How Can We Use Context to Inform Risk Management?

Updated: Feb 10

Context


External and internal context combine to make up the environment in which the organization seeks to achieve its objectives.


External Context


PESTLE is a useful mnemonic to consider external context:


  • Political influences such as legislation, trade tariffs, policy changes.

  • Economic factors, both global and local.

  • Social influences, expectations, trends, and demographics.

  • Technological changes and implications.

  • Legal environment and requirements for compliance, etc.

  • Environmental factors such as pollution, climate change, stakeholder expectations, etc.


Internal Context


MORTAR is another useful mnemonic to help establish internal context:


  • Management systems: policies, procedures, processes,

  • Organization: culture, objectives, vision, ethics

  • Resources: capabilities, cashflow, people, property, information, intellectual property

  • Technologies: robotics, information, communication,

  • Accountability: structure, ownership, governance

  • Relationships: stakeholders, interconnections, dependencies


When analyzing internal context, SWOT analysis can also be helpful:

  • Strengths of the organization

  • Weaknesses of the organization

  • Opportunities that may present themselves

  • Threats to achievement of objectives

18 views

Recent Posts

See All

The SRMBOK Maturity Model

Security Risk Management Body Of Knowledge (SRMBOK) The SRMBOK maturity model addresses the following four levels: Level 1 INITIAL Level 2 BASIC Level 3 REPEATABLE Level 4 OPTIMIZING The model also ad

©2019 by Julian Talbot