How Can We Use Context to Inform Risk Management?

Updated: Feb 10


External and internal context combine to make up the environment in which the organization seeks to achieve its objectives.

External Context

PESTLE is a useful mnemonic to consider external context:

  • Political influences such as legislation, trade tariffs, policy changes.

  • Economic factors, both global and local.

  • Social influences, expectations, trends, and demographics.

  • Technological changes and implications.

  • Legal environment and requirements for compliance, etc.

  • Environmental factors such as pollution, climate change, stakeholder expectations, etc.

Internal Context

MORTAR is another useful mnemonic to help establish internal context:

  • Management systems: policies, procedures, processes,

  • Organization: culture, objectives, vision, ethics

  • Resources: capabilities, cashflow, people, property, information, intellectual property

  • Technologies: robotics, information, communication,

  • Accountability: structure, ownership, governance

  • Relationships: stakeholders, interconnections, dependencies

When analyzing internal context, SWOT analysis can also be helpful:

  • Strengths of the organization

  • Weaknesses of the organization

  • Opportunities that may present themselves

  • Threats to achievement of objectives


Recent Posts

See All

The SRMBOK Maturity Model

Security Risk Management Body Of Knowledge (SRMBOK) The SRMBOK maturity model addresses the following four levels: Level 1 INITIAL Level 2 BASIC Level 3 REPEATABLE Level 4 OPTIMIZING The model also ad

©2019 by Julian Talbot