Implementing a Risk Management System based on the ISO 31000
ISO+31000+2009+Understanding
1. 1
And Learning & Coaching
Gedung City Square C-22 Jl Abdulrahman Saleh – Bandung
tel : 022-6125446 / 447 Fax : 022-6125427
http://www.and-lc.com
Consultant : Setiono Winardi,SH.,MBA
E. winardi67@gmail.com M.+62-813-1542-1509
ISO 31000 – 2009, RISK MANAGEMENT
Background
In all business activities conducted by the company, foundation or non-profit organizations,
cooperatives, and industry will employ a process of risk, which is currently handling the risk is
not getting treatment uniformly to various process risks done by a variety of business entities
including the organization of non profit.
ISO 31000 - 2009 to provide general principles and guidelines for the management of the risks
faced, which will provide universal paradigm for practitioners and companies, as well as setting
standards and methodologies together on a variety of different industries throughout the region
and internationally accepted.
ISO 31000-2009, relate to
1. ISO 31000: 2009 - Principles and Guidelines on Implementation
2. ISO / IEC 31010: 2009 - Risk Management - Risk Assessment Techniques
3. ISO Guide 73: 2009 - Risk Management - Vocabulary
4. ISO 21500 - Guidance on Project Management standards to align with ISO 31000: 2009
Understanding ISO 31000-2009 - Risk Management
ISO 31000-2009, provides the principles and general guidelines on risk management, which can
be used by the public, the company (organization), association, group or individual, and not
addressed to a particular industry or sector, because it can be applied throughout the life of the
organization , a variety of activities, including the strategies implemented and the decision to
determine the risk, operations, business processes, functions, projects, products, services and
assets that can be applied to all types of risk, regardless of the nature or kind, including the
consequences of positive or negative.
ISO 31000-2009 only provide guidance of a general nature and is not intended to carry out the
similarities in managing risks in the institution, yet provide the design to implement the plan in
risk management framework, including taking into account the needs of the organization, vision,
mission, objectivity, structure, operation, processes, functions, projects, products, services, or
assets and used in practice.
Objective ISO 31000 - 2009
1. Provide the principles and general guidelines on risk management, which can be used on the
entire industry or sector, as it can be applied to the whole of life, including implementing
strategies and decisions to define something, so it can be applied to all types of risk,
regardless of the nature or kind, including the consequences of positive or negative.
2. 2
2. Aligning the risk management processes in existing standards in the future, through a
common approach to supporting standards relating to the risk and/or certain sectors, and
doesn’t replace the standard, and is not intended for certification purposes.
3. Transformation to
3.1. Executive level stakeholders
3.2. Decision makers in risk management in the company
3.3. Officers risk analysis
3.4. Line managers and project managers
3.5. Compliance officer and internal auditor
3.6. Independent practitioners.
4. Have the skills to analyze, categorize and manage the risks faced and overcome these
problems.
5. Have the ability to apply good corporate governance is based on legislation in force.
6. Have the skills to perform compliance and transparency of the company, before the law.
Benefits
1. Avoiding the risk by deciding not to start or continue with activities that pose a risk
2. Accept or increase the risk to pursue opportunity, through
2.1. Removing the source of the risk
2.2. Changing possibilities
2.3. Change consequences
2.4. Sharing the risk with another party or parties (including contracts and risk financing)
2.5. Maintaining risk by decision
3. Transfer the accountability gap in risk management in the company, through:
3.1. Aligning the objectives of the framework of governance with ISO 31000
3.2. Embedding reporting mechanism for management systems
3.3. Creating risk criteria uniformly to the metric evaluation
4. Increase the likelihood of achieving the goal;
4.1. Encourage proactive management
4.2. Recognizing the need to identify and treat risk throughout the organization;
4.3. Increase in the identification of opportunities and threats;
4.4. Achieve risk management practices that are compatible between organizations and
countries;
5. Comply with the requirements of relevant laws and regulations and international norms;
6. Improving governance and control as well as improve the effectiveness and efficiency of
operations;
7. Establish a reliable basis for decision making and planning
8. Effectively allocate and use resources for risk treatment;
9. Improve the performance of health, safety and environmental protection;
10. Improve loss prevention and incident management;
11. Minimizing losses, through increased learning and organizational resilience
Content ISO 31000 - 2009
1. Various terms in risk management and definition
2. Strategy to guide and inform effective risk management for a company
3. Overview and processes to create a risk management framework
3. 3
4. Overview and processes to create a risk management process
5. Basic credible and structured for risk management.
6. Beginning of the risk management process.
7. The basis for comparison and assessment of the risk management process.
8. The risk management framework
9. Risk Management Program
10. Issues Risk Management of current and future
11. Risk Management Assessment conducted
12. Concern for Risk Management
Reference Designing ISO 31000 – 2009
1. Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How to
Fix It. John Wiley & Sons. p. 46.
2. Antunes, Ricardo; Gonzalez, Vicente (3 March 2015). "A Production Model for
Construction: A Theoretical Framework". Buildings 5 (1): 209–228.
doi:10.3390/buildings5010209.
3. ISO/IEC Guide 73:2009 (2009). Risk management — Vocabulary. International
Organization for Standardization.
4. ISO/DIS 31000 (2009). Risk management — Principles and guidelines on implementation.
International Organization for Standardization.
5. Trevisani, Daniele (2007). Regie di Cambiamento (Translated Title: The Directions of
Change), Franco Angeli Publisher, Milan, ISBN 9788846483775
6. Bent Flyvbjerg and Alexander Budzier, 2011, "Why Your IT Project May Be Riskier Than
You Think", Harvard Business Review, vol. 89, no. 9, pp. 601-603
7. "Committee Draft of ISO 31000 Risk management" (PDF). International Organization for
Standardization. 2007-06-15.
8. CMU/SEI-93-TR-6 Taxonomy-based risk identification in software industry. Sei.cmu.edu.
Retrieved on 2012-04-17.
9. Common Vulnerability and Exposures list. Cve.mitre.org. Retrieved on 2012-04-17.
10. Crockford, Neil (1986). An Introduction to Risk Management (2 ed.). Cambridge, UK:
Woodhead-Faulkner. p. 18. ISBN 0-85941-332-2.
11. Dorfman, Mark S. (2007). Introduction to Risk Management and Insurance (9 ed.).
Englewood Cliffs, N.J: Prentice Hall. ISBN 0-13-224227-3.
12. McGivern, Gerry; Fischer, Michael D. (1 February 2012). "Reactivity and reactions to
regulatory transparency in medicine, psychotherapy and counseling". Social Science &
Medicine 74 (3): 289–296. doi:10.1016/j.socscimed.2011.09.035. PMID 22104085.
13. IADC HSE Case Guidelines for MODUs 3.2, section 4.7
14. Roehrig, P (2006). "Bet On Governance To Manage Outsourcing Risk". Business Trends
Quarterly.
15. Lev Virine and Michael Trumper. Project Decisions: The Art and Science. (2007).
Management Concepts. Vienna. VA. ISBN 978-1-56726-217-9
16. Lev Virine and Michael Trumper. ProjectThink: Why Good Managers Make Poor Project
Choices. Gower Pub Co. ISBN 978-1409454984
17. Peter Simon and David Hillson, Practical Risk Management: The ATOM Methodology
(2012). Management Concepts. Vienna, VA. ISBN 978-1567263664
18. Flyvbjerg, Bent (2003). Megaprojects and Risk: An Anatomy of Ambition. Cambridge
University Press. ISBN 0521804205.
19. Oxford BT Centre for Major Program Management
20. Craig Taylor and Erik Van Marcke, ed. (2002). Acceptable Risk Processes: Lifelines and
Natural Hazards. Reston, VA: ASCE, TCLEE. ISBN 9780784406236.
4. 4
21. Cortada, James W. (2003-12-04). The Digital Hand: How Computers Changed the Work
of American Manufacturing, Transportation, and Retail Industries. USA: Oxford University
Press. p. 512. ISBN 0-19-516588-8.
22. Cortada, James W. (2005-11-03). The Digital Hand: Volume II: How Computers Changed
the Work of American Financial, Telecommunications, Media, and Entertainment
Industries. USA: Oxford University Press. ISBN 978-0-19-516587-6.
23. Cortada, James W. (2007-11-06). The Digital Hand, Vol 3: How Computers Changed the
Work of American Public Sector Industries. USA: Oxford University Press. p. 496. ISBN
978-0-19-516586-9.
24. BowtieXP. Retrieved on 2014-03-04.
25. Saghee M, Sandle T, Tidswell E (editors) (2011). Microbiology and Sterility Assurance in
Pharmaceuticals and Medical Devices (1st ed.). Business Horizons. ISBN 978-8190646741.
26. Navy and Marine Corps Public Health Center, A Risk Communication Primer—Tools and
Techniques
27. U.S. Department of Homeland Security, Understanding Risk Communication Theory: A
Guide for Emergency Managers and Communicators Report to Human Factors/Behavioral
Sciences Division, Science and Technology Directorate, May 2012