SlideShare a Scribd company logo

Risk management

Centauri Business Group Inc.
Centauri Business Group Inc.

Overview of ISO Risk management standards. Questions and answers

BusinessTechnologyEconomy & Finance
1 of 5
Download to read offline
Supporting the work of Quality Professionals ™ www.c-bg.com info@c-bg.com Centauri Business Group Inc. 2008-2013 1 Risk management At the end of 2009, the International Organization for Standardization (ISO) issued a new set of principles and guidelines that should benefit all organizations confronting the always problematic challenges of managing risk: Title/Link Date of Issue ISO 31000:2009 Risk management - Principles and guidelines Nov 13, 2009 ISO Guide 73:2009 Risk management - Vocabulary Nov 13, 2009 ISO/IEC 31010:2009 Risk management - Risk assessment techniques Dec 1, 2009 Standard ISO 31000 provides principles and generic guidelines on risk management and is not intended for the purpose of certification. ISO/IEC 31010:2009 describes more than thirty tools to use for risk assessment and explains their application. The ISO Guide 73:2009 contains risk management terminology and definitions. These three standards can be applied to any type of risk, whatever its nature, by organizations of any type or by individuals. Risk, as defined by the ISO Guide 73:2009, is the impact of uncertainty on objectives. It is very important to emphasize that the impact of uncertainty can be positive as well as negative. "Not pursuing an opportunity" is also a risk. John Shortreed **, PhD, who served on the ISO technical committees for Guide 73 (Risk Management— Vocabulary, 2002) and its revision (2009) as well as for ISO 31000 (2009), listed the following seven innovations introduced by ISO series 31000: 1. Formal principles for risk management and ERM (Enterprise Risk Management) that can be used for measuring the risk maturity of an organization. 2. Consideration of any risks or uncertainty that affects objectives of the organization, whether they have positive or negative consequences. 3. Organizational ability to tailor risk management to its own internal structure and governance processes.
Supporting the work of Quality Professionals ™ www.c-bg.com info@c-bg.com Centauri Business Group Inc. ©2008-2013 Blog post from December 2010 2 4. Principle-based rather than performance-based. 5. Requires an organization to formalize and continuously improve a framework for ERM that integrates the management of risk into all processes in the organization. 6. Updates the risk management process used for assisting any decision through the five steps of context, risk assessment, risk treatment, communication, and consultation, followed by formal monitoring and review. 7. Requires accountability for any and all risks through the designation of a “risk owner” whose annual performance partly depends on how well risk is managed. Questions and Answers Question: As part of implementing an Enterprise Risk Management program, I’m trying to align Sr. management by providing them with ISO 31000 training. I would appreciate if you can recommend trainers /firms that can provide this service. Answer: There are two reasons I cannot recommend trainers/firms for ISO 31000 training. 1. I am not sure where your organization is in terms of risk maturity, context, existing risk management, etc. and 2. My knowledge of training organizations is very limited and so mentioning one or two would not be helpful. As with all such selections the first rule is to know the answer to 1. This will ensure that you have an understanding of where your organization is, what it needs in the way of training to implement 31000 and how you might assess the variety of offers available. So let me comment on 1. Where is your organization? The first step is to get a copy of ISO 31000 (available on line from most National Standards Organizations, e.g. Canada or Australia), read it over and as you read make checkmarks or comments against the text. Once you have done that you will have a once over crude gap analysis, a list of questions, and so idea of the extent of the task ahead. Since your current focus is senior management the starting point may be an understanding of their objectives and the context and environment in which they go about making decisions as well as the nature of those decisions and the associated risks. It may be helpful to look on the web and see if you can find some background material to help you on the context part for the decision you have to make – How to engage senior management in ERM (31000 style)? According to ISO 31000 there is a structured way of considering the risks for any decision including the risks behind your current decision to assist senior management with 31000. For example a person I know who, John Fraser, has been quite successful in ERM and has written a book last year (I did a chapter for 31000) can be seen in a presentation that hits most of the key “how to get started” things he has found useful in doing ERM in an organization. I caution you that his organization has a relatively straightforward structure and set of day to day tasks so for other more complex organizations the task is more complicated. Also he uses older terminology (understandable since it was prior to 31000). However, it is a good place to start. http://events.grantthornton.ca/ERM2010/video_101202.cfm I would stress one of the main messages of ISO 31000 – the decision-maker is in charge – and so one of the
Supporting the work of Quality Professionals ™ www.c-bg.com info@c-bg.com Centauri Business Group Inc. ©2008-2013 Blog post from December 2010 3 first steps is to get as much of the picture as possible. As you surf the web you will find, like the John Fraser presentation that most of the sites want to sell you something, which is good in a way but it does mean that you need to have a good understanding of your needs. For example, one other site you might look at as you begin surfing the web is http://www.broadleaf.com.au/iso31000/index.html which is done by an organization where Grant Purdy works – he heads up the Australian New Zealand standards committee for risk management and as you may know their standard was the starting point for ISO 31000. Grant also put ERM into one of the world’s largest mining companies in just 4 years with 3 people – similar to John Fraser’s experience with Hydro1 – a facilitation role with relatively small staff but with senior management commitment. Please ask me any follow up questions. Also a little general description of your organization would be helpful as would be the assessment of the present level of risk maturity (see Annex A of 31000 for help there). Question: I have a copy of the ISO 31000. Does the organization or the Risk Manager have to establish and publish the Risk Policy and the Risk Objectives? How specific do they have to be? Thank you. Answer: 31000 in section 4.3.2 Establishing the risk management policy (statement of the overall intentions and direction of an organization related to risk management) reads as follows: The risk management policy should clearly state the organization's objectives for, and commitment to, risk management and typically addresses the following: the organization's rationale for managing risk; links between the organization's objectives and policies and the risk management policy; accountabilities and responsibilities for managing risk; the way in which conflicting interests are dealt with; commitment to make the necessary resources available to assist those accountable and responsible for managing risk; the way in which risk management performance will be measured and reported; and commitment to review and improve the risk management policy and framework periodically and in response to an event or change in circumstances. The risk management policy should be communicated appropriately. Since it is in the framework section it is an organization task this is likely put together by the Chief Risk Officer working with senior management and the Board who will adopt it, but this will depend on the organization. Note that with 31000 Risk management is integrated into the organization and so depending on the structure of the organization the risk management will necessarily follow the specific organization’s structure and processes. This means that every organization may be unique, although they will (hopefully) follow 31000 and it will be
Supporting the work of Quality Professionals ™ www.c-bg.com info@c-bg.com Centauri Business Group Inc. ©2008-2013 Blog post from December 2010 4 possible to map the risk management framework established in clause 4, to the terminology and generic framework of 31000. In terms of how specific the statement should be the old rule of “short as possible while preserving clarity” should be followed. This URL (BHP Billiton’s web site) is a typical example of a policy similar to a risk management policy (some of the items in the 31000 list are missing) for a large company – it is renewed each year (see also comments by John Fraser’s video earlier on the blog) and in this instance covers a variety of “objectives” set out by the organization. I did not do it but likely if you search around BHP’s web site you may find a structured and nested set of objectives and policies – typical of an organization that has a good risk culture. Last but not least it is probably incorrect to speak of “risk objectives” There will be at the level of risk management of individual risks (i.e. in clause 5) in the risk management context section 5.3.4 Establishing the context of the risk management process some details of the risk management process to be used for a specific risk that ensure that the organizations policies for risk management are followed. In the next few years while ISO 31000 (hopefully) becomes the norm, it might be a good idea to review risk terminology in general to be sure that the term and associated definition is what is meant. It may be necessary to insert the existing meaning as for example – “risk treatment (mitigation)” or in your question “risk management policy (risk policy)”. My experience is that many of the differences in risk and risk management are really differences in terminology not in substance. Question: Do you have information on risk management with respect to organizational structure and impartiality for an organization that offers ISO 9001 registration services? Answer: Not sure I understand the question – an organization that offers ISO 9001 registration – and risk management with respect to organization structure and impartiality. I think the question is – Suppose an organization exists to register other organizations for compliance with regulation x or certification y (does not really matter if it is 9001 or pollution regulation, or whatever, the situation is the same) how can they assure others that they are impartial and how is this expressed in their risk management framework and organizational structure? Since the business of the organization is certification or assurance of compliance their organizational objectives will have this front and centre – they are not likely to exist for very long if they do not meet this objective (otherwise there will be complaints, investigations, their clients may realize difficulties with regulators, suppliers, and switch providers, and so forth). The structure of the organization will take many forms but likely
Supporting the work of Quality Professionals ™ www.c-bg.com info@c-bg.com Centauri Business Group Inc. ©2008-2013 Blog post from December 2010 5 involves clear statements of policy and procedures for audits/certifications, supervision and possible repeating of audits/certification, quality control of auditor/certification performance with remedial actions, forensic like approaches to ‘partial’ outcomes, annual publication of performance outcomes with regards to impartiality, etc. So the risk management for this objective will be to identify risks and then manage those risks. Risks might include, for example: variable performance of auditors/certification due to unclear policies/communications, lack of training, partiality and/or fraud due to lack of supervision and oversight of line operators, etc. These risks will be identified in the usual way – through review of historical data (particularly the year to year results of audits/certifications if available), industry wide data on complaints, review of processes to identify critical control points for bigger risks, etc.) Then a process of generating risk treatments analyzing them and evaluating them will result in optimized (with regard to objectives) procedures for audits and certifications. There may also be modifications to the structure of the organization if systemic problems are found. Share this article!

Recommended

Exploring risk management disclosure practices in non profit organisations in...
Exploring risk management disclosure practices in non profit organisations in...Exploring risk management disclosure practices in non profit organisations in...
Exploring risk management disclosure practices in non profit organisations in...Alexander Decker
 
How to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateHow to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateIRM India Affiliate
 
The relationship between enterprise risk management (erm)
The relationship between enterprise risk management (erm)The relationship between enterprise risk management (erm)
The relationship between enterprise risk management (erm)Alexander Decker
 
Climate change-risk-management-guidance-report
Climate change-risk-management-guidance-reportClimate change-risk-management-guidance-report
Climate change-risk-management-guidance-reportIRM India Affiliate
 
IMT 552-JPMorgan Chase & Co. Risk Assessment v05
IMT 552-JPMorgan Chase & Co. Risk Assessment v05IMT 552-JPMorgan Chase & Co. Risk Assessment v05
IMT 552-JPMorgan Chase & Co. Risk Assessment v05Daniel Kapellmann Zafra
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementkris489049
 
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...prosenzw69
 
Erm indian-higher-education
Erm indian-higher-educationErm indian-higher-education
Erm indian-higher-educationIRM India Affiliate
 

Recommended

Exploring risk management disclosure practices in non profit organisations in...
Exploring risk management disclosure practices in non profit organisations in...Exploring risk management disclosure practices in non profit organisations in...
Exploring risk management disclosure practices in non profit organisations in...Alexander Decker
 
How to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateHow to embed emerging risk identification and management IRMindia Affiliate
How to embed emerging risk identification and management IRMindia AffiliateIRM India Affiliate
 
The relationship between enterprise risk management (erm)
The relationship between enterprise risk management (erm)The relationship between enterprise risk management (erm)
The relationship between enterprise risk management (erm)Alexander Decker
 
Climate change-risk-management-guidance-report
Climate change-risk-management-guidance-reportClimate change-risk-management-guidance-report
Climate change-risk-management-guidance-reportIRM India Affiliate
 
IMT 552-JPMorgan Chase & Co. Risk Assessment v05
IMT 552-JPMorgan Chase & Co. Risk Assessment v05IMT 552-JPMorgan Chase & Co. Risk Assessment v05
IMT 552-JPMorgan Chase & Co. Risk Assessment v05Daniel Kapellmann Zafra
 
Enterprise risk management
Enterprise risk managementEnterprise risk management
Enterprise risk managementkris489049
 
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...
UCI Exec. MBA & Forum for Corp. Directors July 2009 - Board Governance: E...prosenzw69
 
Erm indian-higher-education
Erm indian-higher-educationErm indian-higher-education
Erm indian-higher-educationIRM India Affiliate
 
Cyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India AffiliateCyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India AffiliateIRM India Affiliate
 
Risk Management Frameworks
Risk Management FrameworksRisk Management Frameworks
Risk Management FrameworksDaniel Kapellmann Zafra
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
Risk management assignment exploring the relationship between threat, strateg...
Risk management assignment exploring the relationship between threat, strateg...Risk management assignment exploring the relationship between threat, strateg...
Risk management assignment exploring the relationship between threat, strateg...Total Assignment Help
 
Failure deriving from underestimating risk management
Failure deriving from underestimating risk management Failure deriving from underestimating risk management
Failure deriving from underestimating risk managementPECB
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
Risk Management For Professional Services
Risk Management For Professional ServicesRisk Management For Professional Services
Risk Management For Professional Servicessimonffg
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...Hassan Zaitoun
 
Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final Andrew John Hagen
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 
I need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxI need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxsdfghj21
 
I need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxI need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxwrite4
 
Risk management erm
Risk management ermRisk management erm
Risk management ermAlberto Garcia Romera
 
Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...
Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...
Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...د حاتم البيطار
 
Iso 31000
Iso 31000Iso 31000
Iso 31000Dr. Jojo Javier
 
5242020 Originality Reporthttpsucumberlands.blackboar.docx
5242020 Originality Reporthttpsucumberlands.blackboar.docx5242020 Originality Reporthttpsucumberlands.blackboar.docx
5242020 Originality Reporthttpsucumberlands.blackboar.docxBHANU281672
 
Discussion1From time to time most organizations make improvement.docx
Discussion1From time to time most organizations make improvement.docxDiscussion1From time to time most organizations make improvement.docx
Discussion1From time to time most organizations make improvement.docxmadlynplamondon
 
Essay On Risk Management
Essay On Risk ManagementEssay On Risk Management
Essay On Risk ManagementCustom Paper Services Swainsboro
 
Brochure iso 31000 conference may2013-toronto-l
Brochure iso 31000 conference may2013-toronto-lBrochure iso 31000 conference may2013-toronto-l
Brochure iso 31000 conference may2013-toronto-lThe Global Institute for Risk Management Standards
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationAlvin Integrated Services [AIS]
 
Iso 31000 presentation
Iso 31000 presentationIso 31000 presentation
Iso 31000 presentationchristianaegerter1
 

More Related Content

What's hot

Cyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India AffiliateCyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India AffiliateIRM India Affiliate
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
Risk management assignment exploring the relationship between threat, strateg...
Risk management assignment exploring the relationship between threat, strateg...Risk management assignment exploring the relationship between threat, strateg...
Risk management assignment exploring the relationship between threat, strateg...Total Assignment Help
 
Failure deriving from underestimating risk management
Failure deriving from underestimating risk management Failure deriving from underestimating risk management
Failure deriving from underestimating risk managementPECB
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityJeff B
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentationalygale
 
Risk Management For Professional Services
Risk Management For Professional ServicesRisk Management For Professional Services
Risk Management For Professional Servicessimonffg
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...Hassan Zaitoun
 
Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final Andrew John Hagen
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...PECB
 

What's hot (11)

Cyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India AffiliateCyber Risk Management IRM India Affiliate
Cyber Risk Management IRM India Affiliate
 
Risk Management Frameworks
Risk Management FrameworksRisk Management Frameworks
Risk Management Frameworks
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 
Risk management assignment exploring the relationship between threat, strateg...
Risk management assignment exploring the relationship between threat, strateg...Risk management assignment exploring the relationship between threat, strateg...
Risk management assignment exploring the relationship between threat, strateg...
 
Failure deriving from underestimating risk management
Failure deriving from underestimating risk management Failure deriving from underestimating risk management
Failure deriving from underestimating risk management
 
Enterprise Risk Management and Sustainability
Enterprise Risk Management and SustainabilityEnterprise Risk Management and Sustainability
Enterprise Risk Management and Sustainability
 
Risk Management ERM Presentation
Risk Management ERM PresentationRisk Management ERM Presentation
Risk Management ERM Presentation
 
Risk Management For Professional Services
Risk Management For Professional ServicesRisk Management For Professional Services
Risk Management For Professional Services
 
A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...A structured approach to Enterprise Risk Management (ERM) and the requirement...
A structured approach to Enterprise Risk Management (ERM) and the requirement...
 
Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final Esther R. Sawyer Research Manuscript - Final
Esther R. Sawyer Research Manuscript - Final
 
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
 

Similar to Risk management

I need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxI need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxsdfghj21
 
I need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxI need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxwrite4
 
Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...
Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...
Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...د حاتم البيطار
 
5242020 Originality Reporthttpsucumberlands.blackboar.docx
5242020 Originality Reporthttpsucumberlands.blackboar.docx5242020 Originality Reporthttpsucumberlands.blackboar.docx
5242020 Originality Reporthttpsucumberlands.blackboar.docxBHANU281672
 
Discussion1From time to time most organizations make improvement.docx
Discussion1From time to time most organizations make improvement.docxDiscussion1From time to time most organizations make improvement.docx
Discussion1From time to time most organizations make improvement.docxmadlynplamondon
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationAlvin Integrated Services [AIS]
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateAnthony Chiusano
 
Module 2 - Approaches to Risk Management.pdf
Module 2 - Approaches to Risk Management.pdfModule 2 - Approaches to Risk Management.pdf
Module 2 - Approaches to Risk Management.pdfmarjondimafilis
 
OverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplexOverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplexKashif Ali
 
The requirement for presentation(need in 4hrs)slide1ERM at M.docx
The requirement for presentation(need in 4hrs)slide1ERM at M.docxThe requirement for presentation(need in 4hrs)slide1ERM at M.docx
The requirement for presentation(need in 4hrs)slide1ERM at M.docxkathleen23456789
 
ROS TL Response To COSO Sept 7 2016
ROS TL Response To COSO Sept 7 2016ROS TL Response To COSO Sept 7 2016
ROS TL Response To COSO Sept 7 2016Tim Leech
 
A Reinforcement Of Leadership Practices Essay
A Reinforcement Of Leadership Practices EssayA Reinforcement Of Leadership Practices Essay
A Reinforcement Of Leadership Practices EssayCamella Taylor
 

Similar to Risk management (20)

I need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxI need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docx
 
I need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docxI need response to the discussion post in 200 words.docx
I need response to the discussion post in 200 words.docx
 
Risk management erm
Risk management ermRisk management erm
Risk management erm
 
Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...
Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...
Dr hatem el bitar quality text (17)د حاتم البيطار #دحاتم_البيطار #timodent...
 
Iso 31000
Iso 31000Iso 31000
Iso 31000
 
5242020 Originality Reporthttpsucumberlands.blackboar.docx
5242020 Originality Reporthttpsucumberlands.blackboar.docx5242020 Originality Reporthttpsucumberlands.blackboar.docx
5242020 Originality Reporthttpsucumberlands.blackboar.docx
 
Discussion1From time to time most organizations make improvement.docx
Discussion1From time to time most organizations make improvement.docxDiscussion1From time to time most organizations make improvement.docx
Discussion1From time to time most organizations make improvement.docx
 
Essay On Risk Management
Essay On Risk ManagementEssay On Risk Management
Essay On Risk Management
 
Brochure iso 31000 conference may2013-toronto-l
Brochure iso 31000 conference may2013-toronto-lBrochure iso 31000 conference may2013-toronto-l
Brochure iso 31000 conference may2013-toronto-l
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and Implementation
 
Iso 31000 presentation
Iso 31000 presentationIso 31000 presentation
Iso 31000 presentation
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
 
Risk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_ArticulateRisk Mgmt - Define_And_Articulate
Risk Mgmt - Define_And_Articulate
 
Module 2 - Approaches to Risk Management.pdf
Module 2 - Approaches to Risk Management.pdfModule 2 - Approaches to Risk Management.pdf
Module 2 - Approaches to Risk Management.pdf
 
OverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplexOverseeRiskAsNewerMoreComplex
OverseeRiskAsNewerMoreComplex
 
The requirement for presentation(need in 4hrs)slide1ERM at M.docx
The requirement for presentation(need in 4hrs)slide1ERM at M.docxThe requirement for presentation(need in 4hrs)slide1ERM at M.docx
The requirement for presentation(need in 4hrs)slide1ERM at M.docx
 
One On One
One On OneOne On One
One On One
 
ROS TL Response To COSO Sept 7 2016
ROS TL Response To COSO Sept 7 2016ROS TL Response To COSO Sept 7 2016
ROS TL Response To COSO Sept 7 2016
 
Exploring Common Paths in Risk Management by Jan Mattingly
Exploring Common Paths in Risk Management by Jan MattinglyExploring Common Paths in Risk Management by Jan Mattingly
Exploring Common Paths in Risk Management by Jan Mattingly
 
A Reinforcement Of Leadership Practices Essay
A Reinforcement Of Leadership Practices EssayA Reinforcement Of Leadership Practices Essay
A Reinforcement Of Leadership Practices Essay
 

More from Centauri Business Group Inc.

Integrated Management System Manual Template (Preview)
Integrated Management System Manual Template (Preview)Integrated Management System Manual Template (Preview)
Integrated Management System Manual Template (Preview)Centauri Business Group Inc.
 
QSP 6.1 Actions to address risks and opportunities (Preview)
QSP 6.1 Actions to address risks and opportunities (Preview)QSP 6.1 Actions to address risks and opportunities (Preview)
QSP 6.1 Actions to address risks and opportunities (Preview)Centauri Business Group Inc.
 
Risk Management Requirements Implementation in ISO 9001:2015 Clauses
Risk Management Requirements Implementation in ISO 9001:2015 ClausesRisk Management Requirements Implementation in ISO 9001:2015 Clauses
Risk Management Requirements Implementation in ISO 9001:2015 ClausesCentauri Business Group Inc.
 
ISO 9001:2015 Overview. Presentation for Training (Preview)
ISO 9001:2015 Overview. Presentation for Training (Preview) ISO 9001:2015 Overview. Presentation for Training (Preview)
ISO 9001:2015 Overview. Presentation for Training (Preview) Centauri Business Group Inc.
 

More from Centauri Business Group Inc. (16)

50001:2018 EnMS Manual Template Preview
50001:2018 EnMS Manual Template Preview50001:2018 EnMS Manual Template Preview
50001:2018 EnMS Manual Template Preview
 
ISO 22000:2018 FSMS manual template (preview)
ISO 22000:2018 FSMS manual template (preview)ISO 22000:2018 FSMS manual template (preview)
ISO 22000:2018 FSMS manual template (preview)
 
ISO 45001:2018 Audit checklist (preview)
ISO 45001:2018 Audit checklist (preview)ISO 45001:2018 Audit checklist (preview)
ISO 45001:2018 Audit checklist (preview)
 
ISO 9001/14001/45001 requirements comparison
ISO 9001/14001/45001 requirements comparisonISO 9001/14001/45001 requirements comparison
ISO 9001/14001/45001 requirements comparison
 
ISO/DIS 45001:2017 OH&S manual (preview)
ISO/DIS 45001:2017 OH&S manual (preview)ISO/DIS 45001:2017 OH&S manual (preview)
ISO/DIS 45001:2017 OH&S manual (preview)
 
Integrated Management System Manual Template (Preview)
Integrated Management System Manual Template (Preview)Integrated Management System Manual Template (Preview)
Integrated Management System Manual Template (Preview)
 
ISO 14001.2015 EMS Manual Template (preview)
ISO 14001.2015 EMS Manual Template (preview)ISO 14001.2015 EMS Manual Template (preview)
ISO 14001.2015 EMS Manual Template (preview)
 
ISO 9001:2015 Audit Checklist Preview
ISO 9001:2015 Audit Checklist PreviewISO 9001:2015 Audit Checklist Preview
ISO 9001:2015 Audit Checklist Preview
 
Risk Management in QMS Processes - examples
Risk Management in QMS Processes - examplesRisk Management in QMS Processes - examples
Risk Management in QMS Processes - examples
 
QSP 6.1 Actions to address risks and opportunities (Preview)
QSP 6.1 Actions to address risks and opportunities (Preview)QSP 6.1 Actions to address risks and opportunities (Preview)
QSP 6.1 Actions to address risks and opportunities (Preview)
 
Risk Management Requirements Implementation in ISO 9001:2015 Clauses
Risk Management Requirements Implementation in ISO 9001:2015 ClausesRisk Management Requirements Implementation in ISO 9001:2015 Clauses
Risk Management Requirements Implementation in ISO 9001:2015 Clauses
 
ISO 9001:2015 Overview. Presentation for Training (Preview)
ISO 9001:2015 Overview. Presentation for Training (Preview) ISO 9001:2015 Overview. Presentation for Training (Preview)
ISO 9001:2015 Overview. Presentation for Training (Preview)
 
Making Sustainability Work in Public Transit
Making Sustainability Work in Public TransitMaking Sustainability Work in Public Transit
Making Sustainability Work in Public Transit
 
Corporate Social Responsibility Facts and Links
Corporate Social Responsibility Facts and LinksCorporate Social Responsibility Facts and Links
Corporate Social Responsibility Facts and Links
 
Social Responsibility Facts and Links
Social Responsibility Facts and Links Social Responsibility Facts and Links
Social Responsibility Facts and Links
 
Learn Journalists' Secrets Training Course FaQ
Learn Journalists' Secrets Training Course FaQLearn Journalists' Secrets Training Course FaQ
Learn Journalists' Secrets Training Course FaQ
 

Recently uploaded

Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Availablepr788182
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGpr788182
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...meghakumariji156
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
 
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...pr788182
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxDitasDelaCruz
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Timegargpaaro
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubaijaehdlyzca
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSkajalroy875762
 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Puja Sharma
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...daisycvs
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPanhandleOilandGas
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...ssuserf63bd7
 
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableNanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service Availablepr788182
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1kcpayne
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Falcon Invoice Discounting
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwaitdaisycvs
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsIndeedSEO
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon investment
 

Recently uploaded (20)

Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service AvailableNashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
Nashik Call Girl Just Call 7091819311 Top Class Call Girl Service Available
 
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDINGBerhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
Berhampur CALL GIRL❤7091819311❤CALL GIRLS IN ESCORT SERVICE WE ARE PROVIDING
 
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
Escorts in Nungambakkam Phone 8250092165 Enjoy 24/7 Escort Service Enjoy Your...
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
Bangalore Call Girl Just Call♥️ 8084732287 ♥️Top Class Call Girl Service Avai...
 
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptxQSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
QSM Chap 10 Service Culture in Tourism and Hospitality Industry.pptx
 
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All TimeCall 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
Call 7737669865 Vadodara Call Girls Service at your Door Step Available All Time
 
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur DubaiUAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
UAE Bur Dubai Call Girls ☏ 0564401582 Call Girl in Bur Dubai
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTSDurg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
Durg CALL GIRL ❤ 82729*64427❤ CALL GIRLS IN durg ESCORTS
 
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
Ooty Call Gril 80022//12248 Only For Sex And High Profile Best Gril Sex Avail...
 
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
Quick Doctor In Kuwait +2773`7758`557 Kuwait Doha Qatar Dubai Abu Dhabi Sharj...
 
PHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation FinalPHX May 2024 Corporate Presentation Final
PHX May 2024 Corporate Presentation Final
 
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
Horngren’s Cost Accounting A Managerial Emphasis, Canadian 9th edition soluti...
 
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service AvailableNanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
Nanded Call Girl Just Call 8084732287 Top Class Call Girl Service Available
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
Unveiling Falcon Invoice Discounting: Leading the Way as India's Premier Bill...
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Falcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business PotentialFalcon Invoice Discounting: Unlock Your Business Potential
Falcon Invoice Discounting: Unlock Your Business Potential
 

Risk management

  • 1. Supporting the work of Quality Professionals ™ www.c-bg.com info@c-bg.com Centauri Business Group Inc. 2008-2013 1 Risk management At the end of 2009, the International Organization for Standardization (ISO) issued a new set of principles and guidelines that should benefit all organizations confronting the always problematic challenges of managing risk: Title/Link Date of Issue ISO 31000:2009 Risk management - Principles and guidelines Nov 13, 2009 ISO Guide 73:2009 Risk management - Vocabulary Nov 13, 2009 ISO/IEC 31010:2009 Risk management - Risk assessment techniques Dec 1, 2009 Standard ISO 31000 provides principles and generic guidelines on risk management and is not intended for the purpose of certification. ISO/IEC 31010:2009 describes more than thirty tools to use for risk assessment and explains their application. The ISO Guide 73:2009 contains risk management terminology and definitions. These three standards can be applied to any type of risk, whatever its nature, by organizations of any type or by individuals. Risk, as defined by the ISO Guide 73:2009, is the impact of uncertainty on objectives. It is very important to emphasize that the impact of uncertainty can be positive as well as negative. "Not pursuing an opportunity" is also a risk. John Shortreed **, PhD, who served on the ISO technical committees for Guide 73 (Risk Management— Vocabulary, 2002) and its revision (2009) as well as for ISO 31000 (2009), listed the following seven innovations introduced by ISO series 31000: 1. Formal principles for risk management and ERM (Enterprise Risk Management) that can be used for measuring the risk maturity of an organization. 2. Consideration of any risks or uncertainty that affects objectives of the organization, whether they have positive or negative consequences. 3. Organizational ability to tailor risk management to its own internal structure and governance processes.
  • 2. Supporting the work of Quality Professionals ™ www.c-bg.com info@c-bg.com Centauri Business Group Inc. ©2008-2013 Blog post from December 2010 2 4. Principle-based rather than performance-based. 5. Requires an organization to formalize and continuously improve a framework for ERM that integrates the management of risk into all processes in the organization. 6. Updates the risk management process used for assisting any decision through the five steps of context, risk assessment, risk treatment, communication, and consultation, followed by formal monitoring and review. 7. Requires accountability for any and all risks through the designation of a “risk owner” whose annual performance partly depends on how well risk is managed. Questions and Answers Question: As part of implementing an Enterprise Risk Management program, I’m trying to align Sr. management by providing them with ISO 31000 training. I would appreciate if you can recommend trainers /firms that can provide this service. Answer: There are two reasons I cannot recommend trainers/firms for ISO 31000 training. 1. I am not sure where your organization is in terms of risk maturity, context, existing risk management, etc. and 2. My knowledge of training organizations is very limited and so mentioning one or two would not be helpful. As with all such selections the first rule is to know the answer to 1. This will ensure that you have an understanding of where your organization is, what it needs in the way of training to implement 31000 and how you might assess the variety of offers available. So let me comment on 1. Where is your organization? The first step is to get a copy of ISO 31000 (available on line from most National Standards Organizations, e.g. Canada or Australia), read it over and as you read make checkmarks or comments against the text. Once you have done that you will have a once over crude gap analysis, a list of questions, and so idea of the extent of the task ahead. Since your current focus is senior management the starting point may be an understanding of their objectives and the context and environment in which they go about making decisions as well as the nature of those decisions and the associated risks. It may be helpful to look on the web and see if you can find some background material to help you on the context part for the decision you have to make – How to engage senior management in ERM (31000 style)? According to ISO 31000 there is a structured way of considering the risks for any decision including the risks behind your current decision to assist senior management with 31000. For example a person I know who, John Fraser, has been quite successful in ERM and has written a book last year (I did a chapter for 31000) can be seen in a presentation that hits most of the key “how to get started” things he has found useful in doing ERM in an organization. I caution you that his organization has a relatively straightforward structure and set of day to day tasks so for other more complex organizations the task is more complicated. Also he uses older terminology (understandable since it was prior to 31000). However, it is a good place to start. http://events.grantthornton.ca/ERM2010/video_101202.cfm I would stress one of the main messages of ISO 31000 – the decision-maker is in charge – and so one of the
  • 3. Supporting the work of Quality Professionals ™ www.c-bg.com info@c-bg.com Centauri Business Group Inc. ©2008-2013 Blog post from December 2010 3 first steps is to get as much of the picture as possible. As you surf the web you will find, like the John Fraser presentation that most of the sites want to sell you something, which is good in a way but it does mean that you need to have a good understanding of your needs. For example, one other site you might look at as you begin surfing the web is http://www.broadleaf.com.au/iso31000/index.html which is done by an organization where Grant Purdy works – he heads up the Australian New Zealand standards committee for risk management and as you may know their standard was the starting point for ISO 31000. Grant also put ERM into one of the world’s largest mining companies in just 4 years with 3 people – similar to John Fraser’s experience with Hydro1 – a facilitation role with relatively small staff but with senior management commitment. Please ask me any follow up questions. Also a little general description of your organization would be helpful as would be the assessment of the present level of risk maturity (see Annex A of 31000 for help there). Question: I have a copy of the ISO 31000. Does the organization or the Risk Manager have to establish and publish the Risk Policy and the Risk Objectives? How specific do they have to be? Thank you. Answer: 31000 in section 4.3.2 Establishing the risk management policy (statement of the overall intentions and direction of an organization related to risk management) reads as follows: The risk management policy should clearly state the organization's objectives for, and commitment to, risk management and typically addresses the following: the organization's rationale for managing risk; links between the organization's objectives and policies and the risk management policy; accountabilities and responsibilities for managing risk; the way in which conflicting interests are dealt with; commitment to make the necessary resources available to assist those accountable and responsible for managing risk; the way in which risk management performance will be measured and reported; and commitment to review and improve the risk management policy and framework periodically and in response to an event or change in circumstances. The risk management policy should be communicated appropriately. Since it is in the framework section it is an organization task this is likely put together by the Chief Risk Officer working with senior management and the Board who will adopt it, but this will depend on the organization. Note that with 31000 Risk management is integrated into the organization and so depending on the structure of the organization the risk management will necessarily follow the specific organization’s structure and processes. This means that every organization may be unique, although they will (hopefully) follow 31000 and it will be
  • 4. Supporting the work of Quality Professionals ™ www.c-bg.com info@c-bg.com Centauri Business Group Inc. ©2008-2013 Blog post from December 2010 4 possible to map the risk management framework established in clause 4, to the terminology and generic framework of 31000. In terms of how specific the statement should be the old rule of “short as possible while preserving clarity” should be followed. This URL (BHP Billiton’s web site) is a typical example of a policy similar to a risk management policy (some of the items in the 31000 list are missing) for a large company – it is renewed each year (see also comments by John Fraser’s video earlier on the blog) and in this instance covers a variety of “objectives” set out by the organization. I did not do it but likely if you search around BHP’s web site you may find a structured and nested set of objectives and policies – typical of an organization that has a good risk culture. Last but not least it is probably incorrect to speak of “risk objectives” There will be at the level of risk management of individual risks (i.e. in clause 5) in the risk management context section 5.3.4 Establishing the context of the risk management process some details of the risk management process to be used for a specific risk that ensure that the organizations policies for risk management are followed. In the next few years while ISO 31000 (hopefully) becomes the norm, it might be a good idea to review risk terminology in general to be sure that the term and associated definition is what is meant. It may be necessary to insert the existing meaning as for example – “risk treatment (mitigation)” or in your question “risk management policy (risk policy)”. My experience is that many of the differences in risk and risk management are really differences in terminology not in substance. Question: Do you have information on risk management with respect to organizational structure and impartiality for an organization that offers ISO 9001 registration services? Answer: Not sure I understand the question – an organization that offers ISO 9001 registration – and risk management with respect to organization structure and impartiality. I think the question is – Suppose an organization exists to register other organizations for compliance with regulation x or certification y (does not really matter if it is 9001 or pollution regulation, or whatever, the situation is the same) how can they assure others that they are impartial and how is this expressed in their risk management framework and organizational structure? Since the business of the organization is certification or assurance of compliance their organizational objectives will have this front and centre – they are not likely to exist for very long if they do not meet this objective (otherwise there will be complaints, investigations, their clients may realize difficulties with regulators, suppliers, and switch providers, and so forth). The structure of the organization will take many forms but likely
  • 5. Supporting the work of Quality Professionals ™ www.c-bg.com info@c-bg.com Centauri Business Group Inc. ©2008-2013 Blog post from December 2010 5 involves clear statements of policy and procedures for audits/certifications, supervision and possible repeating of audits/certification, quality control of auditor/certification performance with remedial actions, forensic like approaches to ‘partial’ outcomes, annual publication of performance outcomes with regards to impartiality, etc. So the risk management for this objective will be to identify risks and then manage those risks. Risks might include, for example: variable performance of auditors/certification due to unclear policies/communications, lack of training, partiality and/or fraud due to lack of supervision and oversight of line operators, etc. These risks will be identified in the usual way – through review of historical data (particularly the year to year results of audits/certifications if available), industry wide data on complaints, review of processes to identify critical control points for bigger risks, etc.) Then a process of generating risk treatments analyzing them and evaluating them will result in optimized (with regard to objectives) procedures for audits and certifications. There may also be modifications to the structure of the organization if systemic problems are found. Share this article!