Skip to content
  • CONSULTING
    • Strategy and business processes
      • Strategic planning and management of the implementation of the strategic plan
      • Business process management – identification, modeling and improvement of business processes
      • Designing a modern IT organization and managing human resource efficiency
      • Project management
    • Digital transformation through Data Management
      • Establish a Data Governance framework and develop a data management strategy
      • Data quality management
      • Data security management
      • Master and metadata management
      • Preparations for the implementation of BI and Big data solutions
      • Estimates of data management maturity
      • Documentation and content management
      • Establish organizations for successful data management and digital transformation
    • Risks and compliances
      • Establishment of CMS (Compliance Management System) as an independent system
      • The establishment of CMS as the initiator of the implementation of other management and integration systems
      • Compliance Management System as part of a digitized management system for the entire business system
      • GDPR/Privacy protection management
      • Anti-corruption management system (ISO 37001)
      • Protection of whistleblowers
      • Electronic identification and trust services in accordance with the eIDAS Regulation
    • Information security, Cyber security and business continuity
      • Corporate information security
      • Information security risk management
      • Information security systems management
      • Business continuity management
      • Cyber security management
      • Incident management, disaster recovery
      • Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security
    • Quality, environment protection and energy efficiency
      • Implementation and evaluation of quality management system (ISO 9001, ISO 15017, etc.)
      • Implementation and assessment of environmental management system (ISO 14001)
      • Implementation and evaluation of energy efficiency management system (ISO 50001)
      • Implementation and evaluation of occupational health and safety management systems (ISO 45001)
    • IT Governance & IT Management
      • Design of ICT Governance & ICT Management systems
      • Development of a new IT strategy
      • Designing a modern IT organization and managing human resource efficiency
      • Management and supervision of IT projects
      • Information system development, verification, validation and testing services
      • Development of technical specifications for the development of information systems
      • Information systems audit
    • IT services
      • Managing IT services
      • Implementation of IT service management system (ISO 20000)
      • ITIL & managing IT services
    • EU projects
      • Identify opportunities for financial support and select the best source of funding
      • Preparation of project application in accordance with EU guidelines
      • EU project management
  • EDUCATIONS
    • Education calendar
  • e-learning
  • ABOUT US
    • Partners
    • ZIH team
    • ZIH’s Authorities
    • Reference list
  • NEWS
  • BLOG
  • CONTACT
  • CONSULTING
    • Strategy and business processes
      • Strategic planning and management of the implementation of the strategic plan
      • Business process management – identification, modeling and improvement of business processes
      • Designing a modern IT organization and managing human resource efficiency
      • Project management
    • Digital transformation through Data Management
      • Establish a Data Governance framework and develop a data management strategy
      • Data quality management
      • Data security management
      • Master and metadata management
      • Preparations for the implementation of BI and Big data solutions
      • Estimates of data management maturity
      • Documentation and content management
      • Establish organizations for successful data management and digital transformation
    • Risks and compliances
      • Establishment of CMS (Compliance Management System) as an independent system
      • The establishment of CMS as the initiator of the implementation of other management and integration systems
      • Compliance Management System as part of a digitized management system for the entire business system
      • GDPR/Privacy protection management
      • Anti-corruption management system (ISO 37001)
      • Protection of whistleblowers
      • Electronic identification and trust services in accordance with the eIDAS Regulation
    • Information security, Cyber security and business continuity
      • Corporate information security
      • Information security risk management
      • Information security systems management
      • Business continuity management
      • Cyber security management
      • Incident management, disaster recovery
      • Alignment with the EU regulation 2016/1148, the law and the regulation on cyber security
    • Quality, environment protection and energy efficiency
      • Implementation and evaluation of quality management system (ISO 9001, ISO 15017, etc.)
      • Implementation and assessment of environmental management system (ISO 14001)
      • Implementation and evaluation of energy efficiency management system (ISO 50001)
      • Implementation and evaluation of occupational health and safety management systems (ISO 45001)
    • IT Governance & IT Management
      • Design of ICT Governance & ICT Management systems
      • Development of a new IT strategy
      • Designing a modern IT organization and managing human resource efficiency
      • Management and supervision of IT projects
      • Information system development, verification, validation and testing services
      • Development of technical specifications for the development of information systems
      • Information systems audit
    • IT services
      • Managing IT services
      • Implementation of IT service management system (ISO 20000)
      • ITIL & managing IT services
    • EU projects
      • Identify opportunities for financial support and select the best source of funding
      • Preparation of project application in accordance with EU guidelines
      • EU project management
  • EDUCATIONS
    • Education calendar
  • e-learning
  • ABOUT US
    • Partners
    • ZIH team
    • ZIH’s Authorities
    • Reference list
  • NEWS
  • BLOG
  • CONTACT
Search
EN
  • HR
[ivory-search id="3372" title="Search form laptop"]

HR 

  • KONZALTING
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • Upravljanje rizicima
      • Temelj upravljanja usklađenostima (CM)
      • CMS kao samostalni sustav
      • GDPR / Zaštita privatnosti
      • CMS kao integrator u cjeloviti sustav upravljanja
      • Compliance management akademija
      • Usklađenost s eIDAS direktivom
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • EDUKACIJE
    • Kalendar edukacija
    • Seminari-jesen 2025!
  • e-learning
  • O NAMA
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • NOVOSTI
  • BLOG
  • KONTAKT
  • KONZALTING
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • Upravljanje rizicima
      • Temelj upravljanja usklađenostima (CM)
      • CMS kao samostalni sustav
      • GDPR / Zaštita privatnosti
      • CMS kao integrator u cjeloviti sustav upravljanja
      • Compliance management akademija
      • Usklađenost s eIDAS direktivom
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • EDUKACIJE
    • Kalendar edukacija
    • Seminari-jesen 2025!
  • e-learning
  • O NAMA
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • NOVOSTI
  • BLOG
  • KONTAKT
  • Konzalting
    • Strategija i poslovni procesi
      • Strateško planiranje i upravljanje implementacijom strateškog plana
      • Upravljanje poslovnim procesima – identifikacija, modeliranje i unapređenje poslovnih procesa
      • Izrada nove organizacije te upravljanje razvojem karijere i radnim učincima djelatnika
      • Upravljanje projektima
    • Digitalna transformacija kroz upravljanje podacima
      • Uspostava Data Governance okvira i izrada strategije upravljanja podacima
      • Upravljanje kvalitetom podataka
      • Upravljanje sigurnošću podataka
      • Upravljanje matičnim i meta podacima
      • Pripreme za implementaciju rješenja za BI i Big data
      • Procjena zrelosti upravljanja podacima
      • Upravljanje dokumentacijom i sadržajem
      • Uspostava organizacije za uspješno upravljanje podacima i digitalnu transformaciju
    • Rizici i usklađenosti
      • Upravljanje rizicima
      • Temelj upravljanja usklađenostima (CM)
      • CMS kao samostalni sustav
      • GDPR / Zaštita privatnosti
      • CMS kao integrator u cjeloviti sustav upravljanja
      • Compliance management akademija
      • Usklađenost s eIDAS direktivom
    • Informacijska sigurnost, kibernetička sigurnost i kontinuitet poslovanja
      • Korporativna informacijska sigurnost
      • Upravljanje rizicima informacijske sigurnosti
      • Upravljanje sustavima informacijske sigurnosti
      • Upravljanje kontinuitetom poslovanja
      • Upravljanje kibernetičkom sigurnošću
      • Upravljanje incidentima, oporavak od katastrofe
      • Usklađivanje s eu uredbom 2016/1148, zakonom i uredbom o kibernetičkoj sigurnosti
    • Kvaliteta, zaštita okoliša i energetska učinkovitost
      • Implementacija i procjena sustava upravljanja kvalitetom (ISO 9001, ISO 15017 i dr.)
      • Implementacija i procjena sustava upravljanja zaštitom okoliša (ISO 14001)
      • Implementacija i procjena sustava upravljanja energetskom učinkovitosti (ISO 50001)
      • Implementacija i procjena sustava upravljanja zdravljem i zaštitom na radu (ISO 45001)
    • IT Governance & IT Management
      • Oblikovanje ICT Governance & ICT Management sustava
      • Razvoj nove IT strategije
      • Oblikovanje suvremene IT organizacije i upravljanje učinkovitošću ljudskih resursa
      • Upravljanje i nadzor IT projekata
      • Usluge u razvoju, verifikaciji, validaciji i testiranju informacijskih sustava
      • Izrada tehničkih specifikacija za razvoj informacijskih sustava
      • Revizija informacijskih sustava
    • IT usluge
      • Upravljanje IT uslugama
      • Primjena norme ISO 20000 u upravljanju IT uslugama
      • ITIL i upravljanje IT uslugama
    • EU projekti
      • Identifikacija mogućnosti dobivanja financijske potpore i odabir najboljeg izvora financiranja
      • Izrada projektne prijave u skladu s EU smjernicama
      • Vođenje EU projekata
  • Edukacije
    • Kalendar edukacija
    • Seminari-jesen 2025!
  • e-learning
  • O nama
    • Partneri
    • Tim ZIH-a
    • Ovlaštenja ZIH-a
    • Referentna lista
  • Novosti
  • Blog
  • Kontakt
  • En
    • Hr

Homepage > Consulting > Risks and compliances > Business risk management

Business risk management

What is the risk?

You just bought a fresh salad at the market? Do you drink coffee in your favorite cafe? Are you waiting for the tram? Are you going on a long trip with your car? Do you do free climbing? Do you like diving? Skydiving at the weekend? Want to introduce a new product? Need a new source of financing? Looking for new markets? Do you need access to the Internet and e-mail?

 

In each of these activities, you are faced with the possibility of finding yourself in a not very desirable situation that may or may not materialize, and it is not always easy to recognize or predict. This effect of uncertainty for your goal is called risk (according to the ISO 31000 standard). Risks are an inevitable part of human activities and every job. They are always associated with uncertainty, which is true for our everyday life, but also for every business system. They are a function of assets, threats, vulnerabilities, probabilities and possible consequences. An asset is everything that a business system owns and that has some business value for it. These can be material assets, financial assets, information, processes, reputation, employees, etc. Threats are the possibility of harming assets, and their sources can be internal and external. Vulnerabilities are weaknesses due to inexperience, insufficient knowledge, lack or low level of asset protection. Risks exist in every business system. They appear from the mission, vision, determination and realization of business goals, through business processes, to the achievement or non-achievement of these objectives. There are always a number of threats with their sources, which can cause negative events and result in certain, unwanted consequences. To prevent them from happening, it is necessary to take adequate risk management measures. There are several ways of categorizing risks, and they can be specific to the particular branch to which they refer. Sometimes the categories are determined by regulatory, legal or industry requirements, and often they are adapted as needed. For example the insurance industry can divide risks into financial and non-financial, basic and special, static and dynamic, insurable and uninsurable, opportunity risks, hazardous and uncertain, etc. Risks can be categorized according to the environment where they arise: external and internal, etc.

If a business system does not have good strategic planning or does not implement it at all, has not defined its vision and mission, does not have its clear goals, it is evident that it is a matter of strategic risks. If he does not perceive constant changes in his environment that occur due to the development of technology, business conditions, growing environmental requirements, changes in competition, these are environmental risks. If the business system does not follow the constant changes in the market well enough, does not adapt its products and services to it, has poorly defined its niches, has a bad pricing policy or has poorly chosen its customers, these are market risks. In the event that unfavorable loans are used, it is obvious that there is a credit risk on the scene. If someone has not adapted their business to current laws, regulations or norms, but uses them non-transparently or even violates them, there are risks due to non-compliance. Risks appear in project management, personnel policy, and are pronounced when using information technologies

Ćurak, M. i Jakovčević, D., Osiguranje i rizici, RRIF plus, Zagreb, 2007

Drljača M., Bešker M.: Održivi uspjeh i upravljanje rizicima poslovanja, Zagreb, 2010.

Mr.Sc. Zoran Wittine, Rizici i upravljanje rizicima u međunarodnom poslovanju

What is risk management?

Risk management consists of a set of processes that are carried out with the purpose of increasing the probability that, in the event of threats, eliminating or reducing unfavorable situations and their consequences. Some of the objectives of the risk management process can be maximizing the value of the company, preserving the business function and existence of the company after the occurrence of damage, compliance with legal regulations, minimizing uncertainty related to major disasters and risks. All risks to which a business system is exposed cannot be recognized or completely eliminated, but by finding a reasonable relationship between different aspects of danger, possible consequences and measures for control and reduction, they can be reduced to an acceptable level. There are several ways of risk management, and the generally accepted norm for this area is ISO/IEC 3100. The norm defines the phases (set of activities) in the risk management process, as well as their interrelationship.

By setting the context in which the organization operates, its goals are clearly stated, external (e.g. PESTLE analysis) and internal parameters (e.g. SWOT analysis) that should be taken into account in risk management are defined, and the scope and criteria for risk assessment are set.

Risk identification is carried out by identifying all possible risks and their sources. The goal of this phase is to come up with a list of those events that could negatively affect the achievement of business goals. It is important to identify all potential risks, because those that are not recognized at this stage will be excluded from further risk management procedures in subsequent steps.

Risk analysis includes understanding the identified risks. The causes and sources of risk, their positive and negative consequences and the probability of occurrence are considered. Also, it is necessary to identify the factors that influence the consequences and probability. In the risk analysis, it is necessary to recognize all other risk attributes, because an event can have more than one consequence and can affect multiple goals. When analyzing risks, it is necessary to take into account the existing risk management measures (controls), if they exist, and to determine their effectiveness and efficiency.

Risk evaluation In the risk evaluation phase, decisions are made on the selection of those risks that require processing and the priorities of the implementation of the foreseen controls. Decisions are made based on the results of the risk analysis. Risk assessment involves comparing the level of a certain risk established during the analysis phase, with the criteria established during the determination of the context in which the occurrence of the risk is observed.

Dealing with risks involves the selection and implementation of one or more risk influencing options such as

risk reduction – implementation of controls that reduce the identified risk
risk transfer – the risk is transferred to a third party, eg an insurance company or a supplier;
risk acceptance – risk is accepted without implementing new controls;
risk avoidance – stopping or not starting activities within the business system that may cause a certain risk.

After the implementation of the measures taken, there remains a risk, which we call residual risk. It is a risk that includes all those threats and vulnerabilities that are considered not to require additional treatment in terms of its reduction. Also, residual risk can arise as a result of a “cost-benefit” analysis, which established that the costs of implementing possible measures would not be profitable. Risk management is one of the fundamental responsibilities of management.

How ZIH can help you?

For each user, ZIH has an individualized approach depending on their needs. In accordance with this, we organize workshops with management teams, and with the expert guidance of our consultants and the application of reference world recommendations, we help users to successfully implement risk assessment processes or to introduce and adopt a risk management process.

In this regard, we offer you the following consulting service:

Business risk management

Education in the mentioned field:

  • Business risk management
  • Certified ISO 31000 Foundation (PECB)
  • Certified ISO 31000 Risk Manager (PECB)
  • Certified ISO 31000 Lead Risk Manager (PECB)
  • Risk Assessment using Ebios Method (PECB)
  • Risk Assessment using the Mehari Method (PECB)

You may also be interested in our services and education:

Education

Compliance management in the business system

Read more

Education

Why and how to manage information security risks?

Read more

Service

Compliance management

Read more

Service

Anti-corruption system management (ISO 37001)

Read more

Why ZIH?

ZIH has more than 20 years of rich experience in shaping a modern organization of risk management systems and closely monitors the development and application of norms related to this topic (such as ISO 31000, ISO 27005). He also successfully conducted a series of assessments of business risks, risks of the use of information technologies and risks of information security.

Would you like a short presentation or an offer?

FILL OUT THE FORM

Kontaktirajte nas

Ispunite obrazac i naš djelatnik će Vas kontaktirati i dogovoriti posjet ili online sastanak kako bi saznali na koji način Vam možemo pomoći.
Želimo Vam prenijeti naša iskustva i najnovije trendove koji Vam mogu pomoći u Vašem svakodnevnom poslovanju.

Consulting

Strategy and business processes

Digital transformation through Data Management

Risks and compliances

Information security and business continuity

Quality, environment protection and energy efficiency

IT Governance & IT Management

IT services

EU projects

EDUCATIONS

Strategy and business processes

Digital transformation through Data Management

Risks and compliances

Information security and business continuity

Quality, environment protection and energy efficiency

IT Governance & IT Management

IT services

EU projects

EDUCATION CALENDAR

ABOUT US

Partners

ZIH team

ZIH’s Authorities

Reference list

NEWS

BLOG

NEWS

BLOG

CONTACT

Trg Antuna, Ivana i Vladimira Mažuranića 8, 10 000 Zagreb
 
Telefon: +385 1 4855 271
Fax: +385 1 4855 272
E-mail: zih@zih.hr
 
IBAN: HR7423400091100013041
 
OIB: 34774399108

NEWSLETTER

Stay up to date with the news and services we provide
Facebook Youtube Linkedin
Copyright © 2022. ZIH
Pravila privatnosti
Mask Group
iso-9001-bureau-veritas-logo
Iso_Trans_Logo-01
Dizajn i programiranje: Prospekt d.o.o.
Copyright © 2022. ZIH

Privacy policy

Mask Group
iso-9001-bureau-veritas-logo
Iso_Trans_Logo-01
Design and programming: Prospekt d.o.o.
The website uses cookies! Do you agree to the use of cookies? Cookies provide a better user experience, customization of content and analysis of website visits. You can further configure cookie settings in your web browser.I agreeNoRead more