SlideShare a Scribd company logo

Foundations of Risk Management - Principles and Culture

PECB
PECB

The webinar covers: • Principles of risk management as defined in ISO 31000:2009 • Elicit the factors in defining the organization's risk culture • Review the succeeding steps on implementing the risk management framework and its upfront challenges for organizations Presenter: This webinar was presented by Joshua Rey S. Albarina, Leading PECB certified ISO 31000:2009 Risk Manager in the Philippines. Currently he is the Senior Consultant for ISO programs of SAS Management. His areas of expertise are Sustainability practices (Energy and Environment), Organizational Resilience (Business Continuity, Asset and Risk Management), Business excellence (Quality and Six Sigma), IT practices (Information security and IT Governance). Link of the recorded session published on YouTube: https://youtu.be/1zQQ1_v0o4k

Education
1 of 20
Joshua Albarina Senior Consultant- Service Delivery Joshua Rey S. Albarina is a Leading PECB certified ISO 31000:2009 Risk Manager in the Philippines. Currently he is the Senior Consultant for ISO programs of SAS Management. His areas of expertise are Sustainability practices (Energy and Environment), Organizational Resilience (Business Continuity, Asset and Risk Management), Business excellence (Quality and Six Sigma), IT practices (Information security and IT Governance). . (+632) 949 3004 joshua.albarina@saservices.com.ph www.saservices.com.ph https://ph.linkedin.com/in/jralbarina www.twitter.com/sas_mngt www.facebook.com/sasmanagementinc
Foundations of Risk Management: Principles & Culture Appreciating perspectives on enterprise risk and resilience
What’s next? • The context of the organization and the in-depth understanding of a risk-oriented culture • The 11 principles of risk management- a closer look • Moving forward: shifting the culture- where to begin?
The Enterprise in a Nutshell OrganizationInput Products Services Waste Excess Controls Threats/ other uncertainties Risk management Organizational culture Character Behavior AttitudePrinciples Contingencies
ISO 31000:2009- the ERM Framework
The 11 principles of risk management Principle 1: Risk Management creates and protects value Ensuring business are realized… the way it is planned.
The 11 principles of risk management Principle 2: Risk Management is an integral part of all organizational processes Each has a role to perform, but carefully done- to make that right sound.
The 11 principles of risk management Principle 3: Risk Management is part of decision making One choice can make a difference- either make or break.
The 11 principles of risk management Principle 4: Risk Management explicitly addresses uncertainty Knowing what’s next- with a degree of certainty.
The 11 principles of risk management Principle 5: Risk Management is systematic, structured and timely With order comes certainty… and reliability.
The 11 principles of risk management Principle 6: Risk Management is based on the best available information Sound information, sound decisions, predictable results.
The 11 principles of risk management Principle 7: Risk Management is tailored One program, one design, one owner.
The 11 principles of risk management Principle 8: Risk Management takes human and cultural factors into account It takes people to move things together.
The 11 principles of risk management Principle 9: Risk Management is transparent and inclusive Greater transparency, more accountability
The 11 principles of risk management Principle 10: Risk Management is dynamic, iterative and response to change Adapt, then adopt.
The 11 principles of risk management Principle 11: Risk Management facilitates continual improvement of the organization Defining effective resilience in a changing context.
Moving forward • Principles are both guides and enablers • Shifting cultures require two-way communication across all management levels and in both contexts • Starting the whole process begins at the top
Some principles governing culture change Abraham Maslow: Hierarchy of Needs • A popular theory on human motivation • suggests that the most basic level of needs must be met before the individual will strongly desire the higher needs • mostly explains our priorities
? QUESTIONS THANK YOU (+632) 949 3004 joshua.albarina@saservices.com.ph www.saservices.com.ph https://ph.linkedin.com/in/jralbarina www.twitter.com/sas_mngt www.facebook.com/sasmanagementinc

Recommended

Presentation manage risk
Presentation manage riskPresentation manage risk
Presentation manage riskMichael Curtis
 
Project risk management principles
Project risk management principlesProject risk management principles
Project risk management principlesalexgr89
 
Principles Of Risk Management
Principles Of Risk ManagementPrinciples Of Risk Management
Principles Of Risk Managementtcarole
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?Lars Neupart
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
 
Risk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesRisk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesILRI
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 

Recommended

Presentation manage risk
Presentation manage riskPresentation manage risk
Presentation manage riskMichael Curtis
 
Project risk management principles
Project risk management principlesProject risk management principles
Project risk management principlesalexgr89
 
Principles Of Risk Management
Principles Of Risk ManagementPrinciples Of Risk Management
Principles Of Risk Managementtcarole
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?How Does the New ISO 27001 Impact Your IT Risk Management Processes?
How Does the New ISO 27001 Impact Your IT Risk Management Processes?Lars Neupart
 
PECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB Webinar: Enterprise Risk Management with ISO 27001 perspective
PECB Webinar: Enterprise Risk Management with ISO 27001 perspectivePECB
 
Risk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesRisk management: Principles, methodologies and techniques
Risk management: Principles, methodologies and techniquesILRI
 
Strategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightStrategic Risk Management as a CFO: Getting Risk Management Right
Strategic Risk Management as a CFO: Getting Risk Management RightProformative, Inc.
 
Risk Management
Risk ManagementRisk Management
Risk ManagementDOU End Muh Sunum
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Risk assessment techniques a critical success factor
Risk assessment techniques a critical success factorRisk assessment techniques a critical success factor
Risk assessment techniques a critical success factorPECB
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementrejoysirvel
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 
ISO 31000
ISO 31000ISO 31000
ISO 31000yeganehmajidi
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 

More Related Content

Viewers also liked

Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksInternational Federation of Accountants
 
Risk assessment techniques a critical success factor
Risk assessment techniques a critical success factorRisk assessment techniques a critical success factor
Risk assessment techniques a critical success factorPECB
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementKarim Farag
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk managementrejoysirvel
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 

Viewers also liked (7)

Risk Management
Risk ManagementRisk Management
Risk Management
 
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected RisksStrategic Risk Management in the Face of Uncertainty and Unexpected Risks
Strategic Risk Management in the Face of Uncertainty and Unexpected Risks
 
Risk assessment techniques a critical success factor
Risk assessment techniques a critical success factorRisk assessment techniques a critical success factor
Risk assessment techniques a critical success factor
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
 
Strategic risk management
Strategic risk managementStrategic risk management
Strategic risk management
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009
 
ISO 31000
ISO 31000ISO 31000
ISO 31000
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Recently uploaded

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsMebane Rash
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Shubhangi Sonawane
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIShubhangi Sonawane
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxPoojaSen20
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesCeline George
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfPoh-Sun Goh
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxnegromaestrong
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxNikitaBankoti2
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 

Recently uploaded (20)

Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-IIFood Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
Food Chain and Food Web (Ecosystem) EVS, B. Pharmacy 1st Year, Sem-II
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Role Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptxRole Of Transgenic Animal In Target Validation-1.pptx
Role Of Transgenic Animal In Target Validation-1.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 

Foundations of Risk Management - Principles and Culture

  • 1.
  • 2. Joshua Albarina Senior Consultant- Service Delivery Joshua Rey S. Albarina is a Leading PECB certified ISO 31000:2009 Risk Manager in the Philippines. Currently he is the Senior Consultant for ISO programs of SAS Management. His areas of expertise are Sustainability practices (Energy and Environment), Organizational Resilience (Business Continuity, Asset and Risk Management), Business excellence (Quality and Six Sigma), IT practices (Information security and IT Governance). . (+632) 949 3004 joshua.albarina@saservices.com.ph www.saservices.com.ph https://ph.linkedin.com/in/jralbarina www.twitter.com/sas_mngt www.facebook.com/sasmanagementinc
  • 3. Foundations of Risk Management: Principles & Culture Appreciating perspectives on enterprise risk and resilience
  • 4. What’s next? • The context of the organization and the in-depth understanding of a risk-oriented culture • The 11 principles of risk management- a closer look • Moving forward: shifting the culture- where to begin?
  • 5. The Enterprise in a Nutshell OrganizationInput Products Services Waste Excess Controls Threats/ other uncertainties Risk management Organizational culture Character Behavior AttitudePrinciples Contingencies
  • 6. ISO 31000:2009- the ERM Framework
  • 7. The 11 principles of risk management Principle 1: Risk Management creates and protects value Ensuring business are realized… the way it is planned.
  • 8. The 11 principles of risk management Principle 2: Risk Management is an integral part of all organizational processes Each has a role to perform, but carefully done- to make that right sound.
  • 9. The 11 principles of risk management Principle 3: Risk Management is part of decision making One choice can make a difference- either make or break.
  • 10. The 11 principles of risk management Principle 4: Risk Management explicitly addresses uncertainty Knowing what’s next- with a degree of certainty.
  • 11. The 11 principles of risk management Principle 5: Risk Management is systematic, structured and timely With order comes certainty… and reliability.
  • 12. The 11 principles of risk management Principle 6: Risk Management is based on the best available information Sound information, sound decisions, predictable results.
  • 13. The 11 principles of risk management Principle 7: Risk Management is tailored One program, one design, one owner.
  • 14. The 11 principles of risk management Principle 8: Risk Management takes human and cultural factors into account It takes people to move things together.
  • 15. The 11 principles of risk management Principle 9: Risk Management is transparent and inclusive Greater transparency, more accountability
  • 16. The 11 principles of risk management Principle 10: Risk Management is dynamic, iterative and response to change Adapt, then adopt.
  • 17. The 11 principles of risk management Principle 11: Risk Management facilitates continual improvement of the organization Defining effective resilience in a changing context.
  • 18. Moving forward • Principles are both guides and enablers • Shifting cultures require two-way communication across all management levels and in both contexts • Starting the whole process begins at the top
  • 19. Some principles governing culture change Abraham Maslow: Hierarchy of Needs • A popular theory on human motivation • suggests that the most basic level of needs must be met before the individual will strongly desire the higher needs • mostly explains our priorities
  • 20. ? QUESTIONS THANK YOU (+632) 949 3004 joshua.albarina@saservices.com.ph www.saservices.com.ph https://ph.linkedin.com/in/jralbarina www.twitter.com/sas_mngt www.facebook.com/sasmanagementinc

Editor's Notes

  1. Lecture notes: Originally, the objectives were defined in the presentation of webinar: Have a closer look on the Principles of risk management as defined in ISO 31000:2009 Elicit the factors in defining the organization's risk culture Review the succeeding steps on implementing the risk management framework and its upfront challenges for organizations Intentionally, these are the objectives: Objective 1- answers the question of “what’s inside in an organization practicing risks in various levels and sections?” Objective 2- going into each principles and provide cases/ examples citing its reasons and relationships with other principles Objective 3- answers the question of “what makes the need to sustain the enterprise?”
  2. Presentation sequence: The gray box- typical setup of companies with controls based on industry best practices The shades-of-brown box- presents the individual’s perspective in enabling the enterprise The Principles Notes: While risk assessment methods follow a practical approach based on global frameworks (COSO, ISO 31000) across various types of risks (i.e. Strategic, Financial, Operational, Compliance), how it creates value to the organization is as dependent as to how they recognize the significance of this practice. In a similar fashion, the whole process, while ideal, is only as dependent as to how the resources are managed, preferably its people through the organizational culture. Such is influenced according to an individual’s character, based on his behavior that is dictated by his attitude. From an individual context, organization principles, when communicated properly, influences attitude, behavior, and eventually its character in which influences the organization’s culture on how the company’s strategic goals will be met. An individual’s attitude, regardless of which context, is highly influenced according to the principles he adheres, and by practice is quite an investment- one reason why companies “reasonably” consider allocating its resources to holistically develop its people. Principles (along with policies and frameworks), while it influences individuals within the organization, , it also influences the entire organization. That is why for management systems and other best practices, the principles, along with policies, dictates the direction and its approach to its implementation as much as frameworks guide the organization to effectively comply with its requirements.
  3. Notes: As principles are enablers discussed earlier in the previous slide, the tone of this discussion focuses on understanding the justifications on why enterprises needs to have a risk management adapted within the organization across all management levels. While it is understood that there are a number of frameworks to select and methodologies to develop the risk management program within the context, the guideline’s concept is meant to be simple, universal, and spontaneous to appreciate its importance, prompting enterprises to adapt the practice while adopting to the evolving economic landscape and innovation within the company’s processes and technologies. Here in this slide, which was taken from the guideline, illustrates a recommended framework on enterprise risk management in a holistic approach, regardless of which sector one comes from. The popular section of the framework occurs on the third block, which represents the risk assessment methodology of ISO 31000:2009. As per update, the guideline has commenced revision and will be subject for release on the year 2017.
  4. ISO 31000:2009, Clause 3a: Risk management contributes to the demonstrable achievement of objectives and improvement of performance in, for example, human health and safety, security, legal and regulatory compliance, public acceptance, environmental protection, product quality, project management, efficiency in operations, governance and reputation How is it possible? Let’s take the case of manufacturing companies practicing the EMS, or any environmental best practices an organization can adopt. During the planning phase, the team’s expected to identify the impacts for each environmental aspects within the given context that is subject for the establishment of the system. As per ISO’s annex SL, clause 6.1, one must identify uncertainties that can affect the program’s success, be it a positive risk, negative risk, or neutral, such as the impact of using aerosols with traces or composition of Methylene dichloride, which is a classified carcinogen, or cancer-causing agent based on recorded information from MSDS and other reliable knowledge repositories- to employees exposed to it. If the organization’s EMS is to reduce environmental impact using alternative chemicals to avoid the use, such factors like the variance of its operational costs based on the alternative chemical’s price in the market. Depending on the company’s risk thresholds based on its profile, it can affect the company’s performance to EMS as well. More importantly, in its operations.
  5. ISO 31000:2009, Clause 3b: Risk management is not a stand-alone activity that is separate from the main activities and processes of the organization. Risk management is part of the responsibilities of management and an integral part of all organizational processes, including strategic planning and all project and change management processes Analogous to the picture on the slide (each orchestra players are part of the entire symphonic sound as interpreted by the orchestra’s conductor), each departments in an organization, regardless of the scope of the company’s business goals and objectives, have a role to play. While effectively planning the tactics and activities based on the strategy, it’s also about asking “how can a department achieve the defined objectives as exact as it should be? While for most finance institutions, where risk management comes as a separate entity, the nature of its activities will encompass the enterprise, preferably in its products and services, given the cash flow’s volatile nature and its significant value to the enterprise and in overall, the economy.
  6. ISO 31000:2009, Clause 3c: Risk management helps decision makers make informed choices, prioritize actions and distinguish among alternative courses of action. A school of fish in a bowl on one side, while they share the same resource, may change situations depending on the context regardless if it is internal or external. Depending on the defined priorities, one can make a wise decision- but, how wise can it be? Managing risks, by its nature, tells a decision maker to rationalize over a given situation while relying on instinct and gut feel, which oftentimes can help, especially when it comes to sudden disruptions due to encountered threats within the enterprise. In the case of business continuity, a sound business continuity plan is as good as how risks were managed due to sized threats. The ability of an enterprise to “jump” to conclusions and decisions can affect the business, either way. However when based on risks, there is a level of confidence and predictability which in turn, benefits the enterprise in various aspects.
  7. ISO 31000:2009, Clause 3d: Risk management explicitly takes account of uncertainty, the nature of that uncertainty, and how it can be addressed Example: the case of NASA’s new horizons- answering a simple question, over a 3-billion mile distance, 26 years in the making, 10 years of travel- “What does Pluto look like?” Despite the fact that it was more of a science mission, every step was identified, analyzed, evaluated, treated, and anticipated any possible scenarios of different extents to gather scientific data that will change the course of history. When it comes to scientific data, especially for companies where metrics are the nature of their business (like testing, measurement, verification and business analytics), any form of uncertainty can be translated into scientific or mathematical guesses, or in some ways, predictable guesses, such as hypotheses or inferences, verified through a scientific method. Regardless if the approach of solving it is long or next to impossible, the method aims to determine and define the unknowns and see if the results validate one of the stated hypothesis. In a similar way, risk management explicitly addresses uncertainty, given a proper approach. As in most companies, where all activities must be managed to deliver results, it can be explicitly done through a tangible approach.
  8. ISO 31000:2009, Clause 3e: A systematic, timely and structured approach to risk management contributes to efficiency and to consistent, comparable and reliable results. With respect to other frameworks on risk management, ISO 31000 provides a level of organized approach to addressing risks and uncertainties that will benefit the organization in two ways- one is to promote a culture of continual improvement as seen in the middle block of the framework. The second one is it enables organizations an opportunity to integrate other best practices implemented within the organization through a careful understanding of the context and effectively address risk through a three-step risk assessment procedure, which is popular to many industry sectors. For example, in the case of IT service companies, where information security and service management are both key factors to ensure business value to their clients, Understanding the risks associated when implementing an information security protocol to a key IT service as defined in its portfolio will require a thorough and a systematic understanding of the impacts and consequences, which will help the management identify what actions or decisions to make to ensure service continuity while at the same time, protect the associated information assets from threats based on its vulnerabilities.
  9. ISO 31000:2009, Clause 3f: The inputs to the process of managing risk are based on information sources such as historical data, experience, stakeholder feedback, observation, forecasts and expert judgment. However, decision makers should inform themselves of, and should take into account any limitations of the data or modelling used or the possibility of divergence among experts A case in point are the stock traders, where they base their decisions on two types of analyses of information- Fundamental and technical information. To simplify the difference, a simple analogy of identifying the right candidate for the job based on his character during the interview, which is the fundamental analysis, and its work portfolio according to what was written on his CV, which provides the technical analysis of the candidate. An audit practice, known as corroboration, is a technique that balances both these analyses to provide accurate and reliable information to the interviewer as much as possible. In a large enterprise, where strategic objectives are at a high level, making sound decisions are based on data released by reliable sources, who have dedicated their years of expertise to provide their clients a level of foresight and hindsight to come up with a set of strategic goals that can be cascaded to the management to exercise the four stages of governance- planning, acquisition and establishment, execute and deliver, and checking (which can be broken down to monitoring, measuring and reviewing).
  10. ISO 31000:2009, Clause 3g: Risk management is aligned with the organization’s external and internal context and risk profile. Because of the identified context within the organization (refer back to the framework), which marks the first step of the risk assessment process, it follows that the assessment techniques, treating the defined risks, generated risk registers and the refined tactical and operational activities contributing to a riskless conformance to the business are aligned to the company’s strategy. Having said these, such solutions or even the program itself may be applicable, but not exactly the entire piece of it. As contexts are unique per organization, so are its corresponding programs, regardless of which framework they have adapted. And one reason why ISO exist is to provide organizations an idea on how a framework must be carried out, however tuned to the company’s business, creating value to its business and reputation across its neighbors.
  11. ISO 31000:2009, Clause 3h: Risk management recognizes the capabilities, perceptions and intentions of external and internal people that can facilitate or hinder achievement of the organization’s objectives The principle on focus is similar to an old custom of ours known as the community spirit, or in our language, the “Bayanihan”. This tradition is popular in the early decades, especially for newly married couples living within a community of folks with the hope of building a family. Moving a house from one community to another will require the support of everyone, carrying the small house together as a way of support. Establishing a risk management program, as well as with any business practices that are applicable to the organization, will surely require resources- People, process, and technology. Of the three, the most important resource are the people, which is why as it was mentioned earlier that an organization’s approach on risk management is as good as how the people respond to it, manifested through its culture. If we go back to the slide showing the enterprise in a nutshell, an organization’s culture is defined by its people, which is defined according to its character, that is based on his behavior to the environment, which eventually is a function of his attitude that is influenced according to the principles the man adheres to. While risk management is something that nearly everyone unconsciously do, it takes risk-oriented individuals to build a risk-oriented culture.
  12. ISO 31000:2009, Clause 3i: Appropriate and timely involvement of stakeholders and, in particular, decision makers at all levels of the organization, ensures that risk management remains relevant and up-to-date. Involvement also allows stakeholders to be properly represented and to have their views taken into account in determining risk criteria In this illustration, an iceberg floats depending on its foundation underneath and the area it covers. As the ocean water temperature rises and so is the environment, the more vulnerable the iceberg becomes. What makes the iceberg stable, though, and the focus on the discussion on this principle, is the mass underneath the floating top that creates its foundation. In a similar context, the foundation of an organization’s risk management is only as good as to how they keep everyone closely involved. Communication and consultation with stakeholders is important as they make judgements about risk based on their perceptions of risks, which can vary due to differences in values, needs, assumptions, concepts and concerns of stakeholders. As their views can have a significant impact on the decisions made, the stakeholders’ perceptions should be identified, recorded and taken into account in the decision making process.
  13. ISO 31000:2009, Clause 3j: Risk management continually senses and responds to change. As external and internal events occur, context and knowledge change, monitoring and review of the risks take place, new risks emerge, some change, and others disappear The picture depicts more of the animal’s ability to adapt to its surroundings and adopt according to the changing situations, as a way of either self-defense or offense. In a similar fashion, resiliency, flexibility to changes and iterative improvements to the system requires the organization’s ability to adapt to its surroundings and adopt according to the changing situations. An emphasis is placed on continual improvement in risk management through the setting of organizational performance goals, measurement, review and the subsequent modification of processes, systems, resources, capability and skills. This can be indicated by the existene of explicit performance goals against which both the organization and manger’s performance is measured.
  14. ISO 31000:2009, Clause 3k: Organizations should develop and implement strategies to improve their risk management maturity alongside all other aspects of their organization The last principle reminds us of a quality philosophy developed by Masaki Imai, and has revolutionized the perspective on quality to continually strive for the better, enabling a ‘good change’ within the organization. This, however, is not really far from it, as it tells basically the organization that as we are reminded that managing risks involves everyone within the organization to explicitly address uncertainty, which involves a systematic approach using the best available information in order to deliver the desired value while at the same time, establishing it as a culture to enable continual improvement.
  15. Redirect thought points to the second objective, considering the case of answering why companies need to be resilient, in which from the perspective of human survival, establishing resilience places deeper weight on addressing individual and immediate needs, while enterprise needs are addressed, particularly its company’s strategy.
  16. Between the three resources- people, process, technology, the human factor shows, across most perspectives, a bigger weight in organizational resilience. At the very end, when organizations recognize the need to be resilient, the people behind it will, when from a perspective of survival, either comply or abandon, depending on his adaptability to the principles of the organization, and more importantly, the culture from which he is in. Above all, perhaps if we take things at a deeper length, understanding the reason why risk management frameworks exist (when for one thing, it benefits the organization) is establishing resilience and sustainability for the things that will enable survival among individuals in a rapidly changing world.