top of page
Potter & Co. Operational Secuity

Operational Risk Management

ISO 31000:2009

The term Operational Risk Management (ORM) is defined as a continual cyclic process, which includes risk assessment, risk decision-making, and implementation of risk controls, which results in acceptance, mitigation, or avoidance of risk. ORM is the oversight of operational risk, including the risk of loss resulting from inadequate or failed internal processes and systems; human factors; or external events.



We break these factors down into three-part process:


A)   In Depth

In depth risk management is used before a project is implemented, when there is plenty of time to plan and prepare. Examples of in depth methods include training, drafting instructions and requirements, and acquiring personal protective equipment.


B)   Deliberate

Deliberate risk management is used at routine periods through the implementation of a project or process. Examples include quality assurance, on-the-job training, safety briefs, performance reviews, and safety checks.


C)   Time Critical

Time critical risk management is used during operational exercises or execution of tasks. It is defined as the effective use of all available resources by individuals, crews, and teams to safely and effectively accomplishes the mission or task using risk management concepts when time and resources are limited. Examples of tools used includes execution checklists and change management. This requires a high degree of situational awareness.

• Accept risk when benefits outweigh the cost

• Accept no unnecessary risk

• Anticipate and manage risk by planning

• Make risk decisions at the right level

bottom of page