Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

ISO 31000:2018 Risk Management Awareness Training

ISO 31000:2018 is an international standard designed and formulated to help organizations implement a robust Risk Management System.

ISO 31000 helps organizations develop a risk management strategy to effectively identify and mitigate risks, thereby enhancing the likelihood of achieving their objectives and increasing the protection of their assets. Its overarching goal is to develop a risk management culture where employees and stakeholders are aware of the importance of monitoring and managing risk.

This presentation can be used to brief your employees, stakeholders and project teams so as to create awareness of risk management best practices.

LEARNING OBJECTIVES

1. Understand the concept of risk as the uncertainty on objectives.
2. Understand risk management principles, framework and process in the context of a Risk Management System.
3. Appreciate the value of ISO 31000 as the benchmark for best practice in managing risk.

CONTENTS

1. Introduction & Key Concepts of ISO 31000
About ISO
What are standards?
What standards are not
Why are standards important?
What is ISO 31000?
The ISO 31000 family
Scope of ISO 31000
Key focus of ISO 31000
Objectives of ISO 31000
What is "risk"?
Examples of risk
Definition of risk
Why do we need to be aware of risk?
What do we know about risk management?
You manage risks when you...
Definition of risk management
Benefits of adopting ISO 31000 standard
Why was ISO 31000 revised?
What are the main differences?
How do I apply ISO 31000?
How do I get started?


2. The Three Pillars of ISO 31000
The three pillars of ISO 31000
Risk management principles
Risk management framework
Components of the risk management framework
Risk management process
Risk assessment
Risk identification
Risk analysis
Risk evaluation
Risk treatment
ISO 31000 key clause structure (4-6)
ISO 31000 and project management
Your risk management checklist

To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations

  • Login to see the comments

ISO 31000:2018 Risk Management Awareness Training

  1. 1. © Operational Excellence Consulting. All rights reserved. ISO 31000:2018 Risk Management © Operational Excellence Consulting. All rights reserved.
  2. 2. © Operational Excellence Consulting. All rights reserved. 2 Learning Objectives Understand the concept of risk as the uncertainty on objectives. Understand risk management principles, framework and process in the context of a Risk Management System. Appreciate the value of ISO 31000 as the benchmark for best practice in managing risk. NOTE: This is a PARTIAL PREVIEW. To download the complete presentation, please visit: https://www.oeconsulting.com.sg
  3. 3. © Operational Excellence Consulting. All rights reserved. 3 Contents 2 The Three Pillars of ISO 31000 1 Introduction & Key Concepts of ISO 31000
  4. 4. © Operational Excellence Consulting. All rights reserved. 4 About ISO § Non-governmental organization (NGO) established in 1947, based in Geneva, Switzerland § Has a membership of over 160 national standards institutes from countries in all regions of the world § The world’s largest developer of voluntary International Standards, based on global and market relevance
  5. 5. © Operational Excellence Consulting. All rights reserved. 5© Operational Excellence Consulting. All rights reserved. 5 Why are Standards Important? Facilitates business interaction Communication Enables companies to comply with relevants laws and regulations Compliance Speeds up the introduction of innovative products and services to the market Innovation Provides interoperability between new and existing prodcucts, services and processes Interoperability
  6. 6. © Operational Excellence Consulting. All rights reserved. 6 What is ISO 31000? § An international standard that provides principles and generic guidelines on risk management § Generic approach: • Not specific to any industry or sector • Can be applied to any type of risk (financial, technological, natural, project) • Can be applied to any type of organization • Can be applied to organizational activities such as decision making
  7. 7. © Operational Excellence Consulting. All rights reserved. 7 The ISO 31000 Family GUIDELINES RISK MANAGEMENT ISO 31000:2018 Risk management guidelines IEC 31010:2019 Risk assessment techniques ISO Guide 73:2009 Risk management vocabulary TECHNIQUESVOCABULARY
  8. 8. © Operational Excellence Consulting. All rights reserved. 8 Objectives of ISO 31000 § Helps organizations develop a risk management strategy to effectively identify and mitigate risks § Develop a risk management culture where employees and stakeholders are aware of the importance of monitoring and managing risk
  9. 9. © Operational Excellence Consulting. All rights reserved. 9 What is “Risk”? § Risk is present in everything we do § Risk can be a threat or an opportunity § Anything that could harm, prevent, delay or enhance your ability to achieve your objectives § ISO 9001:2015, ISO 14001:2015, ISO 22301:2012 and ISO 45001:2018 are all risk-based standards
  10. 10. © Operational Excellence Consulting. All rights reserved. 10 Examples of Risk Damage to reputation or brand Cyber crime Political risk Terrorism Digital currency Infectious diseases Economic downturn
  11. 11. © Operational Excellence Consulting. All rights reserved. 11 Definition of Risk § In ISO 31000, Risk is defined as: The effect of uncertainty on your objectives.
  12. 12. © Operational Excellence Consulting. All rights reserved. 12 Why Do We Need to be Aware of Risk? § Risk is something that we all face every day § As a company, we have to take risks in pursuit of our commercial objectives § To raise awareness that we all have to manage risk as part of our daily working lives as well as personal
  13. 13. © Operational Excellence Consulting. All rights reserved. 13 Benefits of Adopting ISO 31000 Standard § Increase the likelihood of achieving objectives § Encourage proactive management § Identify and treat risk throughout the organization § Improve the identification of opportunities and threats § Comply with relevant legal and regulatory requirements and internal norms § Improve financial reporting § Improve governance § Establish a reliable basis for decision making
  14. 14. © Operational Excellence Consulting. All rights reserved. 14 The Three Pillars of ISO 31000 Leadership and Commitment Risk Evaluation Risk Analysis Risk Identification Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION& CONSULTATION MONITORING&REVIEW RECORDING & REPORTING Integrated Continual Improvement Human and Cultural Factors Best Available Information Dynamic Inclusive Customized Structured and Comprehensive Value Creation and Protection Principles (Clause 4) Framework (Clause 5) Process (Clause 6) Source: Adapted from ISO 31000:2018 Risk Management Guidelines
  15. 15. © Operational Excellence Consulting. All rights reserved. 15 Risk Management Principles § Core concept of ISO 31000: The purpose of risk management is the creation and protection of value § Eight Principles (concepts) communicate the value of risk management, explain its intention and purpose and are the foundation for managing risk § The principles are required for an effective risk management – they are the core concepts of risk management!
  16. 16. © Operational Excellence Consulting. All rights reserved. 16 Risk Management Framework § Leadership and Commitment (top management and – where applicable oversight bodies) • Customizing and implementing the framework • Issuing a policy statement • Allocating the necessary resources • Assigning authority, responsibility and accountability Leadership and Commitment
  17. 17. © Operational Excellence Consulting. All rights reserved. 17 DESCRIPTION Risk identification § What could prevent us from achieving our objectives? Risk analysis § Understanding the sources and causes of the identified risks; studying probabilities and consequences given the existing controls, to identify the level of residual risk. Risk evaluation § Comparing risk analysis results with risk criteria to determine whether the residual risk is tolerable. Risk treatment § Changing the magnitude and likelihood of consequences, both positive and negative, to achieve a net increase in benefit. Risk Management Process
  18. 18. © Operational Excellence Consulting. All rights reserved. 18 Risk Management Process § Risk assessment • Should be conducted systematically, iteratively and collaboratively • Tools for risk management can be found in ISO/IEC 31010 • Risk assessment is the process of Ø Risk identification Ø Risk analysis, and Ø Risk evaluation Risk Evaluation Risk Analysis Risk Identification Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION& CONSULTATION MONITORING&REVIEW RECORDING & REPORTING
  19. 19. © Operational Excellence Consulting. All rights reserved. 19 Risk Management Process § Risk identification • Find, recognize and describe risks that might help or prevent an organization achieving its objectives • Relevant, appropriate and up-to-date information is important in identifying risks • A risk not identified is a risk not analyzed, not evaluated and not treated § The biggest risk of all is not to consider the risks of your objectives! Risk Evaluation Risk Analysis Risk Identification Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION& CONSULTATION MONITORING&REVIEW RECORDING & REPORTING
  20. 20. © Operational Excellence Consulting. All rights reserved. 20 Risk Management Process § Risk evaluation • Its purpose is to support decisions • It involves comparing the results of risk analysis with the established risk criteria to determine where action is required. Decisions might be to: Ø Do nothing further Ø Consider risk treatment options Ø Undertake further analysis Ø Maintain existing controls Ø Reconsider objectives Risk Evaluation Risk Analysis Risk Identification Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION& CONSULTATION MONITORING&REVIEW RECORDING & REPORTING
  21. 21. © Operational Excellence Consulting. All rights reserved. 21 ISO 31000 Key Clause Structure (4-6) 4. Principles 5. Framework 6. Process Value creation and protection § Integrated § Structured and comprehensive § Customized § Inclusive § Dynamic § Best available information § Human and cultural factors § Continual improvement 5.1 General 5.2 Leadership and commitment 5.3 Integration 5.4 Design 5.4.1 Understanding the organization and its context 5.4.2 Articulating risk management commitment 5.4.3 Assigning organizational roles, authorities, responsibilities and accountabilities 5.4.4 Allocating resources 5.4.5 Establishing communication and consultation 5.5 Implementation 5.6 Evaluation 5.7 Improvement 5.7.1 Adapting 5.7.2 Continually improving 6.1 General 6.2 Communication and consultation 6.3 Scope, context and criteria 6.3.1 General 6.3.2 Defining the scope 6.3.3 External and internal context 6.3.4 Defining risk criteria 6.4 Risk management 6.4.1 General 6.4.2 Risk identification 6.4.3 Risk analysis 6.4.4 Risk evaluation 6.5 Risk treatment 6.5.1 General 6.5.2 Selection of risk treatment options 6.5.3 Preparing and implementing risk treatment plans 6.6 Monitoring and review 6.7 Recording and reporting
  22. 22. © Operational Excellence Consulting. All rights reserved. 22 Your Risk Management Checklist 1. Do you have a risk management plan (it does not have to be lengthy or complicated)? 2. Have you identified and captured your risks in a risk register? 3. How have you evaluated and prioritized your risks? 4. Have you engaged the appropriate stakeholders in the risk identification and evaluation processes? 5. What about risk owners? Does each risk have a risk owner? 6. Have the risk owners developed risk response plans for the highest risks? 7. Are you facilitating a review of your risks periodically, resulting in updates to the risk register and effective risk responses?
  23. 23. © Operational Excellence Consulting. All rights reserved. About Operational Excellence Consulting
  24. 24. © Operational Excellence Consulting. All rights reserved. 24 About Operational Excellence Consulting § Operational Excellence Consulting is a management training and consulting firm that assists organizations in improving business performance and effectiveness. § The firm’s mission is to create business value for organizations through innovative operational excellence management training and consulting solutions. § OEC takes a unique “beyond the tools” approach to enable clients develop internal capabilities and cultural transformation to achieve sustainable world-class excellence and competitive advantage. For more information, please visit www.oeconsulting.com.sg
  25. 25. © Operational Excellence Consulting. All rights reserved. END OF PREVIEW To download this presentation, please visit: www.oeconsulting.com.sg

×