ISO The Future of Risk? Finnish Risk Management Association Future of Risk Seminar September 21 th 2010

Similar documents
ISO 31000, a risk management standard for decision-makers

ISO 31000, a risk management standard for decision-makers

ISO 31000:2009 IEC/ISO 31010:2009 & ISO Guide 73:2009 International Standards for the Management of Risk

Fraud Risk Management

Risk Management and Corporate Governance in Local Government

Enterprise Risk Management And Beyond. Copyright WHA Insurance

Risk Management Update ISO Overview and Implications for Managers

This policy establishes the approach to risk management at Sunshine Coast Council (Council) and outlines the guiding principles and framework.

ERM: Risk Maps and Registers. Performing an ISO Risk Assessment

AASHTO Guide for Enterprise Risk Management: An Overview. Tim Henkel, Assistant Commissioner, Mn DOT NCHRP Project 08-93

Facing the Dragon: Data-Driven Risk Management in Small to Midsize Organizations. Sonja Streuber, PMP

Risk management Principles and guidelines

Software And Systems Engineering Risk Management

Enterprise Risk Management Course outline

A Risk Practitioners Guide to ISO 31000: 2018

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

Certificate in Enterprise Risk Management

Project risk management

Enterprise Risk Management

Risk Management Policy

ERM: Mandate & Commitment in 60 Minutes

The 10 th Annual Management Accounting Conference

RISK MANAGEMENT FRAMEWORKS: Adapt, Don t Adopt. Here s a primer on how to use two well-known approaches.

Deciding what opportunities to fund, which risks to protect. The critical role of enterprise risk management in strategic decision-making

A different approach to risk maturity a simple model

Advisory Services Governance, Risk & Compliance

Sample Corporate Risk Management Policy

Specialists in Strategic, Enterprise and Project Risk Management. Cura Webcast on ISO 31000, 10 December 2008

Sample Strategy and Value Oversight Policy

The Latest on ISO 31000: Advancing the Mission

RAISING THE STANDARD THE NEW ISO RISK MANAGEMENT STANDARD


Board Corporate Governance and Risk Committee

In this Document: EMV Payment Tokenisation Payment Account Reference (PAR) FAQ EMV Payment Tokenisation Technical FAQ

Enterprise Risk Management Demystified

REPORT ON CONFERENCE OUTCOMES

Partnership working across UK Public Services. Dr Ailsa Cook, Outcome Focus

Risk Management 23RD SESSION OF THE STANDING COMMITTEE ON PROGRAMMES AND FINANCE AGENDA ITEM 7

Mapping Your Success Staying Current on Standards Under the EU Approach

CONCEPTUAL ENTERPRISE RISK MANAGEMENT IMPLEMENTATION MODEL AND PROPOSED ENTERPRISE RISK MANAGEMENT IMPLEMENTATION ASSESSMENT TOOL

B U S I N E S S R I S K M A N A G E M E N T L T D

AS/NZS ISO and AS/NZS ISO Management systems for records. Presented by Judith Ellis

ISO 31000:2009 PRINCIPLESAND GUIDELINESCHECKLIST

Elicit the Requirements

AIIM ERM Certificate Programme

ANALYSIS OF INTERNATIONAL RISK MANAGEMENT STANDARDS (ADVANTAGES AND DISADVANTAGES)

Concept of Risk Management in Medical Equipment Application of ISO in IEC rd Edition

Life Cycle Assessment A product-oriented method for sustainability analysis. UNEP LCA Training Kit Module f Interpretation 1

BUYER S GUIDE EVENTS MANAGEMENT

CGEIT Certification Job Practice

ISO 31000:2009(E):Risk Management Principles and Guidelines

ISO whitepaper, January Inspiring Business Confidence.

Questions a Board may ask to understand how an organisation controls its risks

Review of internal dispute resolution processes under the Retirement Villages Act Options paper

Risk Management Strategy EEA & Norway Grants

The new International Standard ISO 17034: general requirements for the competence of reference material producers

Do we speak the same language? EuroSPI2017_WS8. EuroSPI_2017_Ostrava

Texas Tech University System

HOW TO BRING YOUR ERM FRAMEWORK INTO LINE WITH ISO

Orange Knowledge Institutional Collaboration Projects

Comments from US ISO TAG

RISK MANAGEMENT FRAMEWORK OF THE CGIAR SYSTEM

Managing your risk, creating value: The role of Internal Audit and emerging technologies

ISO/DIS 9001:2014 Analysis and Transition Guide

CEF. Cumulative Effects Framework. Interim Policy. for the Natural Resource Sector. October Cumulative Effects Framework

NOTICE. Re: Guidance Document GD211: Guidance on the Content of Quality Management System audit reports

IT and Security Governance. Jacqueline Johnson

BEGINNERS GUIDE TO ISO 9001 : 2000

Risk and safety assessment - Good practices for risk assessment for major projects

ORBIT GROUP BUSINESS PLAN

An initial meeting was held on 17 March 2016 to present a roadmap for the process of informal consultations.

Guidelines for the assessment of the appropriateness of small interlaboratory comparisons within the process of laboratory accreditation

Executive Certificate in NGO Management in Nigeria A Training Programme for NGO Leaders and Managers

Transition plan for Global Certification Pty Ltd ISO Bruce Smith

Risk Based Thinking & QMS Risk Management as per ISO

ISO Risk Management Principles and Guidance

Tailor-made Trainings for the Commodity Industry

Agenda Item 11.1: Advice on REDD+

Legal Project Management (LPM)

ENHANCED BLACK CARBON AND METHANE EMISSIONS REDUCTIONS AN ARCTIC COUNCIL FRAMEWORK FOR ACTION

The Boardroom DEVELOPING SALES LEADERS.

It s the Keele difference.

The 10-Day Advanced Project Economics & Performance Management for Oil & Gas Professionals

Deltek Acumen 7/15/16. Learning Objectives. Introduction to Project Risk Analysis. Planning, Risk, Acceleration. The 5 steps. Worked examples Q&A

The 10-Day Advanced Project Economics & Performance Management for Oil & Gas Professionals

Identify Risks. 3. Emergent Identification: There should be provision to identify risks at any time during the project.

Are you prepared for this Challenge? The new COSO Enterprise Risk Management Framework

Design. Jan Steinmetz 1 Chuck Bennett Dorthe Døjbak Håkonsson

Note by the Consultative Group of Experts on National Communications from Parties not included in Annex I to the Convention

NOTES ON HAZARD IDENTIFICATION AND RISK ASSESSMENT (HIRA) PROCESSES

CAPABILITY SPECIALIST

WHATS NEW IN ISO 9001:2015

Enterprise Risk Management Integrated with Strategy & Performance

Why ISO 14001:2015? Awareness Presentation

MANAGEMENT RESPONSE TO THE SEMI-ANNUAL EVALUATION REPORT OF

REPORT 2015/077 INTERNAL AUDIT DIVISION

Key Takeaways. Course Requirements. Delegates must meet the following criteria to be eligible for certificate of completion:

THE HIGH COST OF ERM HERD MENTALITY :

CAPACITY DEVELOPMENT ACTION PLAN

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

Transcription:

ISO 31 000 The Future of Risk? Finnish Risk Management Association Future of Risk Seminar September 21 th 2010 Agenda 1 The Changing Landscape of Risk Management 2 A Brief Introduction to the New International Standard for Risk Management, ISO 31 000 3 Lessons Learned sid 1

THE CHANGING LANDSCAPE OF RISK MANAGEMENT 3 Increased Importance of Effective Risk Management in an Ever Changing World Increasing pace of change, conflicting priorities and performance pressure driving the exposure to a broader set of risks Demand from stakeholders to demonstrate robust approaches to manage risks Management demanding Risk Management functions to bring true value to the business Increasing demand for effective and efficient Risk Management and Internal Control work sid 2

ISO 31 000 - A BRIEF INTRODUCTION 5 ISO 31 000:2009 The New International Standard for Risk Management Published in 2009 Four years of consultation between risk and standards experts in 30 countries Provides principles and generic guidelines on risk management Not specific to any industry or sector Can be applied to any type of risk Is intended to harmonize risk management processes in existing and future standards Is not intended for certification 6 sid 3

Substandards to ISO 31 000:2009 ISO 31000 is complemented by: ISO Guide 73:2009 Risk Management Vocabulary is a more detailed vocabulary to clarify the taxanomyof ISO 31000 ISO/IEC 31010 Risk Management Risk Assessment Techniques describes tools in detail, such as Monte Carlo Simulation and Event Tree Analysis ISO Guide 73:2009 ISO 31 000 ISO/IEC 31 010 7 Risk Definition in ISO 31 000:2009 Risk is the effect of uncertainty on objectives ISO 31 000: RISK COSO ERM: EVENTS Danger Opportunity Risk Opportunity 8 sid 4

The Anatomy of ISO 31 000:2009: Principles, Framework and Process a) Creates value b) Integral part of organisational processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic, structured and timely f) Based on the best available information g) Tailored h) Takes human and cultural values into account i) Transparent and inclusive j) Dynamic, iterative and responsive to change k) Facilitates continual improvement and enhancement of the organisation Principles (clause 1) Continual improvement of the framework (4.6) Mandate and committment (4.2) Design of framework for managing risk (4.3) Monitoring and reviewof the framework (4.5) Framework(clause4) Implementing risk management (4.4) Communication and consultation (5.2) Establishing the context (5.3) Risk assessment (5.4) Risk identification (5.4) Risk analysis (5.4.3) Risk evaluation(5.4.4) Risk treatment (5.5) Process (clause5) Monitoring and review (5.6) 9 Framework, clause 4 Continual Improvement of the framework (4.6) Mandate and committment (4.2) Design of framework for managing risk (4.3) Monitoring and reviewof the framework (4.5) Implementing risk management (4.4) Mandate and committment Monitor usage of the framework Review framework appropriatenessand effectiveness Continualimprovement Support and coach implementationand execution Framework(clause4) 10 sid 5

Process, clause 5 Communication and consultation (5.2) Establishing the context (5.3) Risk assessment (5.4) Risk identification (5.4) Risk analysis (5.4.3) Risk evaluation(5.4.4) Risk treatment (5.5) Monitoring and review (5.6) Begin with contextand objectives top down approach Includemonitoringand reviewin everystage Includecommunicationand consultationin everystage Classical risk assessment, supported by ISO/IEC 31010 Keep Black Swans in mind Process (clause5) 11 ISO 31 000:2009 vs COSO ERM: Pros and Cons Distinguishes and clarifies ERM and ICM Broadly applicable Hands-on advice Process-oriented Strategic risk communication High-level system harmonisation Certification ISO 31 000:2009 COSO ERM?? x x?? 12 sid 6

Risk Management Standards Will They Make It Happen? Scenario A: ISO 31 000 takes over the risk management standards market step by step Most likely for relationship with e g JIS Q 2001, CAN/CSA Q850, IRMSA Codeof Practice Scenario B: ISO 31 000 becomesa meta-standard to whichother standards and frameworksare harmonised Most likely for relationship with e g AS/NZS 4360 and ONR 49000 Scenario C: ISO 31 000 is one alternative among many other standards Most likely for relationship to e g COSO ERM and British RM Standards Source: Dr Erben 2008 13 LESSONS LEARNED 14 sid 7

Success Factors and Pitfalls from Real Life Set clearprinciplesand guidelines Ensure you have a well-defined and throughly anchored purpose and goal what parts of the standard do we want to use and to what end? Be clear of your ambition See the requirements in ISO 31 000 as long term objectives Clarifyyour scope Adapt the use of the standard to your organisation ask experts for alternative approaches ifyou need to Taxonomy the glueof risk management Make an inventory of your current taxonomy and use this as a basis for a consistency analysis adapt the risk language to your organisation s culture Make sure your frameworkis effective Allocate a majority of the effforts to putting a solid framework in place: >30% during planning and >80% during implementation 15 Thank you! sid 8

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback