Management challenges in Modernisation Processes (Bucharest, 17 March 2016)
|
|
- Noah Ramsey
- 6 years ago
- Views:
Transcription
1 ESS Modernisation Workshop Management challenges in Modernisation Processes (Bucharest, 17 March 2016)
2 Agenda Change Management: From the Approach to the Process Risk Management Framework and Process Focus on Integration with Quality in Statistics Risk Management in action: Institutional Practices and on-going Projects Page 2
3 Reactions to Change People going through change experience a variety of emotional and cognitive states that take up some time. Transitions typically progress through a cycle of reasonably predictable phases within the Self-efficacy process that is a key cognitive process identified by the psychological social theory for the analysis of human behavior, aiming at efficiently guiding the individual cognitive, social, emotional and behavioral sub-abilities to fulfill specific purposes. Self-efficacy INTERNALIZATION, AND LEARNING DENIAL CONSOLIDATION SHOCK! DEPRESSION TESTING LETTING GO Time Page 3
4 STATE POTENTIAL CHANGE DERAILERS CRITICAL SUCCESS FACTOR SHOCK DENIAL DEPRESSION POOR FOLLOW TROUGH TESTING CONSOLIDATION INTERNALIZATION AND LEARNING Poor Vision of the Future. Cultural Resistance to Change. Lack of a sponsor/commitment Lack of recognition for the need to continuously change. Excessive Bureaucracy. Lack of Competencies. Poor follow through. Lack of access to technology. Lack of time. Lack of performance metrics. Lack of Synergy. Lack of commitment to funding and/or resources. Lack of knowledge/learning in a change process. Lack of training. Managers must follow a specific behavior to make change successful and overcome barriers: Identifying the opportunities and threats that require attention (Sense making); Identifying what needs to be done to move towards a better future (Visioning); Communicating the vision (Sense giving); Promoting shared sense of direction (Aligning); Removing obstacles and creating the conditions to empower people to change (Enabling); Recognizing the concerns of those affected by the change (Supporting); Demonstrating that they are prepared to change their behavior (Sustaining the change). Stakeholder Collaboration, Empowerment, and Engagement Addressing stakeholders systematically and iteratively, planning and monitoring and correcting for changes. Performing change with rather than to people, ensuring those impacted by the change see the need for change. Formalize Philosophy and Policy of Change Management Providing strong sponsorship for leadership, resources, and support of the change initiative. Establishing a culture for change management by writing policies or incorporating change statements into the vision and mission. Building a common change vocabulary. Time for Acceptance into the Change Life Cycle Framework Building in flexibility. Allocating time into the project/program to ensure that the foreseen or emergent resistance will not impact the project schedule. System Alignment with the Change Initiative Creating a clear description and measures for a successful future state. Ensuring all supporting systems work effectively and efficiently together. Scaling change management activities to the extent, complexity, and speed of the change. Identifying, Selecting, and Developing Change Management Competencies Changing management competency program. Developing employees. Focus for the Change Initiative Building communication assets: models, methods, and requirements methods. Clearly communicating the change vision early outlining the benefits and impacts of the change. Ensuring that the organization s leaders actively communicate throughout the change process. Providing opportunities for dialogue and true representation to promote a sense of ownership. Monitoring and measuring the effectiveness of the communications. Develop and Deploy Change Management Measurement Processes and Tools Measuring the success of change and determining what existing organizational indicators are in place for measuring change. Capturing and sharing lessons learned retaining them in a knowledge management repository. Page 4
5 Change is GOOD (!?!) Before embarking on organizational change, it is important to assess: What do we want to achieve with this change? How will we know that the change has been achieved? Who is affected by this change? How will they react to it? How much of this change can we achieve ourselves? What parts of the change do we need help with? Page 5
6 Organizational Change Change must be realistic, achievable and measurable and change efforts should be geared and managed to improve performances and align people, processes and culture with changes due to different culture, risktaking, risk-aversion, openness to change, innovation, etc.. Managing changes not only helps organization ensure that the transition being implemented is successful, it also helps managers diagnose risks with the transition, before they become unbearable. Change management : is a comprehensive, cyclic and structured approach to transitioning individuals and organizations from a current to a desired future state; helps organizations drive their strategy through portfolio, program, and project management; offers a standardized method that efficiently evaluates the potential positive and negative impact of change; aims at applying a systematic approach that helps "the change" be successful supporting the individuals involved, addressing resistance and developing knowledges. Page 6
7 Change Process Theories Among the others, some theories embrace the holistic approach to change: 1. Teleological: organizations are purposeful and adaptive, and change is an unfolding cycle of goal formulation, implementation, evaluation and learning. 2. Dialectical, focusing on conflicting goals between different interest groups and explaining stability and change in terms of comparison between the opposing entities. 3. Life cycle, change is a process that progresses through a necessary sequence of cumulative stages, each of them contributes to the final outcome. 4. Evolutionary: change proceeds through a continuous cycle of variation, selection and retention. All those theories view change as a series of interconnected events, decisions and actions, but the sequence of stages whose direction is constructed is considered in a different way: Teleological and Dialectical theories: change trajectories is predetermined, but goals and steps taken to achieve goals can be changed at the will of those involved in the change process. The McKinsey 7S model belongs to this kind of theories. Life cycle and Evolutionary theories: change is a predetermined process that unfolds over time in a specified direction. These theories include the Kotter's integrative model. Page 7
8 Change and Risk Management Standards ITIL V.2 & V.3 (Information Technology Infrastructure Library) and COBIT V. 4.1 & 5.0 (Control OBjectives for Information and related Technology) aren t formal standards but frameworks for good practice in IT Service Management. These describes processes, procedures, tasks not organization-specific but applicable for an integrated strategy to maintain a suitable level of quality and competency in the Service support processes optimizing risk levels and resource use. ISO/IEC 20000:2011 (ITSM IT Service Management) & ISO/IEC 27001:2013 define a set of requirements against which an organization can be independently audited and, if they satisfy those requirements, focusing on goals rather than outputs, can be certificated. They establish high-level objectives for change management to ensure the implementation of strategies through actions for mitigating risks associated with ineffective controls. The PMI s standard illustrates how portfolio, program, and project management help organizations develop the effective practice of change management so that strategy can be executed reliably and effectively, and: sets the practices, processes and disciplines to guide executives in managing change providing practitioners from different fields such as organizational development or human resource management; describes the change life cycle framework that reflects the portfolio, program and project management process and its purposes and demonstrates resilience resulting from unforeseen changes. Page 8
9 Change Life Cycle Framework Process model of change are based on teleological and dialectical theories. The model conceptualizes the change management as a purposeful, structured but often discussed process that comprises 7 core activities: 1. Formulating the change consists of: Identifying/clarifying need for change; Assessing readiness for change; Delineating scope of change 2. Planning the change by defining the change approach and planning stakeholder engagement as well as transition and integrating people, processes, technologies, structures, and cultural issues into the overall portfolio, program, or project plan. 3. Implementing the change by preparing the organization for change, mobilizing the stakeholders, and delivering project outputs. Planning, implementation, and transition processes are overlapping due to change implementation is an iterative process. 4. Managing the change transition by transitioning the outputs into business operations, measuring the adoption rate and the outcomes and benefits, and adjusting the plan to address discrepancies. 5. Sustaining the change on an ongoing basis through: Ongoing communication, consultation, and representation of stakeholders; Conducting sense-making activities; Measuring benefits realization. 6. Communicating the change. Managers should give sufficient attention to communication and other issues, such as: establishing different goals and priorities; trust; motivation and commitment; support for those who will be affected by the change. 7. Learning from the experience helps people s modify their behavior in order to improve performances. Page 9
10 Change, Risk and Project Management Change management is interconnected with Risk management: Innovation requires risks so every change strategy comes with its own levels of risk; changes can be made less risky if they are adequately reviewed, assessed, and coordinated adopting a proper risk management process. The relationship between Risk and Change management is characterized as having circular nature: RM is a part of the wider cycle of CM as well as CM is a component of the RM s cycle. Risk Management identifies criticalities in changing processes and plans fitting response activities to minimize risk of failure both during and post implementation phases. Starting point Risk Management Process risk/criticality detection Response action planning = CHANGE PLANNING Change Management acts as a subsystem of Risk Management; the actions aiming at reducing the likelihood of incoming risky events are themselves changes. Change Management Change impact assessment Change risk reduction («understanding and controlling the exposure to hazards») Criticality reduction/ elimination Organization improvement (next point) Project management aligns the organization s components through the implementation of: Portfolio management that optimizes, oversees and selects concurrent organizational initiatives and Program management that defines a set of expected benefits and their transition into the business. Page 10
11 Risk Definitions and Standards Risk is the effect of uncertainty on objectives, where an effect is a deviation from what is expected (positive and/or negative), often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence. [AS/NZS 4360:1999, ISO 31000:2009, ISO Guide 73:2009, definition 1.1, COSO ERM IF/IC 2004]. Among the others (more than 60!), main used standards are: COSO Model 2004/2013 that defines Enterprise Risk Management... a process effected by an entity s board of directors and management, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. The Co.SO. Model is a multidimensional standard upon which a Risk Management system stands. It develops along three sides of the cube: 1) Objectives; 2) Organization; 3) Process ISO 31000:2009: Risk Management Principles and Guidelines ISO/IEC 31010:2009: Risk assessment techniques ISO TR 31004:2013: Guidance for the implementation of ISO 31000:2009 AS/NZS4360:2004: Australia/New Zealand Risk Management Standard Page 11
12 Risk Complexity Risk Profile is the set of risks that could affect all or part of an organization. It results from a comprehensive process that: concerns risk information from several sources; reflects recommendations from managers; envisages a risk questionnaire, revised guidelines, clearer definitions of risk sources and communication strategy. Risk Profile takes into account: Risk Appetite, which could be expressed either qualitatively or quantitatively, maybe in terms of ranges, and explored going through the impacts of past events and the reactions of key stakeholders (customers, employees, regulators,..). Risk Attitude. (Existing Risk Profile). If an organization is particularly effective in managing certain types of risks, it may be willing to take on more risk in that category, conversely, it may not have any appetite in that area. Risk Acceptance, which refers to the maximum potential impact of a risk event that an organization could withstand. Often, appetite will be well below acceptance. Risk Perception, which describes how people perceive risks according to their values and interests Risk Tolerance, which is the level of variation that the entity is willing to accept around specific objectives. Risk Retention considers stakeholders conservative return expectations and a very low appetite for risk-taking. Page 12
13 Risk perception analysis in ISTAT ISTAT launched a survey on risk perception involving Top and Executive Managers, carried out trough a questionnaire: composed of about 70 questions and divided into four sections: 1. Internal control environment and organizational culture; 2. Objectives of the organization and Risk Management; 3. Identification and classification of risk factors; 4. "Cataloging" risks investigating four dimensions: I. the risk perception compared to the activities of each manager; II. the risk perception in the Institute as a whole; III. the maturity of the control environment in the structure leaded by each manager; IV. the maturity of the control environment in the Institute as a whole Page 13
14 The Risk Management System ISO 31000:2009 According to the ISO 31000:2009, Risk Management refers to the architecture used to manage risks. This architecture includes Principles, Framework, and Process. Page 14
15 Top-down and Bottom-up approaches Three different approaches can be followed in managing risks: A. Top-Down-approach: the decision making process is centralized at a government body-level. This approach can put in place in 2 ways: a) Full top-down: the business units risks are listed at department level so heads of units cannot add risks themselves; b) Prevailing top-down: the corporate risk register comes from a detailed operational risk register. B. Bottom-Up approach: the decision making process is located at management level. Operational risks are identified by any staff member while performing his/her daily work, in order to encourage the staff to be more active in defining non-conformities. C. Mixed approach: the board entity states the criteria (top-down) by which the heads of unit identify and manage risks (bottom-up). Risks may be viewed and assessed at any level of the organization. The selected RM approach impacts on the Hierarchy of Risks. Page 15
16 Risk Hierarchy The hierarchy of risks is related to the different levels of risks: 1. Enterprise Risks, strategic and significantly impacting on the organization. Management them is crucial for the long term viability. They are assessed and treated by the Executive Managers, responsible for monitoring their implementation. Examples are: Regulatory and compliance risks, global financial shocks, aging consumers and workforce, emerging markets. 2. Operational Risks, impacting on a program's objectives and/or outcomes; they are assessed and managed by the line managers. In considering them, they should take into account the enterprise ones. Examples are: Inappropriate skills mix; resources reduced due to budget cuts; outputs not delivered on time; poor quality outputs. 3. Project Risks, impacting on the project objectives and outcomes. They are managed by the project risk manager and where appropriate will be addressed as part of the Project Management Framework. Examples are: Project scope poorly defined; Resources not available when required; Quality requirements not clearly specified. Page 16
17 Roles and Accountabilities 1) All staff are responsible for an effective management of risks including identification of any potential risks; 2) Risk management is driven by the organizational units; 3) An Office is dedicated to the coordination of the management process and risk analysis, "impartial" with respect to other structures, supporting the highest level of decision making; 4) The Risk Manager is responsible for: collaborating with Top Management both in identifying high risk areas related to strategic and business processes and in planning treatments to mitigate corporate risks; 5) The Risk Committee defines the Risk Management policy; it is coordinated by the Risk Manager and composed by the top managers operating in the most risky areas; 6) Chief Statisticians and Governing body define the strategies based on the information coming from the RM System; 7) The Internal Auditing is responsible for reporting to the Governance on the adequacy of the RM process and the compliance of the mitigating actions. Page 17
18 Risk Management Framework Integrated with Quality of Statistics Statistical risks are events that potentially could impact on production processes and/or integrity and quality of statistical data. Ex. statistics that are not considered by users as fit for purpose which includes, but is not limited to, time series that are not coherent (Planned changes to systems, processes, methods, data & resources availability or quality). At operational level, statistical risks can be identified separately by Risk Management and then integrated into the Quality management framework because of their close connection: a) Quality management assesses if the original requirements (ISO 9001:2015) are met or corrective actions need to be implemented; b) Risk management identifies threats that can effect Quality objectives. The Australian Bureau of Statistics (ABS) has instigated better quality management practices by the risk management strategy to mitigate the Statistical Risk that one or more of the statistical process components fail to meet the quality standard expected or the data integrity requirement. This strategy is based on the risk assessment through the quality gates composed of: Placement, Roles, Actions, Evaluation, Tolerance, Quality Measures (ex. frame size, n. units, units rotated in/out of a sample). The RM integrated approach has been developed as a part of the Internal Control Framework which comprises different kind of risks (Strategic, Statistical, Change, Operational & Compliance, Financial, Work Health & Safety) associated with Statistical Risk Appetite. Page 18
19 ISTAT s Risk Management System: From the project to the process Project launched Analysis and comparison of practices and models Identification of appropriate approach Establishing ISTAT s RM model Approach trial Pilot and rollout of risk management approach RM training and dissemination Experimental phase Creation of a risk registers Risk assessment RM training and dissemination Experimental phase Revision of a risk registers Identification of risk treatments RM training and dissemination Full implementation Integration w/ operational planning Risk treatments monitoring Information System start up The project developed following some parallel but related paths: Developments From the bottom-up to the top-down vision Adapting model to Risk of Corruption Cooperation in International projects Dissemination 1. Organization: Both the President and the Directorate general endorsed and sponsored the project. A business unit was involved in implementing and coordinating risk management system 2. Training and dissemination program in order to improve management culture and promote a common language and understanding throughout the organization 3. All Risk Management process has been implemented 4. Information System has been developed to support the process 5. Change of perspective: Bottom-up/Top-down mixed approach Page 19
20 ISTAT s Risk Management - Bottom-up & Top-Down approaches From 2015 on, the previous bottom-up approach is being integrated with a top-down one in order to enhance quality and significance of the information contained in the registers. Organizational risks are identified by accountable managers and then gathered in strategic categories (corporate risks), in order to be assessed, treated and monitored. Corporate risk selection considers: Ability to monitor a risk treatments through specific indicators; Organizational sustainability; Quality of the Cross-cutting risk treatments; Belonging to priority intervention areas. The risks were assessed by the same personnel who identified them with the C&RSA method to measure likelihood (occurrences in the last 12 months) and impact a) Organization (delay, extra workload); b) Reputation, c) Higher costs. According with the Top-Down perspective, risks have been dramatically decreased from 359 events of the experimental phase, to 111 in 2015; about 18% are "Corporate". Also the Risk treatments have been reduced, from 450 (2013) to 128 measures (2015); about 19% are associated with Corporate risks, monitored by proper output and performance indicators. Page 20
21 Risk Management Institutional Activities: ESS 2020 Vision In 2015, the Committee for the European Statistical System implemented the strategic directions ESS Vision 2020 to redesign by 2020 the statistical production methods through a system based on the use of new data sources, standardized methods for the statistical production process, interoperability and reuse of data and tools. According to this Vision: Risk identification, analysis and management help NSIs anticipate and remove the obstacles that may prevent the achievement of the strategic objectives. Three levels of risks associated with the ESS Vision 2020 have been identified: 1. Risks associated with implementation of the ESS Vision 2020 whose common strategic undertaking requires: capability; financial information; ownership and commitment; communication within the system and with the stakeholders. 2. Portfolio management risks, associated with the projects portfolio as a whole. 3. Project related risks identified in implementing the ESS projects portfolio. These refer to the specific "business" or "infrastructural" categories of the ESS Vision. 1. Lack of common understanding on the strategic aims 4. Lack of coherence among national and ESS modernization programmes 5. Different maturity of national statistical systems regarding the ESS aims 6. Underestimation of the role of communication in implementing ESS Wrong identification of dependencies among projects in the portfolio 15. Affordability of the portfolio 16. Lack of timely availability of skills and human resources 19. Different legislative systems/lack of common EU legislation 20. Lack of a precise cost-benefit assessment 21. Improper project management Page 21
22 UNECE s project for developing Risk Management practices among NSOs Template Dec 14 Benchmark analysis May 15 Tuning practices Nov 15 Guidelines Apr 16
23 From the Surveys towards the Guidelines In 2015 survey has been carried out to analyze to what extent Risk management systems are adopted among NSOs and international organizations members of UNECE in order to define criteria for identifying best practices. The main points highlighted by the data analysis were: - corporate risks lower than operational ones; - the occorrrunces of corporate risks varies depending on the risk policy (top-down vs bottom-up approach) - statistical risks are the majority, followed by organizational risks - other risks related to: financial, ITC, reputational, security 13 countries were selected as the most interesting practices for an in-depth analysis according to some Items representing consistent sets of significant features for analysis and Parameters to allocate the countries among the Low-Medium-High levels. The analysis has allowed the identification of the Risk Management practice most suitable to the NSOs that is described in the Guidelines. Page 23
24 Thank you for your attention!!! Fabrizio ROTUNDI Page 24
CGEIT Certification Job Practice
CGEIT Certification Job Practice Job Practice A job practice serves as the basis for the exam and the experience requirements to earn the CGEIT certification. This job practice consists of task and knowledge
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices
INTERNATIONAL STANDARD ISO 31000 First edition 2009-11-15 Risk management Principles and guidelines Management du risque Principes et lignes directrices http://mahdi.hashemitabar.com Reference number ISO
More informationStrategy Analysis. Chapter Study Group Learning Materials
Chapter Study Group Learning Materials 2015, International Institute of Business Analysis (IIBA ). Permission is granted to IIBA Chapters to use and modify this content to support chapter activities. All
More informationEnterprise Risk Management Demystified
Enterprise Risk Management Demystified Charles W. Soucy, CPCU, CLU, ARM Joe C. Underwood, CPCU, ARM, AIC October 27, 2010 Agenda 1. What is it? A formal definition of ERM How it s different 2. Why do it?
More informationEnterprise Risk Management: Developing a Model for Organizational Success. White Paper
Enterprise Risk Management: Developing a Model for Organizational Success White Paper January 2009 Overview Less than a decade ago, Enterprise Risk Management (ERM) was an unfamiliar concept. Today, the
More informationStrengthening Your Enterprise Risk Management Process
Strengthening Your Enterprise Risk Management Process Belinda Mumma, Senior Consultant, Enterprise Risk Management Services bmumma@sollievo.com (866) 605-5664 x3400 Discussion Topics Definition of Enterprise
More informationInternal Audit of ICT Governance in WFP. Office of the Inspector General Internal Audit Report AR/15/11
Fighting Hunger Worldwide Internal Audit of ICT Governance in WFP Office of the Inspector General Internal Audit Report AR/15/11 Contents Page I. Executive summary 3 II. Context and scope 5 III. Results
More informationRisk Management Policy
9 Spokes International Limited Risk Management Policy Last Updated: May 2016 9 Spokes International Limited Risk Management Policy 1 Contents 1 Introduction... 3 2 Purpose... 3 3 Scope... 3 4 General roles
More informationCharter for Enterprise Risk Management
for Enterprise Risk Management Prepared by: Shannon Sinclair Version: 1.2 Document Id: Date: Release Date TABLE OF CONTENTS TABLE OF CONTENTS... i 1. Background... 1 2. Objectives... 1 3. Scope... 2 3.1
More informationAUDITING. Auditing PAGE 1
AUDITING Auditing 1. Professionalism The International Professional Practices Framework (IPPF) is the conceptual framework that organizes authoritative guidance promulgated by The Institute of Internal
More informationQuality Assessments of Statistical Production Processes in Eurostat Pierre Ecochard and Małgorzata Szczęsna, Eurostat
Quality Assessments of Statistical Production Processes in Eurostat Pierre Ecochard and Małgorzata Szczęsna, Eurostat Since 1994, Eurostat has developed its own approach for the measurement of the quality
More informationEducation Quality Development for Excellence Performance with Higher Education by Using COBIT 5
Education Quality Development for Excellence Performance with Higher Education by Using COBIT 5 Kemkanit Sanyanunthana Abstract The purpose of this research is to study the management system of information
More informationMcKinsey BPR Approach
McKinsey BPR Approach Kai A. Simon Viktora Institute 1General aspects Also McKinsey uses a set of basic guiding principles, or prerequisites, which must be satisfied in order to achieve reengineering success.
More informationISACA. The recognized global leader in IT governance, control, security and assurance
ISACA The recognized global leader in IT governance, control, security and assurance High-level session overview 1. CRISC background information 2. Part I The Big Picture CRISC Background information About
More informationENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA
ENTERPRISE RISK MANAGEMENT THE KEY TO BUSINESS SUCCESS By Phil Griffiths FCA Chapter 1 Fundamentals of Enterprise Risk Management Risk management has become a vital ingredient in the entrepreneurial culture
More informationMapping ISO/IEC 27001:2005 -> ISO/IEC 27001:2013
Mapping ISO/IEC 27001:2005 -> ISO/IEC 27001:2013 Carlos Bachmaier http://excelente.tk/ - 20140218 2005 2013 In 2005 0 Introduction 0 Process approach PDCA In 2013 0 No explicit process approach ISMS part
More informationFrom Dictionary.com. Risk: Exposure to the chance of injury or loss; a hazard or dangerous chance
Sharon Hale and John Argodale May 28, 2015 2 From Dictionary.com Enterprise: A project undertaken or to be undertaken, especially one that is important or difficult or that requires boldness or energy
More informationCitizens Property Insurance Corporation Business Continuity Framework
Citizens Property Insurance Corporation Framework Dated September 2015 Approvals: Risk Committee: September 17, 2015 (via email) Adopted by the Audit Committee: Page 1 of 12 Table of Contents 1 INTRODUCTION...
More informationFraud Risk Management
Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization follow a specific risk management model? If so, which
More informationThe Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector
The Sector Skills Council for the Financial Services Industry National Occupational Standards Risk Management for the Financial Sector Final version approved April 2009 IMPORTANT NOTES These National Occupational
More informationA Risk Practitioners Guide to ISO 31000: 2018
A Risk Practitioners Guide to ISO 31000: 2018 Review of the 2018 version of the ISO 31000 risk management guidelines and commentary on the use of this standard by risk professionals 1 A Risk Practitioners
More informationRisk Management Update ISO Overview and Implications for Managers
Contents - ISO 31000 highlights 1 - Changes to key terms and definitions 2 - Aligning key components of the risk management framework 3 - The risk management process 4 - The principles of risk management
More informationA Vision of an ISO Compliant Company by Bruce Hawkins, MRG, Inc.
A Vision of an ISO 55000 Compliant Company by Bruce Hawkins, MRG, Inc. ISO 55000 refers to a series of three standards outlining the purpose, requirements, and implementation guidance for an Asset Management
More informationSolvency II and Risk Management: Generali Group approach. Stefano Ferri Group Chief Risk Officer Generali Group
Solvency II and Risk Management: approach Stefano Ferri Group Chief Risk Officer CETIF Milan, May 23 rd 2012 Strengthening of the Risk Management System in light of Solvency II 2 SOLVENCY II Solvency (Technical
More informationPassit4Sure.OG Questions. TOGAF 9 Combined Part 1 and Part 2
Passit4Sure.OG0-093.221Questions Number: OG0-093 Passing Score: 800 Time Limit: 120 min File Version: 7.1 TOGAF 9 Combined Part 1 and Part 2 One of the great thing about pass4sure is that is saves our
More informationISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE
Version 1b: September 5, 2009 ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE Draft Version 1b: September 5, 2009 Abstract A comprehensive management systems approach to prevent,
More informationCHAPTER 1 Introduction
CHAPTER 1 Introduction The Standard for Program Management provides guidelines for managing programs within an organization. It defines program management and related concepts, describes the program management
More informationContents. viii. List of figures. List of tables. OGC s foreword. 6 Organizing for Service Transition 177. Chief Architect s foreword.
iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 ix xi xii 1.1 Overview 3 1.2 Context 3 1.3 Goal and scope of Transition
More informationBusiness Context of ISO conform Internal Financial Control Assessment
Business Context of ISO 15504 conform Internal Financial Control Assessment By János Ivanyos, Memolux Ltd. (H), IIA Hungary Introduction In this paper the business context of the ISO/IEC 15504 [1] conformant
More informationChanges Reviewed by Date. JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology: Issa Laty. CIO, Jordan- Mohammad Aburoub
Governance and Management of Information and Related Technologies Guide 2017 Revision History Changes Reviewed by Date Version Author JO Technology Manager - Samer Huwwari JO Manager, Risk & Control Technology:
More informationERM: Risk Maps and Registers. Performing an ISO Risk Assessment
ERM: Risk Maps and Registers Performing an ISO 31000 Risk Assessment Agenda Following a Standard? Framework First Performing a Risk Assessment Assigning Risk Ownership Data Management Questions? Following
More informationAIMing to Change the Way We Change: Building Change Agent Capacity at Victoria University
AIMing to Change the Way We Change: Building Change Agent Capacity at Victoria University Paul Lefebvre Vice-President People and Culture Sarah Wood General Manager People and Organisational Development
More informationDesigning Infrastructure Management for the New Era of IT
Designing Infrastructure Management for the New Era of IT May 2014 To meet the changing needs of IT at Microsoft, the infrastructure management function underwent a service model redesign that shifted
More informationISO whitepaper, January Inspiring Business Confidence.
Inspiring Business Confidence. ISO 31000 whitepaper, January 2015 Author: Graeme Parker enquiries@parkersolutionsgroup.co.uk www.parkersolutionsgroup.co.uk ISO 31000 is an International Standard for Risk
More informationA Risk Management Framework for the CGIAR System
Agenda Item 10 For Decision Issued: 25 October 2017 A Risk Management Framework for the CGIAR System Purpose Building on core principles presented at SC4 for early input, this paper summarizes the main
More informationGoldSRD Audit 101 Table of Contents & Resource Listing
Au GoldSRD Audit 101 Table of Contents & Resource Listing I. IIA Standards II. GTAG I (Example Copy of the Contents of the GTAG Series) III. Example Audit Workprogram IV. Audit Test Workpaper Example V.
More informationCorporate Governance Policy
BACKGROUND Scope (Vic) Ltd. ( Scope ) was established in 1948 as The Spastic Children s Society of Victoria by a group of parents of children with cerebral palsy. It became The Spastic Society of Victoria
More informationCatching Fraud During a Recession Through Superior Internal Controls. FICPA s 25 th Annual Accounting Show. J. Stephen Nouss September 29, 2010
Catching Fraud During a Recession Through Superior Internal Controls FICPA s 25 th Annual Accounting Show J. Stephen Nouss September 29, 2010 1 Session Objectives Fraud Facts (2008 Association of Certified
More informationCFOs: The catalyst for integrating strategy, risk and finance
CFOs: The catalyst for integrating strategy, risk and finance July 2012 Australian resources companies have always had to contend with fluctuating commodity prices. However, the volatility of today s markets
More informationQuality Management Policy. University-wide Specific. Staff Only Students Only Staff and Students. Vice-Chancellor
Name of Policy Description of Policy Policy applies to Quality Management Policy The Quality Management Policy describes the University s strategic approach to quality assurance and continual improvement.
More informationCMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide
processlabs CMMI-DEV V1.3 CMMI for Development Version 1.3 Quick Reference Guide CMMI-DEV V1.3 Process Areas Alphabetically by Process Area Acronym processlabs CAR - Causal Analysis and Resolution...
More informationRisk management Principles and guidelines
AS/NZS ISO 31000:2009 Joint Australian New Zealand International Standard Risk management Principles and guidelines Superseding AS/NZS 4360:2004 AS/NZS ISO 31000:2009 AS/NZS ISO 31000:2009 This Joint Australian/New
More informationInside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali
MANAGING OPERATIONAL RISK IN THE 21 ST CENTURY White Paper Series Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali 2 In today s competitive and
More informationManaging Successful Programmes 2011 Glossary of Terms and Definitions
Version 2, November 2011 This glossary: is subject to terms and conditions agreed to by downloading the glossary, uses international English which has been adopted to reflect and facilitate the international
More informationDynamic Reallocation of Portfolio Funds
Complete Perspective. Smart Decisions. #StrategicPMO Dynamic Reallocation of Portfolio Funds Ben Chamberlain Chief Product & Marketing Officer Ben.Chamberlain@umt360.com Agenda What s wrong with traditional
More informationIntroduction - Leadership Competencies
Introduction - Leadership Competencies The leadership framework is closely linked to the Centrica values - trust, pride, challenge, support and passion for customers. The behavioural indicators for each
More informationCompetency Catalog June 2010
Competency Catalog June 2010 Leadership Competencies Leadership competencies are those generic or cross-organizational competencies that are applicable to various functions and/or posts. They focus on
More informationRequirements Analysis and Design Definition. Chapter Study Group Learning Materials
Requirements Analysis and Design Definition Chapter Study Group Learning Materials 2015, International Institute of Business Analysis (IIBA ). Permission is granted to IIBA Chapters to use and modify this
More informationUsing Employee Resource Groups to Increase Diversity
Using Employee Resource Groups to Increase Diversity What is an Employee Resource Group (ERG)? Employee Resource Groups (ERGs) can go by other names, such as affinity groups or networking groups. These
More informationAUSTRALIAN ENGINEERING COMPETENCY STANDARDS STAGE 2 - EXPERIENCED PROFESSIONAL ENGINEER IN LEADERSHIP AND MANAGEMENT
AUSTRALIAN ENGINEERING COMPETENCY STANDARDS STAGE 2 - EXPERIENCED IN LEADERSHIP AND MANAGEMENT The Stage 2 Competency Standards are the profession's expression of the knowledge and skill base, engineering
More informationISO 31000:2009 IEC/ISO 31010:2009 & ISO Guide 73:2009 International Standards for the Management of Risk
ISO 31000:2009 IEC/ISO 31010:2009 & ISO Guide 73:2009 International Standards for the Management of Risk Kevin W Knight AM CHAIRMAN UNECE GRM P 0 BOX 226, NUNDAH Qld 4012, Australia E-mail: kknight@bigpond.net.au
More informationInstitute of Internal Auditors 2018
ACHIEVING CULTURAL TRANSFORMATION EILEEN ILES PARTNER, RISK SERVICES CRYSTAL JARESKE MANAGER, RISK SERVICES APRIL 9, 2018 AGENDA Topic Culture Defined The Importance of Assessing Culture Culture Assessment
More informationISO Standards in Strengthening Organizational Resilience, Mitigating Risk & Addressing Sustainability Concerns
ISO Standards in Strengthening Organizational Resilience, Mitigating Risk & Addressing Sustainability Concerns 13 December 2016 Joe Muratore Copyright 2012 BSI. All rights reserved. Enterprise Risk Management
More informationThe Concepts: Team Management Systems
The Concepts: Team Management Systems The Concepts: Work Preferences Understanding work preferences is a critical component in developing individual, team and organizational performance. The Team Management
More informationInformation technology Security techniques Information security management systems Overview and vocabulary
INTERNATIONAL STANDARD ISO/IEC 27000 Third edition 2014-01-15 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l information Techniques
More informationGovernance SPICE. Using COSO and COBIT Process Assessment Models BPM GOSPEL
Governance SPICE Using COSO and COBIT Process Assessment Models Linking Governance to Sustainable Value Creation BPM GOSPEL (LLP-LDV-TOI-2010-HU-001) This project has been funded with support from the
More informationIT Management & Governance Tool Assess the importance and effectiveness of your core IT processes
IT & Governance Tool Assess the importance and effectiveness of your core IT processes STRATEGY& GOVERNANCE IT & Governance Framework APPS EDM01 ITRG04 DATA &BI ITRG06 IT Governance Application Portfolio
More informationTHE ENTERPRISE AND RISK MANAGEMENT POLICY
Appendix 10 THE ENTERPRISE AND RISK MANAGEMENT POLICY 1. INTRODUCTION The Manila Water Company, Inc. (Manila Water) operates in a regulated and dynamic business environment where uncertainties, both detrimental
More informationAsset Acceptance Capital Corp.
Asset Acceptance Capital Corp. A Practical Approach to Enterprise Risk Management Detroit Chapter IIA September 14, 2010 1 Presenters Jeffrey S. Bankowski, CIA, CPA, CFF Jeff is currently the Vice President
More informationAUSTRALIAN ENGINEERING COMPETENCY STANDARDS STAGE 2 - EXPERIENCED PROFESSIONAL ENGINEER
AUSTRALIAN ENGINEERING COMPETENCY STANDARDS STAGE 2 - EXPERIENCED The Stage 2 Competency Standards are the profession's expression of the knowledge and skill base, engineering application abilities, and
More informationAsset Management Policy
Asset Management Policy January 2018 Introduction Our Asset Management Policy was last published in 2014. It is being updated to reflect our commitment to regularly review and improve all of our Asset
More informationProject Management Framework
Project Management Framework Study Notes PMI, PMP, CAPM, PMBOK, PM Network and the PMI Registered Education Provider logo are registered marks of the Project Management Institute, Inc. Points to Note Please
More informationQuality and Empowerment Framework
Quality and Empowerment Framework 1 Contents Introduction... 3 Background... 5 Why is quality important?... 5 Embedding a quality culture... 6 Excellence in service delivery... 6 Satisfying people s expectations...
More informationORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL
ORGANIZED FOR BUSINESS: BUILDING A CONTEMPORARY IT OPERATING MODEL Time is running out for the traditional, monopolistic IT model now that users have so many alternatives readily available. Today s enterprises
More informationEnterprise Risk Management Handbook. June, 2010
Enterprise Risk Management Handbook June, 2010 Table of Contents Overview... 4 What is Enterprise Risk Management?... 5 Why Undertake Enterprise Risk Management?... 6 Draft UW System ERM Vision, Mission,
More informationTranslate stakeholder needs into strategy. Governance is about negotiating and deciding amongst different stakeholders value interests.
Principles Principle 1 - Meeting stakeholder needs The governing body is ultimately responsible for setting the direction of the organisation and needs to account to stakeholders specifically owners or
More informationStakeholder Management Plan <Project Name>
The following template is provided for use with the Stakeholder Management Plan deliverable. The blue text provides guidance to the author, and it should be deleted before publishing the document. This
More informationGlossary of Terms and Definitions
Glossary of Terms and Definitions OGC Glossary v06, Mar 2008 Note for readers A) This glossary may be freely downloaded. B) This glossary uses international English which has been adopted to reflect and
More informationHR Strategic Plan
UNIVERSITY OF CALIFORNIA Human Resources HR Strategic Plan 2015-2019 Vision Strategy The headline Something happens we have to fix External influence drives action Crisis management Timing: NOW Reaction
More informationFrom the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks
From the cube to the rainbow double helix: a risk practitioner s guide to the COSO ERM Frameworks Review of the 2004 and 2017 Enterprise Risk Management (ERM) frameworks published by COSO and commentary
More informationINTERNAL AUDIT CHARTER SECURE TRUST BANK PLC
INTERNAL AUDIT CHARTER SECURE TRUST BANK PLC 1 Internal Audit Charter 1. This Charter is based on the standard template for an Internal Audit Function Charter issued by the Chartered Institute of Internal
More informationPolicy and Procedures Date: November 5, 2017
Virginia Polytechnic Institute and State University No. 3350 Rev.: 8 Policy and Procedures Date: November 5, 2017 Subject: Charter for the Office of Audit, Risk, and Compliance 1. Purpose... 1 2. Policy...
More informationINTERNATIONAL STANDARD ISO Quality management systems Fundamentals and vocabulary
INTERNATIONAL STANDARD ISO 9000 Fourth edition 2015-09-15 Quality management systems Fundamentals and vocabulary Systèmes de management de la qualité Principes essentiels et vocabulaire Reference number
More informationSeptember 17, 2012 Pittsburgh ISACA Chapter
September 17, 2012 Pittsburgh ISACA Chapter What is COBIT? Control Objectives for Information and related Technologies ISACA s guidance on the enterprise governance and management of IT. Builds on more
More informationInternal Oversight Division. Internal Audit Strategy
Internal Oversight Division Internal Audit Strategy 2018-2020 Date: January 24, 2018 page 2 TABLE OF CONTENTS LIST OF ACRONYMS 3 1. BACKGROUND 4 2. PURPOSE 4 3. WIPO STRATEGIC REALIGNMENT PROGRAM 5 (A)
More informationISO 9001:2015. October 5 th, Brad Fischer.
ISO 9001:2015 October 5 th, 2017 Brad Fischer www.sdmanufacturing.com Purpose of presentation Provide a summary of notable changes from ISO 9001:2008 to ISO 9001:2015 Key perspectives ISO 9001 needs to
More informationThe Next Frontier for Internal Controls Beyond SOX 404 Keynote Luncheon Presentation
THE CONFERENCE BOARD OF CANADA S WESTERN CORPORATE GOVERNANCE FORUM 2005 Shaping Governance Controls to Fit Your Organization Calgary, Canada The Next Frontier for Internal Controls Beyond SOX 404 Keynote
More informationISO Environmental management systems Requirements with guidance for use
INTERNATIONAL STANDARD Environmental management systems Requirements with guidance for use ISO 14001 Third edition 2015-09-15 Systèmes de management environnemental Exigences et lignes directrices pour
More informationAsset management Overview, principles and terminology
INTERNATIONAL STANDARD ISO 55000 First edition 2014-01-15 Asset management Overview, principles and terminology Gestion d actifs Aperçu général, principes et terminologie Reference number ISO 55000:2014(E)
More informationAdvisory on UNESCO s Enterprise Risk Management. Internal Oversight Service Audit Section. IOS/AUD/2016/05 Original: English.
Internal Oversight Service Audit Section IOS/AUD/2016/05 Original: English Advisory on UNESCO s Enterprise Risk Management July 2016 Auditors: Sameer Pise Dawn Clemitson Christian Muco EXECUTIVE SUMMARY
More informationChange Management Training The Practitioners' Masterclass Series
The Human Side of Change "The human side is much harder than the technology side and harder than the process side. It's the overwhelming issue..." [Mike Hammer - "Re-engineering the Corporation"] TARGET
More informationFOREST INVESTMENT PROGRAM DESIGN DOCUMENT. (Prepared by the Forest Investment Program Working Group)
CIF/DMFIP.2/2 February 24, 2009 Second Design Meeting on the Forest Investment Program Washington, D.C. March 5-6, 2009 FOREST INVESTMENT PROGRAM DESIGN DOCUMENT (Prepared by the Forest Investment Program
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY Clinical Governance & Risk Management Department Warning Document uncontrolled when printed Policy Reference: RM 2.0 Date of Issue: TBC Prepared by: Risk Management Short Life Date
More informationIS&T Leadership Job Description
IS&T Leadership Job Description December 1, 2015 IT Leadership Job Description December 1, 2015 Page i Table of Contents General Characteristics... 1 Job Path... 2 Explanation of Proficiency Level Definitions...
More informationUN-HABITAT ENTERPRISE RISK MANAGEMENT IMPLEMENTATION GUIDELINES
UN-HABITAT ENTERPRISE RISK MANAGEMENT IMPLEMENTATION GUIDELINES April 2015 1 P a g e UN-Habitat ERM Implementation Guidelines April 2015 UN-HABITAT ENTERPRISE RISK MANAGEMENT IMPLEMENTATION GUIDELINES
More informationINTEGRITY MANAGEMENT CONTINUOUS IMPROVEMENT. Foundation for an Effective Safety Culture
INTEGRITY MANAGEMENT CONTINUOUS IMPROVEMENT Foundation for an Effective Safety Culture June 2011 Foundation for an Effective Safety Culture describes the key elements of organizational culture and business
More informationECQA Certified Profession. Governance SPICE Model. Internal Financial Control Assessor Training Programme
ECQA Certified Profession Governance SPICE Model used by the Internal Financial Control Assessor Training Programme Contact: János Ivanyos Memolux Ltd. +36 1 467403 ivanyos@memolux.hu www.training.ia-manager.org
More informationPRM - IT IBM Process Reference Model for IT
PRM-IT V3 Reference Library - A1 Governance and Management Sysem PRM-IT Version 3.0 April, 2008 PRM - IT IBM Process Reference Model for IT Sequencing the DNA of IT Management Copyright Notice Copyright
More informationIT Governance Overview
IT Governance Overview Contents Executive Summary... 3 What is IT Governance?... 4 Strategic Vision and IT Guiding Principles... 4 Campus-Wide IT Strategic Vision... 4 IT Guiding Principles... 4 The Scope
More informationFinal Audit Report. Follow-up Audit of Emergency Preparedness and Response. March Canada
Final Audit Report Follow-up Audit of Emergency Preparedness and Response March 2013 Canada Table of Contents Executive summary... i A - Introduction... 1 1. Background... 1 2. Audit objective... 1 3.
More informationREPORT 2015/077 INTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/077 Advisory engagement to assist the International Trade Centre in its efforts to develop a risk management framework 29 July 2015 Assignment No. VE2014/350/01 CONTENTS
More informationCMMI-SVC V1.3 CMMI for Services Version 1.3 Quick Reference Guide
processlabs CMMI-SVC V1.3 CMMI for Services Version 1.3 Quick Reference Guide CMMI-SVC V1.3 Process Areas Alphabetically by Process Area Acronym processlabs CAM - Capacity and Availability Management...
More informationMental Health & Wellbeing Strategy
Mental Health & Wellbeing Strategy October 2017 If this report has raised any concerns for you or someone you know, please contact Lifeline on 13 11 14 Energy Networks Australia publications can be downloaded
More informationAn Overview of the AWS Cloud Adoption Framework
An Overview of the AWS Cloud Adoption Framework Version 2 February 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes
More informationRepublic of Malawi ANNEX 1: PUBLIC SECTOR MANAGEMENT POLICY IMPLEMENTATION PLAN
Republic of Malawi ANNEX 1: PUBLIC SECTOR MANAGEMENT POLICY IMPLEMENTATION PLAN Policy Priority Area 1: Shared understanding of the vision, mission and functions of the public service Policy Statement
More informationINFORMATION FOR PROJECT MANAGEMENT PROFESSIONALS (PMPs)
INFORMATION FOR PROJECT MANAGEMENT PROFESSIONALS (PMPs) Pink Elephant is a global Registered Education Provider with the Project Management Institute (PMI). As such, we are able to issue Category Three
More informationInternal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017)
Internal Audit Quality Analysis Evaluation against the Standards International Standards for the Professional Practice of Internal Auditing (2017) Assessor 1: Assessor 2: Date: Date: Legend: Generally
More informationContents An Introductory Overview of ITIL Service Lifecycle: concept and overview...3 I. Service strategy...6 The 4 P's of ITIL Service
ITIL 2011 Notes Contents An Introductory Overview of ITIL 2011...3 Service Lifecycle: concept and overview...3 I. Service strategy...6 II. The 4 P's of ITIL Service Strategy...6 Key processes and activities...7
More informationEvaluation. Evaluation Document 2006, No. 1. Office GLOBAL ENVIRONMENT FACILITY. The GEF Monitoring and. Evaluation. Policy
Evaluation Office GLOBAL ENVIRONMENT FACILITY Evaluation Document 2006, No. 1 The GEF Monitoring and Evaluation Policy Global Environment Facility Evaluation Office The GEF Monitoring and Evaluation Policy
More information