Exploring Common Paths in Risk Management by Jan Mattingly


Published on

Presentation by Jan Mattingly, ISO 31004 Work Group, September 24, 2013, Chicago, Illinois

Published in: Economy & Finance, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Exploring Common Paths in Risk Management by Jan Mattingly

  1. 1. Exploring Common Paths in Risk Management  Risk Management Perspectives in ISO Standardization Experience
  2. 2. Overview    Risk Management Standards & ISO Development challenges and successes Looking Ahead: exploring shared perspectives 2
  3. 3. ISO Standards Development – An Opinion      Governance structures, directives, tools and guidance exist to support standards development There are various types of standards’ products Development process has many checks and balances to ensure country and stakeholder feedback: it ain’t perfect! All work is done by volunteers nominated by their national technical committee and endorsed by each country’s national standards bodies: discussion can be colorful, exciting and heated! Developing products takes time because of the create-feedback-review cycle: 3
  4. 4. ISO Standards & Risk Management The ISO community is very gradually moving towards harmonization in risk management expectations, terminology but progress is slow, still fragmented ◦ ◦ ◦ ◦ ISO 31010 Guide 73 ISO 22301 Etc. Within the ISO context Technical Committee 262 is seen as a natural home for risk management but it is only ONE ISO home. ISO is at the early stage of harmonization on risk management activity. 4
  5. 5. Sample Successes  Publication of ISO 31000 in 2009 – Risk Management Principles and Guidelines ◦ Globally popular ◦ Early feedback that it has helped     Update of Guide 73 – Risk Management Terminology in 2009 Technical Committee established 2012 by ISO’s Technical Management Board Liaisons established with some other ISO committees to help harmonize risk management expectations, etc. Upcoming publication of ISO 31004 – Guidance for Implementation of ISO 31000: October 2013 5
  6. 6. Challenges        Understanding who our primary audience is and is not Communicating the value of the risk management standard Streamlining standards development processes Applying good practices in engaging and monitoring stakeholders throughout development Promoting regional cooperation Varying capacities of standards bodies Risk management as a lever for innovation 6
  7. 7. Looking Ahead – Exploring Shared Perspectives 1. 2. 3. Coherent expectations: Would it be helpful to organizations to have a coherent understanding of what is expected as part of ‘good risk management practice’? Better practice in risk management: can we share and consolidate our knowledge to help organizations Roles/Responsibilities: can we help organizations with a common approach to establishing who does what? (See attached sample) 7
  8. 8. Framework Design: Clarifying Who Does What (Based on the Institute of Internal Auditors Position Paper www.theiia.org) (Sample Organization) Core internal audit roles in regard to ERM Legend Proposed Planning role Proposed ERM Leadership Roles Legitimate internal audit roles with safeguards Audit/evaluation Role Proposed Business Unit Role Roles internal audit should not undertake Risk Oversight Role Legal The adaptation and use of this graphic as a tool for ERM design and implementation is copyrighted to RiskResults Consulting Inc. 2010 © 8
  9. 9. Conclusion  We have similar challenges ◦ Value proposition of our respective auditing and risk management functions  We have a major common objective ◦ helping organizations to achieve their objectives One Road: How can we pull together, on what topics, to help organizations worldwide improve performance? 9
  10. 10. Jan Mattingly RiskResults Consulting Inc. www.riskresults.ca T/M: 613-286-6885 Email: jmattingly@riskresults.ca