The Importance of Objectives
Shortly after the draft ISO31000 was released a worldwide group discussed some of its merits and weaknesses. One question asked was whether “objective” should be defined in the standard. As the standard defines risk as “the effect of uncertainty on objectives” this was an important question. There was a diversity of views but I suggest that anyone who has done some management training would have come across SMART objectives (Specific, Measurable, Attainable, Relevant and Time Bound). Given this wide spread understanding I am not sure objective needs to be defined in the standard.
What is often less clear is how objectives should be developed. Within an organisation there will be visions and goals which are overarching. How to achieve these will be through various plans (strategic, business, programme, project etc). Each of these plans should have objectives. Each subordinate (supporting) plan should reflect the objectives of the higher plan but will be more specific.
It follows that within an organisation there will be objectives that managers are setting out to achieve at many levels.
So, what are the risks of achieving these objectives? Risk management should be undertaken by the team responsible for achieving a particular objective(s). They are best placed to identify the risks (and opportunities) that could affect their objectives. They can also analyse the level of risk in terms of impact on the objective(s) which can help prioritise treatment actions. (Our Objectives and their role in risk management brochure includes an example.)
In order to undertake a risk workshop, the objectives need to be clearly described at the outset (so the impact of a risk on the objectives can be assessed). However, it is quite usual for objectives to be refined during a risk workshop which is a beneficial by-product of the risk management process.