• constantiaconsulting

Risk management process - Establish the context

Establishing the context defines the parameters within which risks should be identified, prioritised and managed. Some areas that can be considered in determining the context include:

  • Scope and structure of the organisation, branch function or process

  • Legal, financial, cultural, political, socio-economic and physical aspects

  • Key drivers and trends impacting the objectives of the organisation

  • Organisation’s governance structure, culture, vision, goals, objectives and strategies (whether strategic or operational)

  • Relevant internal and external stakeholders and partners

  • Current key risks for the organisation.

Relevant to establishing the context for risks is the distinction the organisation makes between different types of risk. Most organisations distinguish three types of risk:

  1. Strategic - risks that are associated with the strategic objectives of the organisation. These risks don't often change and are aligned with long term objectives

  2. Operational - risks that are related to the ongoing procedures of the organisation. They are either long or short-term risks, depending on the objectives they relate to.

  3. Project - risks that are linked to projects and programs that are managed by the organisation and are generally captured through the project management methodology used by the organisation.

When internal and external context is understood, the risk management context, or what it is that we are going to do, can then be established. The scope and boundaries of where the risk management process will be applied must be clearly defined, taking into consideration both the costs and benefits of risk management.

Key questions to ask when establishing the context may include:


  • What is the purpose/mission/objective(s) of our area?

  • What threats do you see that may affect the achievement of our area’s goals and objectives?

  • What opportunities do you see that could enhance the achievement of our area’s goals and objectives?


  • What are the strengths and weaknesses of our area (SWOT)?

  • Who are our internal and external stakeholders?

  • How is our area accountable to stakeholders?

Reviewing the sources and categories of risk may assist in establishing the context. When considering the environment in which risks will be identified, the basis from where a risk initiates is an important element in controlling and treating that risk.

63 views0 comments

Recent Posts

See All

Risk evaluation uses the information obtained during the analysis to make decisions about whether the risk is acceptable in its current state or whether further action needs to be taken to mitigate th

Risk analysis is the process of developing an understanding of each risk. This involves analysing the causes of risk, consequence and likelihood, identification of the effectiveness of existing contro

Risk identification is the first step in the risk assessment process noted in the standard for risk management (ISO 31000:2018 Risk management - Guidelines). This step seeks to proactively identify th