ISO 31000, a risk management standard for decision-makers

Transcription

1 ISO 31000, a risk management standard for decision-makers Alex Dali, MBA, ARM, CT31000 President Global Institute for Risk Management Standards - G31000 Alex.Dali@G31000.org

2 Risk management foundations in the airline industry 2

3 Major Risks Faced by Airlines Strategic risk Business design choices Financial risk Variability of revenue and costs Operational risk Tactical aspects of running the business Hazard risk Safety of physical assets

4 4

5 Specialized risk in ISO standards Quality Environment Health &Safety Energy IT security Nonconformities Pollution Accident, disease Interruption Data breach, cyber crime ISO 9001 ISO ISO ISO ISO Project Non-quality, cost overrun, delays ISO Supply chain Disruption ISO Continuity Incident ISO Law & regulations Non-compliance ISO Business ethics Bribery ISO

6 Why aren t ERM Programs More Successful? Most ERM Programs are built on Governance or Compliance models Value: Did we do it? Good. Measures are rarely in meaningful terms Not a KEY role in performance management, planning, budgeting and strategy formation Limited in scope and focus Not a day-to-day part of decision making Not based on or tied to a standard or tight framework Copyright 2012 rpm3 Solutions, LLC and ERM, LLC 6

7 a compliance & control risk management standard compliance Controls regulations Risk insurance reporting audit 7

8 ISO 31000, a global risk management standard ISO 31000, a Global Risk Management Standard Uncertainty controls insurance Decision-making Philosophy of the ISO risk management standard compliance Objectives regulations Performance Risk audit reporting Best allocation of resources 8

9 Risk Effect of uncertainty on objectives 9

10 RISK MANAGEMENT & ISO The combination of governance, performance, decision-making and risk management has become the driving force for a global approach, structured methodology leading to risk management standardization 10

11 5 recommendations 1. Adopt an internationally-recognized reference 2. Use a simple risk management architecture 3. Promote business performance 4. Link risk management and decision-making 5. Encourage adequate education with benefits 11

12 5 recommendations 1. Adopt an internationally-recognized reference 12

13 About ISO Internationally-recognised reference International acceptance Single global reference for stakeholders Guideline can be tailored All type of risks any sector/industry Umbrella for all existing standards Multiple frameworks create confusion 13

14 Value-added / benefits of ERM 14

15 ISO adopted as national risk management standard International Organization for Standardization ISO Central Secretariat BIBC II Chemin de Blandonnet 8 CP Vernier, Geneva Switzerland 76 countries 23 languages Link : 15

16 Number of members by COUNTRIES : WORLD (top ten) Extract from G31000 database June 2016

17 17

18 5 recommendations 2. Use a simple risk management architecture 18

19 Objectives of ISO STRUCTURE Simple risk management architecture 3-pillar structure robust and simple to apply opportunity to review existing RM practices ISO free to download in India Do not restrict risk management to the risk management process

20 Objectives of ISO a) Creates value b) Integral part of organizational processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic, structured and timely f) Based on the best available information g) Tailored PRINCIPLES h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative and responsive to change k) Facilitates continual improvement and enhancement of the CONTINUAL IMPROVEMENT STRUCTURE FRAMEWORK MANDATE AND COMMITMENT DESIGN OF FRAMEWORK FOR MANAGING RISK MONITORING AND REVIEW Plan-Do-Check-Act cycle IMPLEMENTING RISK MANAGEMENT 20

21 COMMUNICATION AND CONSULTATION MONITORING AND REVIEW Objectives of ISO STRUCTURE RISK MANAGEMENT PROCESS ESTABLISH THE CONTEXT RISK IDENTIFICATION RISK ANALYSIS RISK EVALUATION + ISO GUIDE 73 RISK MANAGEMENT VOCABULARY RISK TREATMENT 21

22 5 recommendations 3. Promote business performance 22

23 ISO SURVEY 2012 How is risk management mainly used within your organization?

24 Objectives of ISO SCOPE not a parallel management system Integrate risk in all practices and processes at all levels. Risk management must create value Link risk management to business performance no bureaucratic compliance reporting system

25 5 recommendations 4. Link risk management and decision-making 25

26 ISO 31000, a global risk management standard ISO 31000, a Global Risk Management Standard Uncertainty controls insurance Decision-making Philosophy of the ISO risk management standard G31000 Copyright compliance Objectives regulations Performance Risk audit reporting Best allocation of resources 26

27 5 recommendations 5. Encourage adequate education with benefits 27

28 Certification INDIVIDUALS Growing understanding of the importance of effectively managing risk Increasing recognition of ISO individuals wishing for knowledge and understanding about risk management Improved decision making through explicit consideration of uncertainty and potential consequences

29 Global Institute for Risk Management Standards Training session conducted, worldwide : # sessions : 78 # countries : 25 List of cities covered : New York, Chicago, Los Angeles, Denver, Washington, West Palm Beach, Toronto, Brussels, Paris, London, Nice, Lagos, Johannesburg, Cape Town, Madrid, Barcelona, Milano, Geneve, Amsterdam, Dubai, Riyadh, Macau, Shanghai, Singapore, Sydney, Lima, Bogota, Cairo. Plan your training survey: 29

30 Global Institute for Risk Management Standards Worldwide network of 1232 certified risk professionals via G31000 training and certification Network of 123 Approved/Certified trainers 30

31 31

32 5 recommendations 1. Adopt an internationally-recognized reference 2. Use a simple risk management architecture 3. Promote business performance 4. Link risk management and decision-making 5. Encourage adequate education with benefits 32

33 33

34 Thank you for your attention Alex Dali, MBA, ARM, CT31000 President Global Institute for Risk Management Standards - G31000 Alex.Dali@G31000.org

35 Annexes for discussions or additional information. 35

36 Thesis in risk management 36

37 Risk combinations of the probability of an event and its consequences 37

38 About ISO Engineer Scenario Manager Health Finance Public sector risk = hazard risk = event risk = uncertainty on objectives risk = threat (purely negative) risk = return risk = discontinuity of service Organisations of all types face a range of risks Organisations of all types face a range of combinations of the probability of an event and its consequences 38

39 About risk management standards AZ/NZS ISO31000 AS/NZS /99/04 Australia ONR 49000:2008 Austria(DE/CH) JIS Q Japan? FERMA:2004 Europe CAN/CSA- Q ISO Canada COSO 2 (ERM) : 2004 USA AIRMIC, ALARM, IRM:2002 M_o_R:2002/2007/2011 BS ISO31000 BS Guide UK 39

40 About ISO Quality OH&S Environment Finance IT security Food safety Equipment Project Supply chain 40

41 ISO TMB Joint Technical Coordination Group How to align all ISO Management Systems Introducing the concept of RISK Susan LK Briggs TC207/SC1 Representative on JTCG TF1 Chair, US Technical Advisory Group to TC207 Convenor, WG5 ISO Revision Presented at the 2 nd international ISO Conference 2013, Toronto, Canada

42 ISO TC 176 SC1 - Concepts and terminology Risk-based Thinking introduced in the Revision of ISO 9001: 2015 Direct references to ISO Paul C Palmes Chairman, International Technical Committee TC 176, SC1 (revision of ISO 9001:2015) US Technical Advisory Group to TC 176, SC1/HOD Presented at the 3 rd international ISO Conference 2014, New York, USA

43 Objectives of ISO Principles STRUCTURE Process Framework

44 Objectives of ISO SCOPE ISO Standard vs ISO Guideline? Risk Management Principles and Guidelines voluntary application, not prescriptive, no legal requirement specifically not intended for certification ISO certifiable standard? NO! 44

45 Objectives of ISO SCOPE All organisation: Any sector, any activity, any size All risk: Any type of risk, + or - consequences Generic guidelines: Harmonizes processus, not practices Global reference: Harmonize RM in existing and future standards Global application: Objectives, context, structure, operations, processes, functions, projects, products, services, or assets 45

46 Objectives of ISO BENEFITS 1. Standard = consensus ( compromise) 2. Standards regulation voluntary endorsment 3. Wide range of input one point of view 4. Apply to any activity or domain in any organisation 5. Integrated appoach for the management of risk 6. Very general allowing interpretation guideline 7. Regular updates through ISO 8. Recognizing best practices 9. Facilitate communication and training 10. Recognization for the profession

47 ISO SURVEY 2011 Global ISO survey 2011 Results & analysis

48 QUIZZ on the ISO STANDARD Quizz on the ISO risk Management standard

49 QUIZZ on the ISO STANDARD Question 1 : The ISO document is a A B C D Technical specifications for Risk Management Guidance standard for Risk Management Certificable standard for Risk Management Umbrella standard for in existing or future standards

50 QUIZZ on the ISO STANDARD Question 1 : The ISO document is a A B C D Technical specifications for Risk Management Guidance standard for Risk Management Certificable standard for Risk Management Umbrella standard for existing or future standards

51 USEFUL LINKS ISO GLOBAL SURVEY 2012 : English version : Spanish version : French version : ISO INTERNATIONAL CONFERENCE LINKEDIN GROUP on ISO : About ISO official link: About ISO presentation %83O%20-%20ISO% pdf 51