Introduction to Risk Management ISO31000:2009
•
6 likes•675 views
Based on ISO31000:2009 Risk Management Principles and Guidelines. Introduction for implementing risk management processes.
Recommended
More Related Content
What's hot
What's hot (20)
Similar to Introduction to Risk Management ISO31000:2009
Similar to Introduction to Risk Management ISO31000:2009 (20)
Recently uploaded
Recently uploaded (20)
Introduction to Risk Management ISO31000:2009
- 1. An introduction to Risk Management ISO31000:2009 1
- 2. ISO 31000:2009 Principles and Guidelines Guidelines / References ISO 31010 - Assessment Technique ISO Guide 73:2009 - Vocabulary 2
- 3. Principle for managing risk a. Create value b. Integral part of organisational processes c. Part of decision making d. Explicitly addresses uncertainty e. Systematic, structured and timely f. Based on the best available information g. Tailored h. Takes human and cultural factors into account i. Transparent and inclusive j. Dynamic, iterative and responsive to change k. Facilitates continual improvement and enhancement of the organisation Framework for managing risk Process for managing risk ISO31000:2009 Risk Management Principles, Framework and Process Mandate & Commitment Design of framework for managing risk Monitoring and review of the framework Continual improvement of the framework Implementing risk management Establishing the context Risk assessment Risk treatment Communicationandconsultation Monitoringandreview Risk identification Risk analysis Risk evaluation 3
- 4. RISK – Defini,on (ISO/IEC Guide 73) The effect of uncertainty on objec6ves • Outcome if deficiency occurs • Things that can stop from achieving objec:ve (deficiency) • Aim; target • Clarity of objec6ves important 4
- 6. Risk Management Process Establishing the context Strategic / business objective Internal environment (organisation culture, processes, structure & strategy, roles & accountability, policies etc). External environment (regulatory requirement, stakeholder perceptions, social & cultural, political, legal, economic, technological etc). Set the scope Risk criteria
- 7. Risk Assessment Risk Identification Identify possible risk to the business objective / project. Interview Brainstorm Checklist ISO31010 Risk Assessment Technique } Process flow Ishikawa (Fishbone): Cause & Effect Checklist People have seen risk occur, use people’s experience. Bowtie Risk Management Process
- 8. Risk Assessment Risk Analysis Goal of Risk Analysis How threatening the risk are Weigh the risk Risk trend & forecast Qualitative Analysis Quantitative Analysis Likelihood & Consequence Matrix • Trend graph • Pareto Principle • Decision Tree • Monte Carlo Simulation April 2013 0 25 50 75 100 Northern Central Southern East Coast West Coast Minor Modest Severe Major Catastrophic Financial Listenership Downtime Talent Risk Management Process
- 9. Risk Assessment Risk Evaluation Likelihood Consequence Level of Risk Almost impossible Rare Possible Likely Certain / Almost certain Minor (minimal) Modest (Moderate) Severe (Significant; long reaching effect) Major (Critical) Catastrophic (Potential to lead to collapse) Low Moderate Significant High Qualitative Analysis + Quantitative Analysis Risk Management Process 9
- 10. Risk Treatment Risk Register Current control or Strategy adopted Implementation status Business Plan Risk Management Process Strategies
- 11. Monitoring & Review Certain/ Almost certain Likelihood! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Likely ! ! ! ! ! ! ! ! ! Possible ! ! ! ! ! ! ! ! ! Rare ! ! ! ! ! ! ! ! ! Almost impossible ! ! ! ! ! ! ! ! ! ! ! ! ! Consequence Minor (minimal) Modest (moderate) Severe (Significant; long reaching effect) Major (Critical) Catastrophic (Potential to lead to collapse) CONTROL RISK MATRIX Risk Management Process 11 Minor Modest Severe Major Catastrophic Financial Audience Share Rating Downtime >0.25% >0.25 - 0.50% >0.50 - 0.75% >0.75 - 1% More than 1% People
- 12. Communication & Consultation Risk Management Process Risk / Treatment Owner Group Management Audit & Risk Committee (GMARC) Email / Meeting / Discussion / Awareness with Risk & Treatment Owner Risk Management Committee (RMC) & Board of Subsidiaries 12
- 14. Likelihood Consequence Level of Risk Almost impossible Rare Possible Likely Certain / Almost certain Minor (minimal) Modest (Moderate) Severe (Significant; long reaching effect) Major (Critical) Catastrophic (Potential to lead to collapse) Feasibility Benefit Level of Opportunity Very Hard Hard Normal Easy Very easy Very Low Low Medium High Very High Risk vs Opportunity 14
- 15. Benefits of Risk Management Increase the likelihood of achieving objectives; Encourage proactive management; Be aware of the need to identify and treat risk throughout the organisation; Improve the identification of opportunities and threats; Achieve compatible risk management practices between organisation and nation; Improve governance; Improve stakeholder confidence and trust; Established a reliable basis for decision making planning; Improve control; Effectively allocate and use resources for risk treatment; Improve operational effectiveness and efficiency; Enhance health and safety performance and environmental protection; Improve loss prevention and incident management; Minimize losses; Improve organisational learning; and Improve organisational resilience.
- 16. Tools%and%Techniques% Risk%Assessment%Process% Risk%Iden7fica7on% Risk%Analysis% Risk% evalua7on%Consequence% Probability% Level%of% risk% 1% Brainstorming% !!% B% B% B% B% 2% Structured%or%semiBstructured%interviews%% !!% B% B% B% B% 3% Delphi% !!% B% B% B% B% 4% CheckBlists% !!% B% B% B% B% 5% Primary%hazard%analysis% !!% B% B% B% B% 6% Hazard%and%operability%studies%(HAZOP)% !!% !!% !% !% !% 7% Hazard%Analysis%and%Cri7cal%Control%Point%(HACCP)% !!% !!% B% B% !!% 8% Environmental%risk%assessment% !!% !!% !!% !!% !!% 9% Structure%%<%What%if?%>%(SWIFT)% !!% !!% !!% !!% !!% 10% Scenario%analysis% !!% !!% !% !% !% 11% Business%impact%analysis% !% !!% !% !% !% 12% Root%cause%analysis% B% !!% !!% !!% !!% 13% Failure%mode%effect%analysis% !!% !!% !!% !!% !!% 14% Fault%tree%analysis% !% B% !!% !% !% 15% Event%tree%analysis% !% !!% !% !% B% 16% Cause%and%consequence%%analysis% !% !!% !!% !% !% 17% CauseBandBeffect%analysis% !% !!% !!% !% !% 18% Layer%protec7on%analysis%(LOPA)% !% !!% !% !% B% 19% Decision%tree% B% !!% !!% !% !% 20% Human%reliability%analysis% !!% !!% !!% !!% !% 21% Bow%7e%analysis% B% !% !!% !!% !% 22% Reliability%centered%analysis% !!% !!% !!% !!% !!% 23% Sneak%circuit%analysis% !% B% B% B% B% 24% Markov%analysis% !% !!% B% B% B% 25% Monte%Carlo%simula7on% B% B% B% B% !!% 26% Bayesian%sta7s7cs%and%Bayes%Nets% B% !!% B% B% !!% 27% FN%curves% !% !!% !!% !% !!% 28% Risk%indices% !% !!% !!% !% !!% 29% Consequence/probability%matrix% !!% !!% !!% !!% !% 30% Cost/benefit%analysis% !% !!% !% !% !% 31% Mul7Bcriteria%decision%analysis%(MCDA)% %% %% %% %% %% %% !!%=%Strongly%applicable% !%%%%=%Applicable% B =%Not%applicable%% Risk Assessment Techniques ISO31010
- 17. Risk Management Reports 1. Risk Profile Analysis 2. Risk Register 17
- 18. 18 1. Risk Profile Analyse the effect & uncertainty based on data (internal & external) Risk evaluation or impact = consequence + likelihood Risk level Certain/ Almost certain Likelihood! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! Likely ! ! ! ! ! ! ! ! ! Possible ! ! ! ! ! ! ! ! ! Rare ! ! ! ! ! ! ! ! ! Almost impossible ! ! ! ! ! ! ! ! ! ! ! ! ! Consequence Minor (minimal) Modest (moderate) Severe (Significant; long reaching effect) Major (Critical) Catastrophic (Potential to lead to collapse) CONTROL RISK MATRIX
- 19. 19 2. Risk Register Control or Strategy adopted Implementation status Risk & Treatment level Risk & Treatment owner
- 20. By Ahmad Azwang Aisram aisram@gmail.com