SlideShare a Scribd company logo

ISO 31000:2018 (Risk Management) Awareness Training

Operational Excellence Consulting
Operational Excellence Consulting

[To download this presentation, visit: https://www.oeconsulting.com.sg/training-presentations] ISO 31000:2018 is an international standard designed and formulated to help organizations implement a robust Risk Management System. The ISO 31000 standard helps organizations develop a risk management strategy to effectively identify and mitigate risks, thereby enhancing the likelihood of achieving their objectives and increasing the protection of their assets. Its overarching goal is to develop a risk management culture where employees and stakeholders are aware of the importance of monitoring and managing risk. LEARNING OBJECTIVES 1. Understand the concept of risk as the uncertainty on objectives. 2. Understand risk management principles, framework and process in the context of a Risk Management System. 3. Appreciate the value of ISO 31000 as the benchmark for best practice in managing risk.

Business
1 of 28
© Operational Excellence Consulting ISO 31000:2018 Risk Management – Guidelines © Operational Excellence Consulting. All rights reserved.
© Operational Excellence Consulting LEARNING OBJECTIVES 2 Understand the concept of risk as the uncertainty on objectives Describe the risk management principles, framework and process in the context of a Risk Management System Appreciate the value of ISO 31000 as the benchmark for best practice in managing risk NOTE: This is a PARTIAL PREVIEW. To download the complete presentation, please visit: https://www.oeconsulting.com.sg
© Operational Excellence Consulting CONTENTS 3 INTRODUCTION & KEY CONCEPTS OF ISO 31000 THE THREE PILLARS OF ISO 31000 02 01
© Operational Excellence Consulting ISO STANDARDS CONTRIBUTE DIRECTLY TO THE U.N. SUSTAINABLE DEVELOPMENT GOALS (SDGs) 4 ISO 14001:2015 Environmental Management Systems ISO/IEC 27001:2022 Information Security Management Systems ISO 22000:2018 Food Safety Management Systems ISO 26000:2010 Social Responsibility ISO 9001:2015 Quality Management Systems ISO 50001:2018 Energy Management Systems ISO 37001:2016 Anti-Bribery Management Systems ISO 45001:2018 Occupational Health & Safety Management Systems Some examples of popular ISO standards that are adopted by various companies and organizations:
© Operational Excellence Consulting ● An international standard that provides principles and generic guidelines on risk management ● Not specific to any industry or sector ● Can be applied to any type of risk (financial, technological, natural, project) ● Can be applied to any type of organization ● Can be applied to organizational activities such as decision making WHAT IS ISO 31000? © Operational Excellence Consulting 5
© Operational Excellence Consulting THE ISO 31000 FAMILY 6 Source: Adapted from ISO/IEC GUIDELINES RISK MANAGEMENT ISO 31000:2018 Risk management guidelines IEC 31010:2019 Risk assessment techniques ISO Guide 73:2009 Risk management vocabulary TECHNIQUES VOCABULARY Focus of this presentation
© Operational Excellence Consulting ● Stresses commitment to diligent risk management ● Encourages priority setting ● Explains that risk management should itself create and protect value ● Stresses the importance of context ● Adopts the viewpoint that risk management is integral to the organization’s objectives © Operational Excellence Consulting KEY FOCUS OF ISO 31000 7
© Operational Excellence Consulting 8 OBJECTIVES OF ISO 31000 Helps organizations develop a risk management strategy to effectively identify and mitigate risks Develop a risk management culture where employees and stakeholders are aware of the importance of monitoring and managing risk
© Operational Excellence Consulting ● Risk is present in everything we do ● Risk can be a threat or an opportunity ● Anything that could harm, prevent, delay or enhance your ability to achieve your objectives ● ISO 9001:2015, ISO 14001:2015, ISO 22301:2012 and ISO 45001:2018 are all risk-based standards WHAT IS “RISK”? 9
© Operational Excellence Consulting EXAMPLES OF RISKS 10 Infectious diseases Cyber crime Damage to reputation or brand Economic downturn Digital currency Political risk Climate change Terrorism
© Operational Excellence Consulting ● Risk is something that we all face every day ● As a company, we have to take risks in pursuit of our commercial objectives ● To raise awareness that we all have to manage risk as part of our daily working lives as well as personal © Operational Excellence Consulting WHY DO WE NEED TO BE AWARE OF RISK? 11
© Operational Excellence Consulting ● Reduce uncertainty to an acceptable level for better informed decisions leading to achieving or varying objectives ● Control the likelihood of events occurring that affect the certainty of achieving your objectives ● Reduce the likelihood of a negative consequence occurring or effectively and efficiently exploit an opportunity © Operational Excellence Consulting YOU MANAGE RISKS WHEN YOU… 12
© Operational Excellence Consulting DEFINITION OF “RISK MANAGEMENT” 13 In ISO 31000, “risk management’ is defined as: Coordinated activities to direct and control an organization with regard to risk. Source: Based on ISO
© Operational Excellence Consulting BENEFITS OF ADOPTING ISO 31000 STANDARD 14 Encourage proactive management Identify and treat risk throughout the organization Increase the likelihood of achieving objectives Improve financial reporting Improve governance Comply with relevant legal and regulatory requirements and internal norms Improve the identification of opportunities and threats Establish a reliable basis for decision making
© Operational Excellence Consulting THE THREE PILLARS OF ISO 31000 15 FRAMEWORK (Clause 5) Risk Evaluation Risk Analysis Risk Identification Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING Leadership and Commitment Integrated Continual Improvement Human and Cultural Factors Best Available Information Dynamic Inclusive Customized Structured and Comprehensive Value Creation and Protection PRINCIPLES (Clause 4) PROCESS (Clause 6) Source: Adapted from ISO
© Operational Excellence Consulting THE THREE PILLARS OF ISO 31000 16 PRINCIPLES Required elements of an effective and efficient risk management FRAMEWORK Assists in integrating risk management into the activities and functions of the organization PROCESS Integral part of management, structure, operations and processes (activities) of the organization The ISO 31000 standard comprises three pillars:
© Operational Excellence Consulting © Operational Excellence Consulting RISK MANAGEMENT PRINCIPLES 17 Integrated Continual Improvement Human and Cultural Factors Best Available Information Dynamic Inclusive Customized Structured and Comprehensive Value Creation and Protection
© Operational Excellence Consulting © Operational Excellence Consulting RISK MANAGEMENT FRAMEWORK 18 Leadership and Commitment
© Operational Excellence Consulting © Operational Excellence Consulting RISK MANAGEMENT PROCESS 19 Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING Risk Evaluation Risk Analysis Risk Identification
© Operational Excellence Consulting RISK MANAGEMENT PROCESS 20 DESCRIPTION Risk identification § What could prevent us from achieving our objectives? Risk analysis § Understanding the sources and causes of the identified risks; studying probabilities and consequences given the existing controls, to identify the level of residual risk. Risk evaluation § Comparing risk analysis results with risk criteria to determine whether the residual risk is tolerable. Risk treatment § Changing the magnitude and likelihood of consequences, both positive and negative, to achieve a net increase in benefit.
© Operational Excellence Consulting ● Should be conducted systematically, iteratively and collaboratively ● Tools for risk management can be found in ISO/IEC 31010 ● Risk assessment is the process of: o Risk identification o Risk analysis, and o Risk evaluation RISK ASSESSMENT 21 Risk Management Process Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING Risk Evaluation Risk Analysis Risk Identification
© Operational Excellence Consulting ● Find, recognize and describe risks that might help or prevent an organization achieving its objectives ● Relevant, appropriate and up-to- date information is important in identifying risks ● A risk not identified is a risk not analyzed, not evaluated and not treated ● The biggest risk of all is not to consider the risks of your objectives! RISK IDENTIFICATION 22 Risk Management Process Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING Risk Evaluation Risk Analysis Risk Identification
© Operational Excellence Consulting ● The likelihood of events and consequences ● The nature and magnitude of consequences ● Complexity and connectivity ● Time-related factors and volatility ● The effectiveness of existing controls ● Sensitivity and confidence levels RISK ANALYSIS – FACTORS TO CONSIDER 23 Risk Management Process
© Operational Excellence Consulting ● The purpose of risk treatment is to select and implement options for addressing risk: ● Selection of risk treatment options (balancing benefits against costs, effort and disadvantages – but justification might be broader) ● Preparing and implementing risk treatment plans ● No options available à risk should be recorded and kept under ongoing review RISK TREATMENT 24 Risk Management Process Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING Risk Evaluation Risk Analysis Risk Identification
© Operational Excellence Consulting ISO 31000 KEY CLAUSE STRUCTURE (4-6) 25 4. Principles 5. Framework 6. Process Value creation and protection § Integrated § Structured and comprehensive § Customized § Inclusive § Dynamic § Best available information § Human and cultural factors § Continual improvement 5.1 General 5.2 Leadership and commitment 5.3 Integration 5.4 Design 5.4.1 Understanding the organization and its context 5.4.2 Articulating risk management commitment 5.4.3 Assigning organizational roles, authorities, responsibilities and accountabilities 5.4.4 Allocating resources 5.4.5 Establishing communication and consultation 5.5 Implementation 5.6 Evaluation 5.7 Improvement 5.7.1 Adapting 5.7.2 Continually improving 6.1 General 6.2 Communication and consultation 6.3 Scope, context and criteria 6.3.1 General 6.3.2 Defining the scope 6.3.3 External and internal context 6.3.4 Defining risk criteria 6.4 Risk management 6.4.1 General 6.4.2 Risk identification 6.4.3 Risk analysis 6.4.4 Risk evaluation 6.5 Risk treatment 6.5.1 General 6.5.2 Selection of risk treatment options 6.5.3 Preparing and implementing risk treatment plans 6.6 Monitoring and review 6.7 Recording and reporting
© Operational Excellence Consulting ● An essential aspect of project management is controlling the inherent risks of a project ● Risks arise from uncertainty surrounding project decisions and outcomes ISO 31000 & PROJECT MANAGEMENT ● Most individuals associate the concept of risk with the potential for loss in value, control, functionality, quality, or timeliness of completion of a project ● However, project outcomes may also result in failure to maximize gain in an opportunity and the uncertainties in decision making leading up to this outcome can also be said to involve an element of risk 26
© Operational Excellence Consulting 1. Do you have a risk management plan (it does not have to be lengthy or complicated)? 2. Have you identified and captured your risks in a risk register? 3. How have you evaluated and prioritized your risks? 4. Have you engaged the appropriate stakeholders in the risk identification and evaluation processes? 5. What about risk owners? Does each risk have a risk owner? 6. Have the risk owners developed risk response plans for the highest risks? 7. Are you facilitating a review of your risks periodically, resulting in updates to the risk register and effective risk responses? YOUR RISK MANAGEMENT CHECKLIST 27
© Operational Excellence Consulting Operational Excellence Consulting is a management training and consulting firm that assists organizations in improving business performance and effectiveness. Based in Singapore, the firm’s mission is to create business value for organizations through innovative design and operational excellence management training and consulting solutions. For more information, please visit www.oeconsulting.com.sg ABOUT OPERATIONAL EXCELLENCE CONSULTING

Recommended

Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
PECB
 
ISO 31000
ISO 31000ISO 31000
ISO 31000
yeganehmajidi
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Rahul Bhan (CA, CIA, MBA)
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Nidhi Gupta
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Nidhi Gupta
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB
 
Iso9001 2015 risk_based_thinking
Iso9001 2015 risk_based_thinkingIso9001 2015 risk_based_thinking
Iso9001 2015 risk_based_thinking
MaryGrace279
 
ISO9001_2015_Risk_Based_Thinking.pptx
ISO9001_2015_Risk_Based_Thinking.pptxISO9001_2015_Risk_Based_Thinking.pptx
ISO9001_2015_Risk_Based_Thinking.pptx
ibr1722011
 

Recommended

Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
Implementation of Enterprise Risk Management with ISO 31000 Risk Management S...
PECB
 
ISO 31000
ISO 31000ISO 31000
ISO 31000
yeganehmajidi
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Rahul Bhan (CA, CIA, MBA)
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Nidhi Gupta
 
Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013Riskpro iso 31000 services 2013
Riskpro iso 31000 services 2013
Nidhi Gupta
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB
 
Iso9001 2015 risk_based_thinking
Iso9001 2015 risk_based_thinkingIso9001 2015 risk_based_thinking
Iso9001 2015 risk_based_thinking
MaryGrace279
 
ISO9001_2015_Risk_Based_Thinking.pptx
ISO9001_2015_Risk_Based_Thinking.pptxISO9001_2015_Risk_Based_Thinking.pptx
ISO9001_2015_Risk_Based_Thinking.pptx
ibr1722011
 
Iso 9001 pensamiento basado en riesgo
Iso 9001 pensamiento basado en riesgoIso 9001 pensamiento basado en riesgo
Iso 9001 pensamiento basado en riesgo
Sergio Cardona Barrios
 
Iso 31000
Iso 31000Iso 31000
Iso 31000
Dr. Jojo Javier
 
ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness TrainingISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
Operational Excellence Consulting
 
HIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINALHIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINAL
Chris Mandel, RF, ARM-E
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB
 
Iso9001 risk based_thinking
Iso9001 risk based_thinkingIso9001 risk based_thinking
Iso9001 risk based_thinking
timdwill
 
Implementing a Risk Management System based on the ISO 31000
Implementing a Risk Management System based on the ISO 31000Implementing a Risk Management System based on the ISO 31000
Implementing a Risk Management System based on the ISO 31000
Continuity and Resilience
 
Value creation through optimising risk
Value creation through optimising riskValue creation through optimising risk
Value creation through optimising risk
David Berkelmans
 
ISO 14001:2015 (Environmental Management Systems) Awareness Training
ISO 14001:2015 (Environmental Management Systems) Awareness TrainingISO 14001:2015 (Environmental Management Systems) Awareness Training
ISO 14001:2015 (Environmental Management Systems) Awareness Training
Operational Excellence Consulting
 
FERMA presentation at the IIA Belgium Conference
FERMA presentation at the IIA Belgium ConferenceFERMA presentation at the IIA Belgium Conference
FERMA presentation at the IIA Belgium Conference
FERMA
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
Risk Management Institution of Australasia
 
Company Profile SIM1 rev-2.pdf
Company Profile SIM1 rev-2.pdfCompany Profile SIM1 rev-2.pdf
Company Profile SIM1 rev-2.pdf
agus_sato
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
Tim Leech
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
Dr. Zar Rdj
 
#corpriskforum2016 - Alex Dali
#corpriskforum2016 - Alex Dali#corpriskforum2016 - Alex Dali
#corpriskforum2016 - Alex Dali
Alexei Sidorenko, CRMP
 
Master thesis defence Shu Pei Oei
Master thesis defence Shu Pei OeiMaster thesis defence Shu Pei Oei
Master thesis defence Shu Pei Oei
MIPLM
 
SLIDE CACP TAMBAHAN Materi Risk Management
SLIDE CACP TAMBAHAN Materi Risk ManagementSLIDE CACP TAMBAHAN Materi Risk Management
SLIDE CACP TAMBAHAN Materi Risk Management
hamdanikemendagri
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and Implementation
Alvin Integrated Services [AIS]
 
Brochure iso 31000 conference may2013-toronto-l
Brochure iso 31000 conference may2013-toronto-lBrochure iso 31000 conference may2013-toronto-l
Brochure iso 31000 conference may2013-toronto-l
The Global Institute for Risk Management Standards
 
G31000 Risk Management Maturity Model
G31000 Risk Management Maturity ModelG31000 Risk Management Maturity Model
G31000 Risk Management Maturity Model
Alexei Sidorenko, CRMP
 
Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
Operational Excellence Consulting
 

More Related Content

Similar to ISO 31000:2018 (Risk Management) Awareness Training

ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness TrainingISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
Operational Excellence Consulting
 
ISO 14001:2015 (Environmental Management Systems) Awareness Training
ISO 14001:2015 (Environmental Management Systems) Awareness TrainingISO 14001:2015 (Environmental Management Systems) Awareness Training
ISO 14001:2015 (Environmental Management Systems) Awareness Training
Operational Excellence Consulting
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
Tim Leech
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
Dr. Zar Rdj
 
G31000 Risk Management Maturity Model
G31000 Risk Management Maturity ModelG31000 Risk Management Maturity Model
G31000 Risk Management Maturity Model
Alexei Sidorenko, CRMP
 

Similar to ISO 31000:2018 (Risk Management) Awareness Training (20)

Iso 9001 pensamiento basado en riesgo
Iso 9001 pensamiento basado en riesgoIso 9001 pensamiento basado en riesgo
Iso 9001 pensamiento basado en riesgo
 
Iso 31000
Iso 31000Iso 31000
Iso 31000
 
ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness TrainingISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
ISO 37002:2021 (Whistleblowing Management Systems) Awareness Training
 
HIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINALHIRimsISO311KandERMFINAL
HIRimsISO311KandERMFINAL
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
 
Iso9001 risk based_thinking
Iso9001 risk based_thinkingIso9001 risk based_thinking
Iso9001 risk based_thinking
 
Implementing a Risk Management System based on the ISO 31000
Implementing a Risk Management System based on the ISO 31000Implementing a Risk Management System based on the ISO 31000
Implementing a Risk Management System based on the ISO 31000
 
Value creation through optimising risk
Value creation through optimising riskValue creation through optimising risk
Value creation through optimising risk
 
ISO 14001:2015 (Environmental Management Systems) Awareness Training
ISO 14001:2015 (Environmental Management Systems) Awareness TrainingISO 14001:2015 (Environmental Management Systems) Awareness Training
ISO 14001:2015 (Environmental Management Systems) Awareness Training
 
FERMA presentation at the IIA Belgium Conference
FERMA presentation at the IIA Belgium ConferenceFERMA presentation at the IIA Belgium Conference
FERMA presentation at the IIA Belgium Conference
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
Company Profile SIM1 rev-2.pdf
Company Profile SIM1 rev-2.pdfCompany Profile SIM1 rev-2.pdf
Company Profile SIM1 rev-2.pdf
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
 
#corpriskforum2016 - Alex Dali
#corpriskforum2016 - Alex Dali#corpriskforum2016 - Alex Dali
#corpriskforum2016 - Alex Dali
 
Master thesis defence Shu Pei Oei
Master thesis defence Shu Pei OeiMaster thesis defence Shu Pei Oei
Master thesis defence Shu Pei Oei
 
SLIDE CACP TAMBAHAN Materi Risk Management
SLIDE CACP TAMBAHAN Materi Risk ManagementSLIDE CACP TAMBAHAN Materi Risk Management
SLIDE CACP TAMBAHAN Materi Risk Management
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and Implementation
 
Brochure iso 31000 conference may2013-toronto-l
Brochure iso 31000 conference may2013-toronto-lBrochure iso 31000 conference may2013-toronto-l
Brochure iso 31000 conference may2013-toronto-l
 
G31000 Risk Management Maturity Model
G31000 Risk Management Maturity ModelG31000 Risk Management Maturity Model
G31000 Risk Management Maturity Model
 

More from Operational Excellence Consulting

Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
Operational Excellence Consulting
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
Operational Excellence Consulting
 
ISO 37000:2021 (Governance of Organizations) Awareness Training
ISO 37000:2021 (Governance of Organizations) Awareness TrainingISO 37000:2021 (Governance of Organizations) Awareness Training
ISO 37000:2021 (Governance of Organizations) Awareness Training
Operational Excellence Consulting
 
Six Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating PerformanceSix Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating Performance
Operational Excellence Consulting
 
Kaizen Event Guide: Transforming Challenges into Opportunities
Kaizen Event Guide: Transforming Challenges into OpportunitiesKaizen Event Guide: Transforming Challenges into Opportunities
Kaizen Event Guide: Transforming Challenges into Opportunities
Operational Excellence Consulting
 
Kaizen: Elevating Continuous Improvement for Success
Kaizen: Elevating Continuous Improvement for SuccessKaizen: Elevating Continuous Improvement for Success
Kaizen: Elevating Continuous Improvement for Success
Operational Excellence Consulting
 
Strategic Planning: A3 Hoshin Planning Process
Strategic Planning: A3 Hoshin Planning ProcessStrategic Planning: A3 Hoshin Planning Process
Strategic Planning: A3 Hoshin Planning Process
Operational Excellence Consulting
 
A3 Problem Solving Process & Tools
A3 Problem Solving Process & ToolsA3 Problem Solving Process & Tools
A3 Problem Solving Process & Tools
Operational Excellence Consulting
 
Digital Strategic Business Planning Methodology
Digital Strategic Business Planning MethodologyDigital Strategic Business Planning Methodology
Digital Strategic Business Planning Methodology
Operational Excellence Consulting
 
Root Cause Analysis (RCA)
Root Cause Analysis (RCA)Root Cause Analysis (RCA)
Root Cause Analysis (RCA)
Operational Excellence Consulting
 
Business Process Reengineering (BPR)
Business Process Reengineering (BPR)Business Process Reengineering (BPR)
Business Process Reengineering (BPR)
Operational Excellence Consulting
 
5 Steps of Problem Solving
5 Steps of Problem Solving5 Steps of Problem Solving
5 Steps of Problem Solving
Operational Excellence Consulting
 
Seven Advanced Tools of Quality (Seven Advanced QC Tools)
Seven Advanced Tools of Quality (Seven Advanced QC Tools)Seven Advanced Tools of Quality (Seven Advanced QC Tools)
Seven Advanced Tools of Quality (Seven Advanced QC Tools)
Operational Excellence Consulting
 
Seven Basic Tools of Quality (Seven Basic QC Tools)
Seven Basic Tools of Quality (Seven Basic QC Tools)Seven Basic Tools of Quality (Seven Basic QC Tools)
Seven Basic Tools of Quality (Seven Basic QC Tools)
Operational Excellence Consulting
 
Problem Solving & Visualization Tools
Problem Solving & Visualization ToolsProblem Solving & Visualization Tools
Problem Solving & Visualization Tools
Operational Excellence Consulting
 
PDCA Problem Solving Process & Tools
PDCA Problem Solving Process & ToolsPDCA Problem Solving Process & Tools
PDCA Problem Solving Process & Tools
Operational Excellence Consulting
 
8D Problem Solving Process & Tools
8D Problem Solving Process & Tools8D Problem Solving Process & Tools
8D Problem Solving Process & Tools
Operational Excellence Consulting
 
Digital Transformation Process Poster
Digital Transformation Process PosterDigital Transformation Process Poster
Digital Transformation Process Poster
Operational Excellence Consulting
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
Operational Excellence Consulting
 
Four Steps of Jidoka Poster
Four Steps of Jidoka PosterFour Steps of Jidoka Poster
Four Steps of Jidoka Poster
Operational Excellence Consulting
 

More from Operational Excellence Consulting (20)

Sustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & EconomySustainability: Balancing the Environment, Equity & Economy
Sustainability: Balancing the Environment, Equity & Economy
 
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
The McKinsey 7S Framework: A Holistic Approach to Harmonizing All Parts of th...
 
ISO 37000:2021 (Governance of Organizations) Awareness Training
ISO 37000:2021 (Governance of Organizations) Awareness TrainingISO 37000:2021 (Governance of Organizations) Awareness Training
ISO 37000:2021 (Governance of Organizations) Awareness Training
 
Six Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating PerformanceSix Sigma Improvement Process: Transforming Processes, Elevating Performance
Six Sigma Improvement Process: Transforming Processes, Elevating Performance
 
Kaizen Event Guide: Transforming Challenges into Opportunities
Kaizen Event Guide: Transforming Challenges into OpportunitiesKaizen Event Guide: Transforming Challenges into Opportunities
Kaizen Event Guide: Transforming Challenges into Opportunities
 
Kaizen: Elevating Continuous Improvement for Success
Kaizen: Elevating Continuous Improvement for SuccessKaizen: Elevating Continuous Improvement for Success
Kaizen: Elevating Continuous Improvement for Success
 
Strategic Planning: A3 Hoshin Planning Process
Strategic Planning: A3 Hoshin Planning ProcessStrategic Planning: A3 Hoshin Planning Process
Strategic Planning: A3 Hoshin Planning Process
 
A3 Problem Solving Process & Tools
A3 Problem Solving Process & ToolsA3 Problem Solving Process & Tools
A3 Problem Solving Process & Tools
 
Digital Strategic Business Planning Methodology
Digital Strategic Business Planning MethodologyDigital Strategic Business Planning Methodology
Digital Strategic Business Planning Methodology
 
Root Cause Analysis (RCA)
Root Cause Analysis (RCA)Root Cause Analysis (RCA)
Root Cause Analysis (RCA)
 
Business Process Reengineering (BPR)
Business Process Reengineering (BPR)Business Process Reengineering (BPR)
Business Process Reengineering (BPR)
 
5 Steps of Problem Solving
5 Steps of Problem Solving5 Steps of Problem Solving
5 Steps of Problem Solving
 
Seven Advanced Tools of Quality (Seven Advanced QC Tools)
Seven Advanced Tools of Quality (Seven Advanced QC Tools)Seven Advanced Tools of Quality (Seven Advanced QC Tools)
Seven Advanced Tools of Quality (Seven Advanced QC Tools)
 
Seven Basic Tools of Quality (Seven Basic QC Tools)
Seven Basic Tools of Quality (Seven Basic QC Tools)Seven Basic Tools of Quality (Seven Basic QC Tools)
Seven Basic Tools of Quality (Seven Basic QC Tools)
 
Problem Solving & Visualization Tools
Problem Solving & Visualization ToolsProblem Solving & Visualization Tools
Problem Solving & Visualization Tools
 
PDCA Problem Solving Process & Tools
PDCA Problem Solving Process & ToolsPDCA Problem Solving Process & Tools
PDCA Problem Solving Process & Tools
 
8D Problem Solving Process & Tools
8D Problem Solving Process & Tools8D Problem Solving Process & Tools
8D Problem Solving Process & Tools
 
Digital Transformation Process Poster
Digital Transformation Process PosterDigital Transformation Process Poster
Digital Transformation Process Poster
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
 
Four Steps of Jidoka Poster
Four Steps of Jidoka PosterFour Steps of Jidoka Poster
Four Steps of Jidoka Poster
 

Recently uploaded

Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
Workforce Group
 
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
ssuserf63bd7
 
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
Khaled Al Awadi
 
12 Conversion Rate Optimization Strategies for Ecommerce Websites.pdf
12 Conversion Rate Optimization Strategies for Ecommerce Websites.pdf12 Conversion Rate Optimization Strategies for Ecommerce Websites.pdf
12 Conversion Rate Optimization Strategies for Ecommerce Websites.pdf
SOFTTECHHUB
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
AUDIJEAngelo
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
Workforce Group
 

Recently uploaded (20)

India’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdfIndia’s Recommended Women Surgeons to Watch in 2024.pdf
India’s Recommended Women Surgeons to Watch in 2024.pdf
 
Cracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptxCracking the Workplace Discipline Code Main.pptx
Cracking the Workplace Discipline Code Main.pptx
 
Matt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdf
Matt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdfMatt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdf
Matt Conway - Attorney - A Knowledgeable Professional - Kentucky.pdf
 
Lookback Analysis
Lookback AnalysisLookback Analysis
Lookback Analysis
 
Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024Equinox Gold Corporate Deck May 24th 2024
Equinox Gold Corporate Deck May 24th 2024
 
HR and Employment law update: May 2024.
HR and Employment law update: May 2024.HR and Employment law update: May 2024.
HR and Employment law update: May 2024.
 
Global Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdfGlobal Interconnection Group Joint Venture[960] (1).pdf
Global Interconnection Group Joint Venture[960] (1).pdf
 
How to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptxHow to Maintain Healthy Life style.pptx
How to Maintain Healthy Life style.pptx
 
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
Byrd & Chen’s Canadian Tax Principles 2023-2024 Edition 1st edition Volumes I...
 
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
NewBase 24 May 2024 Energy News issue - 1727 by Khaled Al Awadi_compresse...
 
TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024TriStar Gold Corporate Presentation May 2024
TriStar Gold Corporate Presentation May 2024
 
Falcon Invoice Discounting Setup for Small Businesses
Falcon Invoice Discounting Setup for Small BusinessesFalcon Invoice Discounting Setup for Small Businesses
Falcon Invoice Discounting Setup for Small Businesses
 
Hyundai capital 2024 1quarter Earnings release
Hyundai capital 2024 1quarter Earnings releaseHyundai capital 2024 1quarter Earnings release
Hyundai capital 2024 1quarter Earnings release
 
IPTV Subscription UK: Your Guide to Choosing the Best Service
IPTV Subscription UK: Your Guide to Choosing the Best ServiceIPTV Subscription UK: Your Guide to Choosing the Best Service
IPTV Subscription UK: Your Guide to Choosing the Best Service
 
What are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdfWhat are the main advantages of using HR recruiter services.pdf
What are the main advantages of using HR recruiter services.pdf
 
Event Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybridEvent Report - IBM Think 2024 - It is all about AI and hybrid
Event Report - IBM Think 2024 - It is all about AI and hybrid
 
12 Conversion Rate Optimization Strategies for Ecommerce Websites.pdf
12 Conversion Rate Optimization Strategies for Ecommerce Websites.pdf12 Conversion Rate Optimization Strategies for Ecommerce Websites.pdf
12 Conversion Rate Optimization Strategies for Ecommerce Websites.pdf
 
chapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxationchapter 10 - excise tax of transfer and business taxation
chapter 10 - excise tax of transfer and business taxation
 
Easy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your ComputerEasy Way to Download and Set Up Gen TDS Software on Your Computer
Easy Way to Download and Set Up Gen TDS Software on Your Computer
 
Cracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptxCracking the Change Management Code Main New.pptx
Cracking the Change Management Code Main New.pptx
 

ISO 31000:2018 (Risk Management) Awareness Training

  • 1. © Operational Excellence Consulting ISO 31000:2018 Risk Management – Guidelines © Operational Excellence Consulting. All rights reserved.
  • 2. © Operational Excellence Consulting LEARNING OBJECTIVES 2 Understand the concept of risk as the uncertainty on objectives Describe the risk management principles, framework and process in the context of a Risk Management System Appreciate the value of ISO 31000 as the benchmark for best practice in managing risk NOTE: This is a PARTIAL PREVIEW. To download the complete presentation, please visit: https://www.oeconsulting.com.sg
  • 3. © Operational Excellence Consulting CONTENTS 3 INTRODUCTION & KEY CONCEPTS OF ISO 31000 THE THREE PILLARS OF ISO 31000 02 01
  • 4. © Operational Excellence Consulting ISO STANDARDS CONTRIBUTE DIRECTLY TO THE U.N. SUSTAINABLE DEVELOPMENT GOALS (SDGs) 4 ISO 14001:2015 Environmental Management Systems ISO/IEC 27001:2022 Information Security Management Systems ISO 22000:2018 Food Safety Management Systems ISO 26000:2010 Social Responsibility ISO 9001:2015 Quality Management Systems ISO 50001:2018 Energy Management Systems ISO 37001:2016 Anti-Bribery Management Systems ISO 45001:2018 Occupational Health & Safety Management Systems Some examples of popular ISO standards that are adopted by various companies and organizations:
  • 5. © Operational Excellence Consulting ● An international standard that provides principles and generic guidelines on risk management ● Not specific to any industry or sector ● Can be applied to any type of risk (financial, technological, natural, project) ● Can be applied to any type of organization ● Can be applied to organizational activities such as decision making WHAT IS ISO 31000? © Operational Excellence Consulting 5
  • 6. © Operational Excellence Consulting THE ISO 31000 FAMILY 6 Source: Adapted from ISO/IEC GUIDELINES RISK MANAGEMENT ISO 31000:2018 Risk management guidelines IEC 31010:2019 Risk assessment techniques ISO Guide 73:2009 Risk management vocabulary TECHNIQUES VOCABULARY Focus of this presentation
  • 7. © Operational Excellence Consulting ● Stresses commitment to diligent risk management ● Encourages priority setting ● Explains that risk management should itself create and protect value ● Stresses the importance of context ● Adopts the viewpoint that risk management is integral to the organization’s objectives © Operational Excellence Consulting KEY FOCUS OF ISO 31000 7
  • 8. © Operational Excellence Consulting 8 OBJECTIVES OF ISO 31000 Helps organizations develop a risk management strategy to effectively identify and mitigate risks Develop a risk management culture where employees and stakeholders are aware of the importance of monitoring and managing risk
  • 9. © Operational Excellence Consulting ● Risk is present in everything we do ● Risk can be a threat or an opportunity ● Anything that could harm, prevent, delay or enhance your ability to achieve your objectives ● ISO 9001:2015, ISO 14001:2015, ISO 22301:2012 and ISO 45001:2018 are all risk-based standards WHAT IS “RISK”? 9
  • 10. © Operational Excellence Consulting EXAMPLES OF RISKS 10 Infectious diseases Cyber crime Damage to reputation or brand Economic downturn Digital currency Political risk Climate change Terrorism
  • 11. © Operational Excellence Consulting ● Risk is something that we all face every day ● As a company, we have to take risks in pursuit of our commercial objectives ● To raise awareness that we all have to manage risk as part of our daily working lives as well as personal © Operational Excellence Consulting WHY DO WE NEED TO BE AWARE OF RISK? 11
  • 12. © Operational Excellence Consulting ● Reduce uncertainty to an acceptable level for better informed decisions leading to achieving or varying objectives ● Control the likelihood of events occurring that affect the certainty of achieving your objectives ● Reduce the likelihood of a negative consequence occurring or effectively and efficiently exploit an opportunity © Operational Excellence Consulting YOU MANAGE RISKS WHEN YOU… 12
  • 13. © Operational Excellence Consulting DEFINITION OF “RISK MANAGEMENT” 13 In ISO 31000, “risk management’ is defined as: Coordinated activities to direct and control an organization with regard to risk. Source: Based on ISO
  • 14. © Operational Excellence Consulting BENEFITS OF ADOPTING ISO 31000 STANDARD 14 Encourage proactive management Identify and treat risk throughout the organization Increase the likelihood of achieving objectives Improve financial reporting Improve governance Comply with relevant legal and regulatory requirements and internal norms Improve the identification of opportunities and threats Establish a reliable basis for decision making
  • 15. © Operational Excellence Consulting THE THREE PILLARS OF ISO 31000 15 FRAMEWORK (Clause 5) Risk Evaluation Risk Analysis Risk Identification Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING Leadership and Commitment Integrated Continual Improvement Human and Cultural Factors Best Available Information Dynamic Inclusive Customized Structured and Comprehensive Value Creation and Protection PRINCIPLES (Clause 4) PROCESS (Clause 6) Source: Adapted from ISO
  • 16. © Operational Excellence Consulting THE THREE PILLARS OF ISO 31000 16 PRINCIPLES Required elements of an effective and efficient risk management FRAMEWORK Assists in integrating risk management into the activities and functions of the organization PROCESS Integral part of management, structure, operations and processes (activities) of the organization The ISO 31000 standard comprises three pillars:
  • 17. © Operational Excellence Consulting © Operational Excellence Consulting RISK MANAGEMENT PRINCIPLES 17 Integrated Continual Improvement Human and Cultural Factors Best Available Information Dynamic Inclusive Customized Structured and Comprehensive Value Creation and Protection
  • 18. © Operational Excellence Consulting © Operational Excellence Consulting RISK MANAGEMENT FRAMEWORK 18 Leadership and Commitment
  • 19. © Operational Excellence Consulting © Operational Excellence Consulting RISK MANAGEMENT PROCESS 19 Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING Risk Evaluation Risk Analysis Risk Identification
  • 20. © Operational Excellence Consulting RISK MANAGEMENT PROCESS 20 DESCRIPTION Risk identification § What could prevent us from achieving our objectives? Risk analysis § Understanding the sources and causes of the identified risks; studying probabilities and consequences given the existing controls, to identify the level of residual risk. Risk evaluation § Comparing risk analysis results with risk criteria to determine whether the residual risk is tolerable. Risk treatment § Changing the magnitude and likelihood of consequences, both positive and negative, to achieve a net increase in benefit.
  • 21. © Operational Excellence Consulting ● Should be conducted systematically, iteratively and collaboratively ● Tools for risk management can be found in ISO/IEC 31010 ● Risk assessment is the process of: o Risk identification o Risk analysis, and o Risk evaluation RISK ASSESSMENT 21 Risk Management Process Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING Risk Evaluation Risk Analysis Risk Identification
  • 22. © Operational Excellence Consulting ● Find, recognize and describe risks that might help or prevent an organization achieving its objectives ● Relevant, appropriate and up-to- date information is important in identifying risks ● A risk not identified is a risk not analyzed, not evaluated and not treated ● The biggest risk of all is not to consider the risks of your objectives! RISK IDENTIFICATION 22 Risk Management Process Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING Risk Evaluation Risk Analysis Risk Identification
  • 23. © Operational Excellence Consulting ● The likelihood of events and consequences ● The nature and magnitude of consequences ● Complexity and connectivity ● Time-related factors and volatility ● The effectiveness of existing controls ● Sensitivity and confidence levels RISK ANALYSIS – FACTORS TO CONSIDER 23 Risk Management Process
  • 24. © Operational Excellence Consulting ● The purpose of risk treatment is to select and implement options for addressing risk: ● Selection of risk treatment options (balancing benefits against costs, effort and disadvantages – but justification might be broader) ● Preparing and implementing risk treatment plans ● No options available à risk should be recorded and kept under ongoing review RISK TREATMENT 24 Risk Management Process Risk Assessment Risk Treatment Scope, Context, Criteria COMMUNICATION & CONSULTATION MONITORING & REVIEW RECORDING & REPORTING Risk Evaluation Risk Analysis Risk Identification
  • 25. © Operational Excellence Consulting ISO 31000 KEY CLAUSE STRUCTURE (4-6) 25 4. Principles 5. Framework 6. Process Value creation and protection § Integrated § Structured and comprehensive § Customized § Inclusive § Dynamic § Best available information § Human and cultural factors § Continual improvement 5.1 General 5.2 Leadership and commitment 5.3 Integration 5.4 Design 5.4.1 Understanding the organization and its context 5.4.2 Articulating risk management commitment 5.4.3 Assigning organizational roles, authorities, responsibilities and accountabilities 5.4.4 Allocating resources 5.4.5 Establishing communication and consultation 5.5 Implementation 5.6 Evaluation 5.7 Improvement 5.7.1 Adapting 5.7.2 Continually improving 6.1 General 6.2 Communication and consultation 6.3 Scope, context and criteria 6.3.1 General 6.3.2 Defining the scope 6.3.3 External and internal context 6.3.4 Defining risk criteria 6.4 Risk management 6.4.1 General 6.4.2 Risk identification 6.4.3 Risk analysis 6.4.4 Risk evaluation 6.5 Risk treatment 6.5.1 General 6.5.2 Selection of risk treatment options 6.5.3 Preparing and implementing risk treatment plans 6.6 Monitoring and review 6.7 Recording and reporting
  • 26. © Operational Excellence Consulting ● An essential aspect of project management is controlling the inherent risks of a project ● Risks arise from uncertainty surrounding project decisions and outcomes ISO 31000 & PROJECT MANAGEMENT ● Most individuals associate the concept of risk with the potential for loss in value, control, functionality, quality, or timeliness of completion of a project ● However, project outcomes may also result in failure to maximize gain in an opportunity and the uncertainties in decision making leading up to this outcome can also be said to involve an element of risk 26
  • 27. © Operational Excellence Consulting 1. Do you have a risk management plan (it does not have to be lengthy or complicated)? 2. Have you identified and captured your risks in a risk register? 3. How have you evaluated and prioritized your risks? 4. Have you engaged the appropriate stakeholders in the risk identification and evaluation processes? 5. What about risk owners? Does each risk have a risk owner? 6. Have the risk owners developed risk response plans for the highest risks? 7. Are you facilitating a review of your risks periodically, resulting in updates to the risk register and effective risk responses? YOUR RISK MANAGEMENT CHECKLIST 27
  • 28. © Operational Excellence Consulting Operational Excellence Consulting is a management training and consulting firm that assists organizations in improving business performance and effectiveness. Based in Singapore, the firm’s mission is to create business value for organizations through innovative design and operational excellence management training and consulting solutions. For more information, please visit www.oeconsulting.com.sg ABOUT OPERATIONAL EXCELLENCE CONSULTING