Welcome!

Welcome!
Please keep visiting this blog and keep commenting too. Please make your reactions to the posts. Experts and authors are invited to share their articles/views. Suggestions for improvement are invited.
Thanks,
Keshav Ram Singhal


Wednesday, February 3, 2016

डेल्फी विधि (Delphi Method) - जोखिम प्रबंधन के लिए एक उपकरण (A tool for Risk Management)


डेल्फी विधि (Delphi Method) - जोखिम प्रबंधन के लिए एक उपकरण (A tool for Risk Management)

आईएसओ 9001:2015 गुणवत्ता प्रबंधन प्रणाली में एक महत्वपूर्ण परिवर्तन जोखिम पर विचार करने के लिए एक व्यवस्थित दृष्टिकोण को गुणवत्ता प्रबंधन प्रणाली का एक अभिन्न अंग के रूप में स्थापित करने के लिए है, बजाय 'रोकथाम' (Prevention) को एक अलग अपेक्षा के रूप में।

जब मात्रात्मक डेटा (Quantitative data) उपलब्ध नहीं होता हैं या जब कोई संस्था भविष्य में एक प्रमुख संरचनात्मक बदलाव करने की कोशिश करती हैं, तो अक्सर निर्णय में संलग्न लोग पूर्वानुमान (forecasts) के लिए उन लोगों पर भरोसा करते हैं, जो उस क्षेत्र से होते हैं, उन स्थितियों से अच्छी तरह से वाकिफ और जानकार होते हैं। 'डेल्फी विधि' एक तरह से यह करने के लिए एक विधि है। डेल्फी विधि रेंड कार्पोरेशन (Rand Corporation) द्वारा शीत युद्ध के शुरू में विकसित की गई थी, यह युद्ध पर प्रौद्योगिकी के प्रभाव की भविष्यवाणी करने के लिए बनायी गई थी, जिसमें तकनीकी भविष्यवाणी का अपना आधार है।

पौराणिक कथाओं ने भविष्य की भविष्यवाणी की थी। मात्रात्मक मॉडल (Quantitative models) अक्सर सीमित उपयोग के होते हैं, जब भविष्य में बहुत आगे तक की भविष्यवाणी करने की कोशिश की जाती है। बड़े पैमाने पर प्रौद्योगिकी बदलाव से प्रेरित 'पर्यावरण पैटर्न' समय की लंबी अवधि में नाटकीय रूप से बदल सकते हैं। जब भविष्य में हम आगे तक सोचते हैं, हम जानना चाहते हैं कि कैसे, संभावित अक्सर या तीव्र ये भविष्य के पूर्वानुमान हैं या होंगे। इस सबके लिए ही डेल्फी विधि उपयोगी है।

डेल्फी विधि एक संरचित, परस्पर संवादात्मक, गतिशील संप्रेषण विशेषज्ञ तकनीक है जो भविष्य पर अपनी राय साझा करने के लिए सभी को एक साथ शामिल करती है। पैनल के सदस्यों को एक प्रश्नावली दी जाती है, जिसमें भविष्य के बारे में "क्या","अगर," "क्या यदि"," या "जब" प्रश्न किए जाते हैं। उन्हें परिदृश्यों के साथ प्रस्तुत किया जा सकता है और ऐसी स्थिति उत्पन्न या कब होने की संभावना की भविष्यवाणी करने के लिए कहा जा सकता है। पैनल के सदस्यों के बीच अनुभव, जानकारी की उपलब्धता, और व्याख्या के तरीकों में अंतर एक विस्तृत विचारों की विविधता सुनिश्चित करेगा। आम सहमति लाने के लिए पैनल सदस्यों की राय को संक्षेप रूप में अन्य पैनल के सदस्यों के साथ (गुमनाम रखते हुए) साझा किया हैं, और पैनल सदस्यों को इन दृष्टिकोण के आधार पर अपनी भविष्यवाणियों को समायोजित करने के लिए प्रोत्साहित किया जाता है। जब कुछ पैनल के सदस्यों के विचारों में समूह विचारो से अलग विचार होते हैं, तो उनसे अपने विचारों के लिए लिखित औचित्य प्रदान करने के लिए कहा जाता है, ताकि उनकी राय की ताकत निर्धारित की जां सके। कुछ पुनरावृत्तियों के बाद, समूह एक सर्वसम्मति पूर्वानुमान की ओर बढ़ता है।

इस तरह से डेल्फ़ी विधि का उपयोग जोखिम को संबोधित करने के लिए किया जा सकता हैं।

- केशव राम सिंघल


Thursday, March 13, 2014

Risk Assessment - Risk Identification


Risk Management – Article 15

Risk Assessment - Risk Identification

Keshav Ram Singhal



Clause 5.4.2 of ISO 31000:2009 provides guidelines on risk identification. Risk identification is a process of understanding risks that includes process of finding, recognizing and describing risks. This process involves the identification of (i) risk sources, (ii) events, (iii) causes of risk sources and events, and (iv) potential consequences of risk sources and events. Risk identification may involve (i) historical data, (ii) theoretical analysis, (iii) informed and expert opinions, and (iv) stakeholder's needs. Risk source is an element (alone or in combination) has the essential or natural potential to cause to risk. It can be tangible (physical) or intangible (non-physical). An event is occurrence (one or more) or change of a particular set of circumstances. An event can have several causes. Sometimes an event is referred as an incident or accident. An event without outcome (consequences) is also referred as a 'near miss', 'incident'. 'near hit' or 'close call'.

The purpose of risk identification is to find out what may happen or what situations may exist that may affect the objectives of the organization or system.

The organization should identify:
(i) risk sources,
(ii) areas of impacts,
(iii) events and changes in circumstances,
(iv) causes of risk sources and events, and
(v) potential consequences of risk sources and events

Risk identification should be judgemental and done with care, as a non-identified risk may not be included in further analysis.



The organization should determine whether or not the risk source is under the control of the organization. The organization should examine knock-on effects of particular consequences, cascade and cumulative effects. The organization should consider a wide range of consequences even if the risk source or cause may not be evident. The organization should consider possible and significant causes and scenarios that show what outcome (consequences) may occur.



Suitable to organization's objectives, the organization should apply risk identification tools and techniques. Relevant and up-to-date information along with appropriate background information is important for risk identification. Appropriate competent personnel having knowledge in risk management should be involved in risk identification process.

ISO 31010:2009 provides guidance on selection and application of systematic techniques for risk assessment that may be applied for risk identification, analysis and evaluation. Some of the techniques include Brainstorming, Structured or semi-structured interviews, Delphi, Check-lists, Primary hazard analysis, HAZOP, HACCP, ERA, SWIFT etc.

Next write-up …. Risk Assessment - Risk Analysis





Wednesday, March 5, 2014

Risk Assessment - An Overview



Risk Assessment - An Overview

Keshav Ram Singhal

Clause 5.4 of ISO 31000:2009 deals with risk assessment and its sub-clauses are as under:
5.4.1 - General
5.4.2 - Risk identification
5.4.3 - Risk analysis
5.4.4 - Risk evaluation



Sub-clause 5.4.1 (General) defines the term risk assessment as given in Para 3.4.1 of ISO Guide 73:2009. Accordingly, risk assessment is overall process of risk identification (process of finding, recognizing and describing risks), risk analysis (process to comprehend the nature of risk and to determine the level of risk, process that provides the basis for risk evaluation and decisions about risk treatment and includes risk estimation), and risk evaluation (process of comparing the results of risk analysis with risk criteria to determine whether the risk and/or its magnitude is acceptable or tolerable, and it's a process that assists in the decision about risk treatment).

Risk assessment provides us with an improved understanding of risks. Risk assessment provides us a basis for decisions about the appropriate approach to be used to treat the risks.

Next write-up …. Risk Assessment - Risk Identification

Thursday, December 12, 2013

Risk Management Process – Defining Risk Criteria



Risk Management – Article 13

Risk Management Process – Defining Risk Criteria

Keshav Ram Singhal

First we should understand what risk criteria means. ISO Guide 73:2009 has defined risk criteria as terms of reference against which the significance of a risk (i.e. effect of uncertainty on objectives) is evaluated. It is also clarified that:
- Risk criteria are based on organizational objectives and external and internal context.
- Risk criteria can be derived from standards, laws, policies and other requirements.

Significance of risk needs to be evaluated, so there is a need to define risk criteria to be used. The organization should define risk criteria that reflect the organization’s values, objectives and resources. The organization may impose or derive some risk criteria from legal (statutory and legal) requirements and other requirements to which the organization subscribes.

The organization should consider relevant factors to define risk criteria including:
- The nature and types of causes and consequences that can occur and their measurement way
- The process defining likelihood
- The timeframe of the likelihood/consequences
- The process determining the level of risk
- Stakeholders’ views
- Risk level at which risk becomes acceptable or tolerable
- Whether to consider combination of multiple risks, and if so, which combination to consider and how

The organization should ensure the following with regard to risk criteria:
- Risk criteria should be consistent with the organization’s risk management policy.
- Risk criteria should be defined at the beginning of any risk management process.
- Risk criteria should be continually reviewed.

Next write-up …. Risk Assessment - An Overview


Tuesday, December 10, 2013

Risk Management Process – Establishing the Context of the Risk Management Process


Risk Management – Article 12

Risk Management Process – Establishing the Context of the Risk Management Process

Keshav Ram Singhal

Sub-clauses 5.3.4 of ISO 31000:2009 standard provides guidelines on establishing the context of the risk management process.

We need to understand the context of the risk management process of the organization and it varies according to the needs of the organization. The context of the risk management process of an organization can involve the following:
- Defining goals and objectives of risk management activities
- Defining responsibilities for and within the risk management activities
- Defining the scope (with depth and breadth including specific inclusions and exclusions) of the risk management activities to be carried out
- Defining the risk criteria (evaluation terms of reference against risk reference) of the risk management policy
- Defining the activity, process, function, project, product, service or asset in terms of time and location
- Defining relationships between (i) a particular project and other projects, (ii) a process and other processes, or (iii) an activity and other activities of the organization
- Defining risk assessment methodologies
- Defining performance and effectiveness evaluation process in the management of risk
- Identifying and specifying decisions to be made
- Identifying, scoping or framing studies needed, their extent and objectives, and the resources required for such studies

The organization should provide its attention to above factors (not limited to) to ensure that risk management approach adopted in the organization should be appropriate to the:
- Circumstances
- Organization
- Risks affecting the achievement of objectives

The organization should establish the (i) objectives, (ii) strategies, (iii) scope, and (iv) parameters of the activities or those parts of the organization where the risk management process is being applied.

The organization should undertake risk management by considering the need to justify the resources used in risk management process. The organization should specify the resources required, responsibility and authority, and the records to be maintained.

Next write-up …. Risk Management Process – Defining Risk Criteria

Sunday, November 24, 2013

Risk Management Process – Establishing the Internal Context


Risk Management – Article 11

Risk Management Process – Establishing the Internal Context

Keshav Ram Singhal


Sub-clauses 5.3.3 of ISO 31000:2009 standard provides guidelines on establishing the internal context. Internal context of an organization is its internal environment in which the organization seeks to achieve organization’s objectives. Internal context is anything within the organization and it should include but not limited to:

- Organizational governance
(The system of rules, practices and processes by which an organization is directed and controlled may be referred as organizational governance. Organizational governance essentially involves balancing of interests of its stakeholders.)

- Organizational structure, and within which roles, authority and accountability in the organization
(Organizational structure determines how the roles, authority and responsibilities are assigned, controlled and coordinated, and how information flows within the organization. An organizational chart illustrates the organizational structure.)

- Organization’s policies

- Organization’s objectives

- Organization’s strategies

- Organization’s resources and knowledge capabilities, such as capital, time, people (human), processes, systems , technologies

- Information systems

- Information flows

- Formal and informal decision-making processes

- Relationship with internal stakeholders

- Perceptions and values of internal stakeholders

- Organization’s culture

- Standards, guidelines and models adopted by the organization

- Form and extent of contractual relationship


Risk management system of an organization operates within the parameters of the organization’s culture, processes, structure and study. Understanding the internal context is fundamental to risk management process. The risk management process should be aligned with the organization’s culture, processes, structure and strategy. Anything within the organization can influence the risk management process of the organization. Factors influencing the risk management process should be established as the risk management in the organization takes place in the context of organization’s objectives. Organization should consider objectives and criteria of a particular project, process or activity in light of organization’s overall objectives. Organization should recognize opportunities to achieve organization’s strategic, project or business objectives as these may affect ongoing organizational commitment, credibility, trust and value.

Risk Management Process – Establishing the External Context


Risk Management – Article 10

Risk Management Process – Establishing the External Context

Keshav Ram Singhal

Sub-clauses 5.3.2 of ISO 31000:2009 standard provides guidelines on establishing the external context. External context of an organization is the external environment of the organization in which the organization seeks to achieve organization’s objectives. External context of an organization can include but not limited to:

- Cultural environment
(We should understand the major elements of culture that may include material culture, language, aesthetics, education, religion, attitudes, values and social organizations.)

- Social environment
(Business of an organization does not function in a vacuum and it works in societies and therefore societies affect business. The social environment of business can be cutthroat. An organization has to act and react what happens outside the premises of the organization.)

- Political environment
(The political environment in a country affects its economic environment that, in turn, affects the performance of business organization.)

- Statutory and regulatory (legal) environment
(Every country has its own legal framework that governs and affects the business too. Government could change its rules and regulations, and this could an effect on business.)

- Financial environment
(Financial environment is the outcome of a range of functions of the economy on all financial outcomes in a country. It includes forex markets, bond markets, stock markets and commodity markets. Financial environment affects the business performance of an organization.)

- Economic environment
(Economic environment influences the business of an organization to a great extent. It refers to all those economic factors that affect the functioning of a business organization.)

- Natural and competitive environment
(The natural and competitive environment is a dynamic system in which business of an organization competes. It may also be known as market structure. World economic conditions may increase or decrease the prices of raw materials that might force an organization to increase or decrease its prices.)

- Key drivers having impact on the objectives of the organization
(A key business driver is something that has a major impact on the business and its objectives. Identifying and monitoring the key drivers of any business organization is critical to remain in business.)

- Trends having impact on the objectives of the organization
(Trends have a significant impact on organization’s business.It is important to understand whether the business of the organization is exploiting trends or trends are exploiting the business of the organization. It is better not to let the business of the organization get caught up in trends.)

- Relationship with external stakeholders
(Building trust with stakeholders makes relationship more productive and fosters partnership between the organization and stakeholders.)

- Perceptions and values of external stakeholders
(Building trust with stakeholders makes relationship more productive and fosters partnership between the organization and stakeholders. It is better to understand perceptions and values of stakeholders.)

It is important to understand external context. By understanding the external context, the organization ensures considering objectives and external stakeholders’ concern in the process of developing risk criteria. Establishing the external context specific to the scope of the risk management process is based on the organization-wide context, but it should be:

- With specific details of statutory and regulatory (legal) requirements
- With specific details of stakeholders’ perceptions
- With specific details of other aspects of risks specific to the scope of the risk management process

The process of establishing the external context should be done by understanding the external context and external environment (including key drivers, trends, relationships, perceptions and values). In this regard organization needs to continually monitor the external environment and it is not a one-time process or activity.