This document discusses risk management principles and frameworks based on the ISO 31000:2009 standard. It defines key risk management terms and outlines the risk management process. The framework shows the relationship between risk management components. It also lists principles of risk management, including that risk management should create value, be systematic and iterative, and include stakeholders. Finally, it categorizes different types of risk management approaches and provides examples of risk types.

1. Risk Management
University of Economics, Kraków, 2012
Tomasz Aleksandrowicz

2. media monitoring: current risk events
(27 Feb - 4 Mar)

3. Framework, Process and
Principles of Risk Management
based on ISO 31000:2009
Principles and Guidelines on Implementation

4. Risk management definitions
• Risk owner
– person or entity with the accountability and authority to manage a risk
• Risk attitude
– approach to assess and eventually pursue, retain, take or turn away
from risk
• Risk appetite
– level of risk that an organization is prepared to accept
• Risk management policy
– statement of the overall intentions and direction of an organization
related to risk management
• Risk management plan
– approach, the management components and resources to be applied
to the management of risk

5. Framework of RM
Relationship between various components of the risk management framework

6. Process
of RM

8. Principles of risk management (I)
• should create and protect value
• integral part of organizational processes
• part of decision making
• addresses uncertainty by defining possible
risks
• systematic, structured and timely
• based on the best available information

9. Principles of risk management (II)
• tailored to organization’s
stakeholders, context and risk profile
• takes human and cultural factors into
account
• includes stakeholders impact on organization
• dynamic, iterative and responsive to change
• facilitates continual improvement and
enhancement of the organization

10. Risk types
Excercise
Choose risks from list and
assign to one of main risk categories:

11. Risk Management variants
• Enterprise Risk Management (ERM)
• Financial Risk Management (FRM)
• Operational Risk Management (ORM)
• IT Risk Management (e.g. Risk IT)
• Social Risk Management (SRM)
• Supply Chain Risk Management (SCRM)
• Project Risk Management