal should produce. Following the example mentioned above we'll mention a non-exhaustive example list of events that produce such effects that have consequences (read risks) in attaining such goal:
For the sake of this example let's assume that every customer pays a fee of 3 EUR/month for a service.Comparison of Risk 3 scenario and original objective
|New customer per month||200||600|
|Lost customers per month||20||90|
|Monthly churn %||10%||15%|
|Total customers 12-months||9.900||23.310|
|Total revenue 12-months [EUR]||29.700||69.930|
|Active customers 12th month||1.100||2.310|
|Figures in this table are listed for theoretical sake of comparison|
Comparing the original objective and Risk 3 scenario here several conclusions (listed non-exhaustively) :
At first glance the Risk 3 may seem as if Risk 3 has the following positive impacts:
However, the negative impact of risk 3 are as follows:
As a conclusion, the single distinguishing factor between the 2 scenarios is the monthly churn rate, as the major risk that will, after analysis and evaluation need to be treated. The monthly churn rate is a complex measurement and can have several sources
ISO 31000:2018 assumes several risk treatment options:
Not all risk treatment methodologies are suitable for all risks and the choice of the most suitable one depends on balancing potential benefits in relation to the achievement of objectives against cost, effort, or disadvantages of implementation. For the sake of brevity, the process of risk analysis choosing the right risk treatment options is not discussed here. If you want to know more, feel free to contact us.
Above listed risk example serves to depict the methodology of how do we approach risks in a systematic and strategic way for our product. The same methodology would apply if you were to purchase any of our products. In an example, if a customer were to implement InfraBilling or InfraRoute as a solution, we would work with them to help them assess the risks of implementation and come up with a plan on how to treat the risk prior to the implementation