Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Risk Management and ISO 31000


Published on

An overview of the ISO 31000 standard for risk management.

  • Login to see the comments

Risk Management and ISO 31000

  1. 1. Risk Management and ISO 31000 Doug Newdick
  2. 2. What Is Risk Management? <ul><li>Risk is: </li></ul><ul><ul><li>The effect of uncertainty on the ability of an organisation to meet its objectives. </li></ul></ul><ul><li>Risk management is: </li></ul><ul><ul><li>The range of activities that an organisation intentionally undertakes to understand and reduce these effects. </li></ul></ul><ul><li>Effective risk management is: </li></ul><ul><ul><li>Executing these activities efficiently and in a way that actually and demonstrably improves the ability of the organisation to meet its objectives in a repeatable fashion. </li></ul></ul>
  3. 3. What Is ISO 31000? <ul><li>ISO 31000:2009 is: </li></ul><ul><ul><li>An international standard that provides principles and guidelines for effective risk management </li></ul></ul><ul><ul><li>Not specific to any industry or sector </li></ul></ul><ul><ul><li>Able to be applied to any kind of risk </li></ul></ul><ul><ul><li>Able to be applied to any kind of organisation </li></ul></ul><ul><ul><li>Intended to be tailored to meet the needs of the organisation </li></ul></ul><ul><li>“ The generic approach described in this Standard provides the principles and guidelines for managing any form of risk in a systematic, transparent and credible manner and within any scope and context.” </li></ul>
  4. 4. What Does ISO 31000 Cover? <ul><li>ISO 31000:2009 contains: </li></ul><ul><ul><li>A set of risk management terms and their definitions </li></ul></ul><ul><ul><li>A set of principles for guiding and informing effective risk management for an enterprise </li></ul></ul><ul><ul><li>An outline and process for creating a risk management framework </li></ul></ul><ul><ul><li>An outline and process for creating a risk management process </li></ul></ul><ul><li>ISO 31000 is: </li></ul><ul><ul><li>Clear </li></ul></ul><ul><ul><li>Sensible </li></ul></ul><ul><ul><li>Brief (24 pages) </li></ul></ul>
  5. 5. What Does ISO 31000 Not Cover? <ul><li>Detailed instructions on how to manage risk </li></ul><ul><li>A complete risk management framework </li></ul><ul><li>A complete risk management process </li></ul><ul><li>Formats or attributes for describing risks </li></ul><ul><li>Templates </li></ul><ul><li>Guidance on how to identify risks </li></ul><ul><li>Advice on how to manage risks for a specific domain </li></ul>
  6. 6. Background to ISO 31000 <ul><li>Australia and NZ developed AS/NZS 4360:1999 in 1999. This was revised and reissued as AS/NZS 4360:2004 in 2004. Australia and New Zealand led the world in enterprise risk management at this point! </li></ul><ul><li>There was no agreed de jure or de facto international standard in place at this stage. There were a small number of competing frameworks which were regarded as unsatisfactory. </li></ul><ul><li>In 2005 the International Standards Organisation started work on ISO 31000 using AS/NZS 4360:2004 as its first draft. </li></ul><ul><li>ISO 31000 was issued to widespread acclaim in 2009. </li></ul>
  7. 7. ISO 31000 – An Overview Principles guide the creation of the framework The framework defines the process The performance of the process feeds back into the framework
  8. 8. ISO 31000 – An Overview: Principles
  9. 9. ISO 31000 – An Overview: Framework
  10. 10. ISO 31000 – An Overview: Process
  11. 11. Why Use ISO 31000? <ul><li>Save yourself time and effort: </li></ul><ul><ul><li>Using the terms, principles and guidelines in ISO 31000 means you don’t have to spend time and effort creating your own. </li></ul></ul><ul><ul><li>You can spend time on the things that really add value – managing the actual risks. </li></ul></ul><ul><li>Facilitate communication: </li></ul><ul><ul><li>Avoid misunderstandings by using concepts and terms that are well known in the risk management community. </li></ul></ul><ul><li>Provide higher quality output: </li></ul><ul><ul><li>Take advantage of the significant expertise in risk management that the ISO has used in coming up with the standard. </li></ul></ul><ul><ul><li>Ensure you don’t miss out any aspects of risk management by using the standard as a checklist. </li></ul></ul>
  12. 12. How Do I Apply ISO 31000? <ul><li>When should I use ISO 31000? </li></ul><ul><ul><li>When you are asked to identify or assess risks </li></ul></ul><ul><ul><li>When you are asked to manage risks </li></ul></ul><ul><ul><li>When you are asked to assess a risk management framework or process </li></ul></ul><ul><li>How should I use ISO 31000 </li></ul><ul><ul><li>Use it to frame the scope of the work </li></ul></ul><ul><ul><li>Use it to guide the engagement </li></ul></ul><ul><ul><li>Use it to create a risk management process </li></ul></ul>
  13. 13. ISO 31000 In Summary <ul><ul><li>ISO 31000 gives you a structured, credible foundation for discussions with about risk and risk management. </li></ul></ul><ul><ul><li>ISO 31000 gives you a starting point for a risk management process if you don’t have one. </li></ul></ul><ul><ul><li>ISO 31000 gives you a standard vocabulary for talking about risks and risk management. </li></ul></ul><ul><ul><li>ISO 31000 gives you a baseline for comparisons and assessments of risk management processes. </li></ul></ul>
  14. 14. For Further Resources <ul><li>Visit my blog: </li></ul><ul><ul><li> </li></ul></ul><ul><li>Follow me on Twitter: </li></ul><ul><ul><li>@dougnewdick </li></ul></ul>