SlideShare a Scribd company logo

ISO 31000.pdf

S
ssuser840a78

ISO 31000 overview

Leadership & Management
1 of 24
Download to read offline
ISO 31000 – Risk Management Standard ISO 31000 Risk Management Standard Ottawa February 27, 2008 John Shortreed, Director, Institute for Risk Research University of Waterloo (shortree@uwaterloo.ca) 1. What is ISO 31000? 2. What are the key components of 31000? y p 3. Questions workshop format to understand ISO 31000 by examining key components 1 jhs Ottawa 27/02/08
What is ISO 31000? Guide for principles and implementation of risk management • More or less final ‐ will be issued in 2009 along with Guide 73 (terms), and 31010 (revised IEC risk analysis standard ‐ originally ( ), ( y g y Canadian eh!) • Can review 31000 and have input by asking after April 1 for the • Can review 31000 and have input by asking after April 1 for the latest draft (free but must read, shortree@uwaterloo.ca ) Will l CSA Q850 T B d RIMS t t d • Will replace CSA Q850, Treasury Board, RIMS, etc. etc. and become the recognized international framework for risk management everywhere – good stuff, no fooling jhs Ottawa 27/02/08 2
first a few things about risk and 31000 • risk ; “effect of uncertainty on objectives” – positive and negative consequences safet compliance strateg an thing nder the s n – safety, compliance, strategy, anything under the sun • risk management; “coordinated activities to direct and control and organization with regard to risk” organization with regard to risk • risk management framework; “set of components that provide the foundations and organizational arrangements for designing, foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management processes throughout the organization” • risk management process; “systematic application of management policies, procedures and practices to the tasks of communication, consultation, establishing the context, identifying, analysing, evaluating treating monitoring and reviewing risk” evaluating, treating, monitoring and reviewing risk jhs Ottawa 27/02/08 3
Is this your organization? Is this your organization? • Name Brand has been tarnished • Continually in crisis management mode due to the absence of Quality Assurance mechanisms • Repeated cases of: – Overspending – Delays Delays – Non compliance with policies and regulations Self assessment by a Canadian Government department (good start!!) Quality assurance must follow & be coordinated with risk management jhs Ottawa 27/02/08 4
Your Organization and 31000 g • Every organization is unique, yours might be a regulator, a deliverer of services, a policy analysis shop, an enforcer of laws, , p y y p, , a facilitator of industry and commerce, support for education or literacy or rights, etc. • So implementation of risk management in every organization is different but instantaneously recognized as 31000 risk management framework process terminology and other best management framework, process, terminology, and other best practices. • So your organization’s risk management could be reviewed and evaluated by any other risk management literate person from any organization to mutual advantage. y g g
Workshop will rate your organization against key components in ISO 31000 key components in ISO 31000 In the process you will learn what is in 31000 Scorecard Scorecard 1. Risk Register ____/10 2 A t bilit /6 2. Accountability ____/6 3. RM Process ____/14 4. RM Framework ____/14 5. Integration ____/6 6. Terminology ____/5 (bonus) Total /50 ____/
Key components Workshop – Risk Register (RR) risk register; “ record of information about identified risks” 1. risk owner; “person or entity with the accountability and authority” 2 i k l ti i k l i t i k i t 2. risk evaluation – use risk analysis to compare risk against risk criteria and find level of risk – is it acceptable? 3. risk treatment; “process of developing, selecting, and implementing measures to modify risk” implementing measures to modify risk (control is “measures to modify risk” ) 4. risk trends, performance measures for risk and risk controls 5. record for every risk in the organization jhs Ottawa 27/02/08 7
The following three slides provide illustrations of risk i t h h b f d b f l i registers that have been found to be useful in organizations with successful ERM 1. A bow tie diagram used by Broadleaf Capital, used for design of risk treatment but also a risk used for design of risk treatment but also a risk register 2. An illustrative example of the approach used by , and 3. An illustrative example of how use their risk register for monitoring and review their risk register for monitoring and review
Example risk register for a specific Objective – illustration only Courtesy of Larry Warner of the Food Company 1. Identify initiatives and their associated descriptions with measurable objectives 2. Prioritize order 6. Management Team evaluates the probability of success in achieving this initiative’s overall objectives Risk Profile Ready‐to‐Heat Priority Aggressively grow and build the ready‐to‐heat business by expanding the d t li (15% NSV th & i t i h b 30%) d of the key initiatives based on their contribution to achieving the overall financial and strategic ƒ Accelerate innovation C d t tit l i ƒ Increase of aggressive competition from Rice Master and Fast Rice Mitigation Activities Risks Owner product line (15% NSV growth & maintain shares above 30%) and broaden the availability of the product. and strategic objectives within the OP 1 1,2,3 1 ƒ Conduct competitor analysis session from Rice Master and Fast Rice ƒ Aggressive year for growth target for the segment & brand ƒ Achieve new product growth targets 5. List of planned activities that will mitigate the risks match the mitigation 3. Document the individual in charge of the given initiative 2 3 1 Action Plan 4. List of risks that could hinder the bilit t t th i iti ti ’ bj ti mitigate the risks – match the mitigation strategies to risk through the reference numbers 7. Document the immediate next steps for effective ability to meet the initiative’s objectives steps for effective initiative execution
Initiative Risk Profile Trend Comments Business units are required to review and update a dashboard on a quarterly basis which allows tracking of performance over time Initiative Risk Profile Trend Comments Q3 ‘05Q4 ‘05Q1 ‘06Q2 ‘06 Re‐launch of Pedigree Effectively execute the re‐launch of Pedigree to achieve the growth targets (10%) Yellow Green Improving Shipments started in P2 to meet advertising schedule. Advertising on air (P2W3). Massive presentation to all customers was presentation to all customers was executed during P1 with excellent customer participation. Direct‐to‐store (DTS) Increase DTS operations by 10% and add 500 points of sale per cell Green Green Stable DTS operation is improving however there are still some areas that need to improve further. We p p p will expand when we have a holistic strategy. Associate engagement Increase associate engagement score from 85% to 90% within the factory Blue Green Improving Shift managers have been provided associate engagement training. All managers have held meetings with their team members. Bring Pet Dry plant online Make the Dry plant fully operational by P13 Red Blue Stable On track, construction permit granted. Plant will be ready by P13 Launch of Dove Blue Yellow Stable Increased risk due to current Launch of Dove Successfully launch Dove into the mass market and achieve 65% distribution Blue Yellow Stable Increased risk due to current demand exceeding supply. We have re‐phased the roll‐out for the mass market to ensure current supply is adequate.
Key components Workshop – Risk Register (RR) discuss at table then rate your organization out of 10 discuss at table, then rate your organization out of 10 risk register; “ record of information about identified risks” R h i f 2 Rate each item out of 2 1. risk owner; “person or entity with the accountability and authority” y 2. risk evaluation – use risk analysis to compare risk against risk criteria and find level of risk – is it acceptable? 3. risk treatment; “process of developing, selecting, and 3. risk treatment; process of developing, selecting, and implementing “measures to modify risk” (control is “measures to modify risk” ) 4 risk trends performance measures for risk and risk 4. risk trends, performance measures for risk and risk controls 5. record for every risk in the organization jhs Ottawa 27/02/08 12
Key components Workshop – Accountability di i i f 6 discuss, rate organization out of 6 • Policy that states each risk owner is accountable for y that risk, the associated controls and monitoring of risk • Accountability is assessed at manager’s annual performance review where evidence is expected performance review where evidence is expected • Culture of accountability is such that everyone knows Culture of accountability is such that everyone knows what risks they own and who owns risks that impact them jhs Ottawa 27/02/08 13
Key components Workshop – Risk Management Process discuss rate organization out of 14 N t discuss, rate organization out of 14 Establish the Establish the Notes • Risk assessment is the white boxes Identify Risks Establish the Context ew onsult Identify Risks Establish the Context ew onsult • Process is for every manager for every project, program, decision Identify Risks Analyse Risks and Revie ate and co Identify Risks Analyse Risks and Revie ate and co decision • 2 points‐have box, 1‐ being done y Evaluate Risks Monitor a mmunica y Evaluate Risks Monitor a mmunica • We will not spend much time here since this should be well known Treat Risks Co Treat Risks Co well known
Key components Workshop –Risk Management Framework discuss rate organization out of 14 discuss, rate organization out of 14 • Framework; “set of components that provide the foundations and organizational arrangement for designing implementing and organizational arrangement for designing, implementing, monitoring, reviewing and continually improving risk management processes throughout the organization” (wow a mouthful) mouthful) • Framework is new to 31000, follows Plan‐Do‐Check‐Act quality model and must follow principles outlined in 31000 model and must follow principles outlined in 31000 • Next two slides show – 1) relationship of of framework, process and principles – 2) details of framework implementation
5.2 Mandate and a) Creates value b) Integral part of organizational and commitment 5.3 Design of processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic 5.4 Implementing framework for managing risk 5.6 Continual e) Systematic, structured and timely f) Based on the best available information g) Tailored h) Takes human and Implementing risk management framework Continual improvement of the framework h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative 5.5 Monitoring and review of the framework and responsive to change k) Facilitates continual improvement and enhancement of the Framework for managing risk enhancement of the organization Principles for managing risk Processes for managing risk (Clause 5) (Clause 4) (Clause 6)
5.2 Mandate and commitment 5.3 Design of framework for managing risk 5.3.1 Understanding the organization and its context 5.3.2 Risk management policy plan 5.3.3 Integration into organizational processes 5.3.4 Accountability 5.3.5 Resources 5.3.6 Establishing internal communication and reporting mechanisms 5.3.7 Establishing external communication and reporting mechanisms 5.4 Implementing risk management 5.6 Continual improvement of the framework do act 5.4.1 Implementing the framework for managing risk 5.4.2 Implementing the risk management process 5.5 Monitoring and review of the framework check Continuous Improvement of the ISO 31000 Framework for risk management
Key components Workshop Risk Management Framework discuss rate organization out of 14 as follows discuss, rate organization out of 14 as follows • Proclaimed commitment & policy (2) Proclaimed commitment & policy (2) • Framework well known & communicated (2) • Continuous improvement of framework (2) • Continuous improvement of framework (2) • Principles – ½ point each to max of (4) Ch i d i l t ti l (2) • Champion and implementation plan (2) • Framework facilitated by a small risk group of 2‐ 4 l ith d li ti th 4 people, with processes and application the responsibility of managers in every unit in the organization’s hierarchy (2) organization s hierarchy (2)
Key components Workshop Integrated Risk Management discuss rate organization out of 6 discuss, rate organization out of 6 • Integrated approach to all risk silos from strategic to j k l f (2) new projects to workplace safety (2) I t t d i k t b i di id l • Integrated risk management by individual managers with other aspects of decision making, oversight of activities, etc. Not a separate task (2) , p ( ) • Risk management considered a core activity, referred to in annual reports, major topic in strategic and all decisions, etc. Opportunity focus as well as prevention of negative risks (2) of negative risks (2)
Key components Workshop –Terminology/concepts discuss have a term for 5 (bonus points) discuss, have a term for_______ 5 (bonus points) may currently use other than ISO 31000 terms • risk is “impact of uncertainty on objectives”, must be either positive or negative (1) • risk management framework for whole organization (1) • risk management framework for whole organization (1) • risk management process for individual manager everywhere in organization (1) • risk control as result of risk treatment, it is basis for risk owner’s actions to modify risk (1) • context, internal and external as the source of objectives, and , j , risk criteria used in risk evaluation (1) please see next slide for full list of 31000 terms please see next slide for full list of 31000 terms
risk management-coordinated activities to direct and control an organization with regard to risk risk management policy external context internal context risk profile Terms in ISO 31000 & Guide 73 risk – effect of uncertainty risk management framework risk management plan risk appetite risk attitude risk owner risk management audit exposure resilience risk evaluation-process of comparing the stakeholder those people and & Guide 73 on objectives event consequence results of risk analysis against risk criteria to determine whether the level of risk is acceptable or tolerable (part of risk management process) risk criteria risk tolerance risk aversion stakeholder those people and organizations who can affect, be affected by, or perceive themselves to be affected by a decision or activity likelihood uncertainty probability risk criteria risk tolerance risk aversion risk matrix risk aggregation communication and consultation risk perception risk reporting risk management process-systematic application of management policies, procedures frequency level of risk risk source h d and practices to the tasks of communicating, consultation, establishing the context, identifying, analysing, evaluating, treating, monitoring and reviewing risk risk assessment risk identification risk analysis monitoring review risk register hazard vulnerability risk register risk treatment–process of developing, selecting, and implementing measures to modify risk (part of risk management process) control risk sharing risk financing risk retention risk acceptance risk avoidance residual risk risk mitigation
Broadleaf Capital’s 10 point approach to Implementation of Risk Management g If Time topic ‐ Continued on next slide with 10 steps for implementation Approach Rational Rather than use a “design build” contractor with a pre-packaged approach to ERM it is preferred to have a consultant who partners with the organization in developing a customized framework, tools and methods that reflect the organization’s needs risk profile and and methods that reflect the organization s needs, risk profile, and organization structure. Risk management champions are found within the organization and trained to implement and roll out the framework in a top-down engagement process. This seems to achieve the most rapid take-up and long term ownership of risk management in the organization, by working with th i ti ’ li d i k t i li t the organisation’s line managers and risk management specialists, and building on their skills and experience risk management processes are more relevant to business needs and this also creates early and visible risk management benefits. y g (Purdy@broadleaf.com.au) for more information
Broadleaf’s 10 point approach to implementation of RM 1 Achieve an unequivocal Executive and Board mandate with a full appreciation 1. Achieve an unequivocal Executive and Board mandate with a full appreciation of the changes required at all levels of the organisation. 2. Undertake a gap analysis and maturity evaluation. 3. Develop a carefully tailored framework, based on ISO 31000 risk management f k i i l d ll th i ti ’ t t d framework, principles, and process as well as the organisation’s context and structure necessary for ERM to be implemented and sustained. 4. Workshop and develop a strategic risk management plan to implement the framework utilizing practical tools and best practice methods 5. Develop and gain senior management agreement on a set of performance- base standards to codify the framework and its implementation plan. 6. Create a tailored risk management information system, that enforces accountability for risks controls and tasks supports control assurance and accountability for risks, controls and tasks, supports control assurance and enables risk management performance management and reporting. 7. Cause Champions to be appointed within the organisation and trained to create the confidence, skills and local management support needed for roll-out 8. Help Champions engage local management and implement the framework and risk management plan, generating risk registers, etc. 9. Establish a process and structure for RM performance management and reporting, including committees and review groups, and performance reporting, including committees and review groups, and performance measures. 10. Periodically, review, benchmark, and revise the framework.
Questions please p 20 sec questions q 30 sec answers Also ask shortree@uwaterloo.ca

Recommended

ISO 31000 Risk Management
ISO 31000 Risk ManagementISO 31000 Risk Management
ISO 31000 Risk ManagementRamiro Cid
 
Ems pro-07 doc control
Ems pro-07 doc controlEms pro-07 doc control
Ems pro-07 doc controlTim Matthews
 
Iso 31000.pdf
Iso 31000.pdfIso 31000.pdf
Iso 31000.pdfAdykMargaRaharja
 
Quality risk management
Quality risk managementQuality risk management
Quality risk managementKarunaMane1
 
Iso 31000
Iso 31000Iso 31000
Iso 31000Dr. Jojo Javier
 
Iso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesIso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesMohsen Gharakhani
 
Iso 31000 presentation
Iso 31000 presentationIso 31000 presentation
Iso 31000 presentationchristianaegerter1
 
ISO 14001:2015 Documentation ppt
ISO 14001:2015 Documentation pptISO 14001:2015 Documentation ppt
ISO 14001:2015 Documentation pptGlobal Manager Group
 

Recommended

ISO 31000 Risk Management
ISO 31000 Risk ManagementISO 31000 Risk Management
ISO 31000 Risk ManagementRamiro Cid
 
Ems pro-07 doc control
Ems pro-07 doc controlEms pro-07 doc control
Ems pro-07 doc controlTim Matthews
 
Iso 31000.pdf
Iso 31000.pdfIso 31000.pdf
Iso 31000.pdfAdykMargaRaharja
 
Quality risk management
Quality risk managementQuality risk management
Quality risk managementKarunaMane1
 
Iso 31000
Iso 31000Iso 31000
Iso 31000Dr. Jojo Javier
 
Iso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesIso 31000 Risk management Principles and guidelines
Iso 31000 Risk management Principles and guidelinesMohsen Gharakhani
 
Iso 31000 presentation
Iso 31000 presentationIso 31000 presentation
Iso 31000 presentationchristianaegerter1
 
ISO 14001:2015 Documentation ppt
ISO 14001:2015 Documentation pptISO 14001:2015 Documentation ppt
ISO 14001:2015 Documentation pptGlobal Manager Group
 
ISO 9001/14001/45001 requirements comparison
ISO 9001/14001/45001 requirements comparisonISO 9001/14001/45001 requirements comparison
ISO 9001/14001/45001 requirements comparisonCentauri Business Group Inc.
 
ISO 45001 audit tool
ISO 45001 audit toolISO 45001 audit tool
ISO 45001 audit toolDr Madhu Aman Sharma
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
 
ISO 31000
ISO 31000ISO 31000
ISO 31000yeganehmajidi
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Iso 45001 certification
Iso 45001 certificationIso 45001 certification
Iso 45001 certificationSIS Certifications
 
Implementing Agile in an FDA Regulated Environment
Implementing Agile in an FDA Regulated EnvironmentImplementing Agile in an FDA Regulated Environment
Implementing Agile in an FDA Regulated EnvironmentTechWell
 
PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5
PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5 PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5
PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5 Brijesh Singh
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
Enterprise-wide Risk Assessment Presentation, dated 03-08-11
Enterprise-wide Risk Assessment Presentation, dated 03-08-11Enterprise-wide Risk Assessment Presentation, dated 03-08-11
Enterprise-wide Risk Assessment Presentation, dated 03-08-11wcooling
 
T410 iso 19011
T410 iso 19011T410 iso 19011
T410 iso 19011Mponeng Poo
 
ISO 31000 risk management process
ISO 31000 risk management processISO 31000 risk management process
ISO 31000 risk management processMuizz Anibire
 
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001Global Manager Group
 
Basic of Integrated Management System
Basic of Integrated Management SystemBasic of Integrated Management System
Basic of Integrated Management Systemjamaluddin ma'ruf
 
Risk based thinking
Risk based thinkingRisk based thinking
Risk based thinkingRamasubramanian S
 
Preparing for ISO 45001 - The new WHS Systems Standard
Preparing for ISO 45001 - The new WHS Systems StandardPreparing for ISO 45001 - The new WHS Systems Standard
Preparing for ISO 45001 - The new WHS Systems StandardAustralian Institute of Health & Safety
 
Quality risk management by talha usmani
Quality risk management by talha usmaniQuality risk management by talha usmani
Quality risk management by talha usmanimtalhausmani
 
QSP 6.1 Actions to address risks and opportunities (Preview)
QSP 6.1 Actions to address risks and opportunities (Preview)QSP 6.1 Actions to address risks and opportunities (Preview)
QSP 6.1 Actions to address risks and opportunities (Preview)Centauri Business Group Inc.
 
Control of-documented-information-procedure-sample
Control of-documented-information-procedure-sampleControl of-documented-information-procedure-sample
Control of-documented-information-procedure-samplemvijay Kumar
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 
Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationDavid Fernandes
 
Risk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfRisk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfHimanshuMishra203021
 

More Related Content

What's hot

How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsCase IQ
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Implementing Agile in an FDA Regulated Environment
Implementing Agile in an FDA Regulated EnvironmentImplementing Agile in an FDA Regulated Environment
Implementing Agile in an FDA Regulated EnvironmentTechWell
 
PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5
PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5 PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5
PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5 Brijesh Singh
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
Enterprise-wide Risk Assessment Presentation, dated 03-08-11
Enterprise-wide Risk Assessment Presentation, dated 03-08-11Enterprise-wide Risk Assessment Presentation, dated 03-08-11
Enterprise-wide Risk Assessment Presentation, dated 03-08-11wcooling
 
ISO 31000 risk management process
ISO 31000 risk management processISO 31000 risk management process
ISO 31000 risk management processMuizz Anibire
 
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001Global Manager Group
 
Basic of Integrated Management System
Basic of Integrated Management SystemBasic of Integrated Management System
Basic of Integrated Management Systemjamaluddin ma'ruf
 
Quality risk management by talha usmani
Quality risk management by talha usmaniQuality risk management by talha usmani
Quality risk management by talha usmanimtalhausmani
 
QSP 6.1 Actions to address risks and opportunities (Preview)
QSP 6.1 Actions to address risks and opportunities (Preview)QSP 6.1 Actions to address risks and opportunities (Preview)
QSP 6.1 Actions to address risks and opportunities (Preview)Centauri Business Group Inc.
 
Control of-documented-information-procedure-sample
Control of-documented-information-procedure-sampleControl of-documented-information-procedure-sample
Control of-documented-information-procedure-samplemvijay Kumar
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 

What's hot (20)

ISO 9001/14001/45001 requirements comparison
ISO 9001/14001/45001 requirements comparisonISO 9001/14001/45001 requirements comparison
ISO 9001/14001/45001 requirements comparison
 
ISO 45001 audit tool
ISO 45001 audit toolISO 45001 audit tool
ISO 45001 audit tool
 
How to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential StepsHow to Create a Risk Profile for Your Organization: 10 Essential Steps
How to Create a Risk Profile for Your Organization: 10 Essential Steps
 
ISO 31000
ISO 31000ISO 31000
ISO 31000
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
 
Iso 45001 certification
Iso 45001 certificationIso 45001 certification
Iso 45001 certification
 
Implementing Agile in an FDA Regulated Environment
Implementing Agile in an FDA Regulated EnvironmentImplementing Agile in an FDA Regulated Environment
Implementing Agile in an FDA Regulated Environment
 
PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5
PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5 PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5
PRESENTATION ON ISO - 9001, 14001, & 45001 Clause - 5
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 
Enterprise-wide Risk Assessment Presentation, dated 03-08-11
Enterprise-wide Risk Assessment Presentation, dated 03-08-11Enterprise-wide Risk Assessment Presentation, dated 03-08-11
Enterprise-wide Risk Assessment Presentation, dated 03-08-11
 
T410 iso 19011
T410 iso 19011T410 iso 19011
T410 iso 19011
 
ISO 31000 risk management process
ISO 31000 risk management processISO 31000 risk management process
ISO 31000 risk management process
 
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
IMS Documentation Requirements As per ISO 9001,ISO 14001 and ISO 45001
 
Basic of Integrated Management System
Basic of Integrated Management SystemBasic of Integrated Management System
Basic of Integrated Management System
 
Risk based thinking
Risk based thinkingRisk based thinking
Risk based thinking
 
Preparing for ISO 45001 - The new WHS Systems Standard
Preparing for ISO 45001 - The new WHS Systems StandardPreparing for ISO 45001 - The new WHS Systems Standard
Preparing for ISO 45001 - The new WHS Systems Standard
 
Quality risk management by talha usmani
Quality risk management by talha usmaniQuality risk management by talha usmani
Quality risk management by talha usmani
 
QSP 6.1 Actions to address risks and opportunities (Preview)
QSP 6.1 Actions to address risks and opportunities (Preview)QSP 6.1 Actions to address risks and opportunities (Preview)
QSP 6.1 Actions to address risks and opportunities (Preview)
 
Control of-documented-information-procedure-sample
Control of-documented-information-procedure-sampleControl of-documented-information-procedure-sample
Control of-documented-information-procedure-sample
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009
 

Similar to ISO 31000.pdf

Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationDavid Fernandes
 
Risk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfRisk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfHimanshuMishra203021
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmTim Leech
 
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiImplementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiPraneet Surti
 
Risk Management Presentation to Doyle Property Club
Risk Management Presentation to Doyle Property ClubRisk Management Presentation to Doyle Property Club
Risk Management Presentation to Doyle Property Clubmarcpreston
 
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahiSN Panigrahi, PMP
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinRamaica Ona
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinAahil Malik
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinsteinSukumar Reddy
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk managementInfosys
 
Everything you need to know about Risk Management
Everything you need to know about Risk ManagementEverything you need to know about Risk Management
Everything you need to know about Risk ManagementITM Platform
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationAlvin Integrated Services [AIS]
 
Corporate and Project Risk Management Toolkit
Corporate and Project Risk Management Toolkit Corporate and Project Risk Management Toolkit
Corporate and Project Risk Management Toolkit Aurelien Domont, MBA
 
Risk Analysis
Risk AnalysisRisk Analysis
Risk AnalysisCIToolkit
 
An introduction to finance
An introduction to financeAn introduction to finance
An introduction to financeRobert Reed
 
Pm0016 set-1
Pm0016 set-1Pm0016 set-1
Pm0016 set-1Paul Hunt
 
project risk management
project risk managementproject risk management
project risk managementAshima Thakur
 

Similar to ISO 31000.pdf (20)

Super Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy PresentationSuper Strategies 2014 Risk Strategy Presentation
Super Strategies 2014 Risk Strategy Presentation
 
Risk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdfRisk Based Thinking ISO 9001 Presentation.pdf
Risk Based Thinking ISO 9001 Presentation.pdf
 
Five lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & ermFive lines of assurance a new paradigm in internal audit & erm
Five lines of assurance a new paradigm in internal audit & erm
 
Five Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA ParadigmFive Lines of Assurance A New ERM and IA Paradigm
Five Lines of Assurance A New ERM and IA Paradigm
 
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet SurtiImplementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
Implementing Risk Based Thinking in HLS OF ISO 9001:2015 - Praneet Surti
 
Risk Management Presentation to Doyle Property Club
Risk Management Presentation to Doyle Property ClubRisk Management Presentation to Doyle Property Club
Risk Management Presentation to Doyle Property Club
 
#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi#Contract Risk Audit# By SN panigrahi
#Contract Risk Audit# By SN panigrahi
 
Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management Creating Value Through Enterprise Risk Management
Creating Value Through Enterprise Risk Management
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
1 -corinne_berinstein
1 -corinne_berinstein1 -corinne_berinstein
1 -corinne_berinstein
 
Enterprise 360 degree risk management
Enterprise 360 degree risk managementEnterprise 360 degree risk management
Enterprise 360 degree risk management
 
Everything you need to know about Risk Management
Everything you need to know about Risk ManagementEverything you need to know about Risk Management
Everything you need to know about Risk Management
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and Implementation
 
Corporate and Project Risk Management Toolkit
Corporate and Project Risk Management Toolkit Corporate and Project Risk Management Toolkit
Corporate and Project Risk Management Toolkit
 
Trustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing riskTrustee Conference AM4: Effectively managing risk
Trustee Conference AM4: Effectively managing risk
 
Risk Analysis
Risk AnalysisRisk Analysis
Risk Analysis
 
An introduction to finance
An introduction to financeAn introduction to finance
An introduction to finance
 
Pm0016 set-1
Pm0016 set-1Pm0016 set-1
Pm0016 set-1
 
project risk management
project risk managementproject risk management
project risk management
 

Recently uploaded

ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...AgileNetwork
 
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixUnlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixCIToolkit
 
Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insightWayne Abrahams
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Reviewthomas851723
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Nehwal
 
Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentationmintusiprd
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sectorthomas851723
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Roomdivyansh0kumar0
 
Introduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-EngineeringIntroduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-Engineeringthomas851723
 
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingSimplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingCIToolkit
 
Board Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch PresentationBoard Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch Presentationcraig524401
 

Recently uploaded (13)

ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
ANIn Gurugram April 2024 |Can Agile and AI work together? by Pramodkumar Shri...
 
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency MatrixUnlocking Productivity and Personal Growth through the Importance-Urgency Matrix
Unlocking Productivity and Personal Growth through the Importance-Urgency Matrix
 
Reflecting, turning experience into insight
Reflecting, turning experience into insightReflecting, turning experience into insight
Reflecting, turning experience into insight
 
LPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations ReviewLPC Operations Review PowerPoint | Operations Review
LPC Operations Review PowerPoint | Operations Review
 
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
Pooja Mehta 9167673311, Trusted Call Girls In NAVI MUMBAI Cash On Payment , V...
 
Fifteenth Finance Commission Presentation
Fifteenth Finance Commission PresentationFifteenth Finance Commission Presentation
Fifteenth Finance Commission Presentation
 
LPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business SectorLPC Warehouse Management System For Clients In The Business Sector
LPC Warehouse Management System For Clients In The Business Sector
 
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Rajarhat 👉 8250192130 Available With Room
 
Introduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-EngineeringIntroduction to LPC - Facility Design And Re-Engineering
Introduction to LPC - Facility Design And Re-Engineering
 
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICECall Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
Call Girls Service Tilak Nagar @9999965857 Delhi 🫦 No Advance VVIP 🍎 SERVICE
 
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Servicesauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
sauth delhi call girls in Defence Colony🔝 9953056974 🔝 escort Service
 
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes ThinkingSimplifying Complexity: How the Four-Field Matrix Reshapes Thinking
Simplifying Complexity: How the Four-Field Matrix Reshapes Thinking
 
Board Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch PresentationBoard Diversity Initiaive Launch Presentation
Board Diversity Initiaive Launch Presentation
 

ISO 31000.pdf

  • 1. ISO 31000 – Risk Management Standard ISO 31000 Risk Management Standard Ottawa February 27, 2008 John Shortreed, Director, Institute for Risk Research University of Waterloo (shortree@uwaterloo.ca) 1. What is ISO 31000? 2. What are the key components of 31000? y p 3. Questions workshop format to understand ISO 31000 by examining key components 1 jhs Ottawa 27/02/08
  • 2. What is ISO 31000? Guide for principles and implementation of risk management • More or less final ‐ will be issued in 2009 along with Guide 73 (terms), and 31010 (revised IEC risk analysis standard ‐ originally ( ), ( y g y Canadian eh!) • Can review 31000 and have input by asking after April 1 for the • Can review 31000 and have input by asking after April 1 for the latest draft (free but must read, shortree@uwaterloo.ca ) Will l CSA Q850 T B d RIMS t t d • Will replace CSA Q850, Treasury Board, RIMS, etc. etc. and become the recognized international framework for risk management everywhere – good stuff, no fooling jhs Ottawa 27/02/08 2
  • 3. first a few things about risk and 31000 • risk ; “effect of uncertainty on objectives” – positive and negative consequences safet compliance strateg an thing nder the s n – safety, compliance, strategy, anything under the sun • risk management; “coordinated activities to direct and control and organization with regard to risk” organization with regard to risk • risk management framework; “set of components that provide the foundations and organizational arrangements for designing, foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management processes throughout the organization” • risk management process; “systematic application of management policies, procedures and practices to the tasks of communication, consultation, establishing the context, identifying, analysing, evaluating treating monitoring and reviewing risk” evaluating, treating, monitoring and reviewing risk jhs Ottawa 27/02/08 3
  • 4. Is this your organization? Is this your organization? • Name Brand has been tarnished • Continually in crisis management mode due to the absence of Quality Assurance mechanisms • Repeated cases of: – Overspending – Delays Delays – Non compliance with policies and regulations Self assessment by a Canadian Government department (good start!!) Quality assurance must follow & be coordinated with risk management jhs Ottawa 27/02/08 4
  • 5. Your Organization and 31000 g • Every organization is unique, yours might be a regulator, a deliverer of services, a policy analysis shop, an enforcer of laws, , p y y p, , a facilitator of industry and commerce, support for education or literacy or rights, etc. • So implementation of risk management in every organization is different but instantaneously recognized as 31000 risk management framework process terminology and other best management framework, process, terminology, and other best practices. • So your organization’s risk management could be reviewed and evaluated by any other risk management literate person from any organization to mutual advantage. y g g
  • 6. Workshop will rate your organization against key components in ISO 31000 key components in ISO 31000 In the process you will learn what is in 31000 Scorecard Scorecard 1. Risk Register ____/10 2 A t bilit /6 2. Accountability ____/6 3. RM Process ____/14 4. RM Framework ____/14 5. Integration ____/6 6. Terminology ____/5 (bonus) Total /50 ____/
  • 7. Key components Workshop – Risk Register (RR) risk register; “ record of information about identified risks” 1. risk owner; “person or entity with the accountability and authority” 2 i k l ti i k l i t i k i t 2. risk evaluation – use risk analysis to compare risk against risk criteria and find level of risk – is it acceptable? 3. risk treatment; “process of developing, selecting, and implementing measures to modify risk” implementing measures to modify risk (control is “measures to modify risk” ) 4. risk trends, performance measures for risk and risk controls 5. record for every risk in the organization jhs Ottawa 27/02/08 7
  • 8. The following three slides provide illustrations of risk i t h h b f d b f l i registers that have been found to be useful in organizations with successful ERM 1. A bow tie diagram used by Broadleaf Capital, used for design of risk treatment but also a risk used for design of risk treatment but also a risk register 2. An illustrative example of the approach used by , and 3. An illustrative example of how use their risk register for monitoring and review their risk register for monitoring and review
  • 9.
  • 10. Example risk register for a specific Objective – illustration only Courtesy of Larry Warner of the Food Company 1. Identify initiatives and their associated descriptions with measurable objectives 2. Prioritize order 6. Management Team evaluates the probability of success in achieving this initiative’s overall objectives Risk Profile Ready‐to‐Heat Priority Aggressively grow and build the ready‐to‐heat business by expanding the d t li (15% NSV th & i t i h b 30%) d of the key initiatives based on their contribution to achieving the overall financial and strategic ƒ Accelerate innovation C d t tit l i ƒ Increase of aggressive competition from Rice Master and Fast Rice Mitigation Activities Risks Owner product line (15% NSV growth & maintain shares above 30%) and broaden the availability of the product. and strategic objectives within the OP 1 1,2,3 1 ƒ Conduct competitor analysis session from Rice Master and Fast Rice ƒ Aggressive year for growth target for the segment & brand ƒ Achieve new product growth targets 5. List of planned activities that will mitigate the risks match the mitigation 3. Document the individual in charge of the given initiative 2 3 1 Action Plan 4. List of risks that could hinder the bilit t t th i iti ti ’ bj ti mitigate the risks – match the mitigation strategies to risk through the reference numbers 7. Document the immediate next steps for effective ability to meet the initiative’s objectives steps for effective initiative execution
  • 11. Initiative Risk Profile Trend Comments Business units are required to review and update a dashboard on a quarterly basis which allows tracking of performance over time Initiative Risk Profile Trend Comments Q3 ‘05Q4 ‘05Q1 ‘06Q2 ‘06 Re‐launch of Pedigree Effectively execute the re‐launch of Pedigree to achieve the growth targets (10%) Yellow Green Improving Shipments started in P2 to meet advertising schedule. Advertising on air (P2W3). Massive presentation to all customers was presentation to all customers was executed during P1 with excellent customer participation. Direct‐to‐store (DTS) Increase DTS operations by 10% and add 500 points of sale per cell Green Green Stable DTS operation is improving however there are still some areas that need to improve further. We p p p will expand when we have a holistic strategy. Associate engagement Increase associate engagement score from 85% to 90% within the factory Blue Green Improving Shift managers have been provided associate engagement training. All managers have held meetings with their team members. Bring Pet Dry plant online Make the Dry plant fully operational by P13 Red Blue Stable On track, construction permit granted. Plant will be ready by P13 Launch of Dove Blue Yellow Stable Increased risk due to current Launch of Dove Successfully launch Dove into the mass market and achieve 65% distribution Blue Yellow Stable Increased risk due to current demand exceeding supply. We have re‐phased the roll‐out for the mass market to ensure current supply is adequate.
  • 12. Key components Workshop – Risk Register (RR) discuss at table then rate your organization out of 10 discuss at table, then rate your organization out of 10 risk register; “ record of information about identified risks” R h i f 2 Rate each item out of 2 1. risk owner; “person or entity with the accountability and authority” y 2. risk evaluation – use risk analysis to compare risk against risk criteria and find level of risk – is it acceptable? 3. risk treatment; “process of developing, selecting, and 3. risk treatment; process of developing, selecting, and implementing “measures to modify risk” (control is “measures to modify risk” ) 4 risk trends performance measures for risk and risk 4. risk trends, performance measures for risk and risk controls 5. record for every risk in the organization jhs Ottawa 27/02/08 12
  • 13. Key components Workshop – Accountability di i i f 6 discuss, rate organization out of 6 • Policy that states each risk owner is accountable for y that risk, the associated controls and monitoring of risk • Accountability is assessed at manager’s annual performance review where evidence is expected performance review where evidence is expected • Culture of accountability is such that everyone knows Culture of accountability is such that everyone knows what risks they own and who owns risks that impact them jhs Ottawa 27/02/08 13
  • 14. Key components Workshop – Risk Management Process discuss rate organization out of 14 N t discuss, rate organization out of 14 Establish the Establish the Notes • Risk assessment is the white boxes Identify Risks Establish the Context ew onsult Identify Risks Establish the Context ew onsult • Process is for every manager for every project, program, decision Identify Risks Analyse Risks and Revie ate and co Identify Risks Analyse Risks and Revie ate and co decision • 2 points‐have box, 1‐ being done y Evaluate Risks Monitor a mmunica y Evaluate Risks Monitor a mmunica • We will not spend much time here since this should be well known Treat Risks Co Treat Risks Co well known
  • 15. Key components Workshop –Risk Management Framework discuss rate organization out of 14 discuss, rate organization out of 14 • Framework; “set of components that provide the foundations and organizational arrangement for designing implementing and organizational arrangement for designing, implementing, monitoring, reviewing and continually improving risk management processes throughout the organization” (wow a mouthful) mouthful) • Framework is new to 31000, follows Plan‐Do‐Check‐Act quality model and must follow principles outlined in 31000 model and must follow principles outlined in 31000 • Next two slides show – 1) relationship of of framework, process and principles – 2) details of framework implementation
  • 16. 5.2 Mandate and a) Creates value b) Integral part of organizational and commitment 5.3 Design of processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic 5.4 Implementing framework for managing risk 5.6 Continual e) Systematic, structured and timely f) Based on the best available information g) Tailored h) Takes human and Implementing risk management framework Continual improvement of the framework h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative 5.5 Monitoring and review of the framework and responsive to change k) Facilitates continual improvement and enhancement of the Framework for managing risk enhancement of the organization Principles for managing risk Processes for managing risk (Clause 5) (Clause 4) (Clause 6)
  • 17. 5.2 Mandate and commitment 5.3 Design of framework for managing risk 5.3.1 Understanding the organization and its context 5.3.2 Risk management policy plan 5.3.3 Integration into organizational processes 5.3.4 Accountability 5.3.5 Resources 5.3.6 Establishing internal communication and reporting mechanisms 5.3.7 Establishing external communication and reporting mechanisms 5.4 Implementing risk management 5.6 Continual improvement of the framework do act 5.4.1 Implementing the framework for managing risk 5.4.2 Implementing the risk management process 5.5 Monitoring and review of the framework check Continuous Improvement of the ISO 31000 Framework for risk management
  • 18. Key components Workshop Risk Management Framework discuss rate organization out of 14 as follows discuss, rate organization out of 14 as follows • Proclaimed commitment & policy (2) Proclaimed commitment & policy (2) • Framework well known & communicated (2) • Continuous improvement of framework (2) • Continuous improvement of framework (2) • Principles – ½ point each to max of (4) Ch i d i l t ti l (2) • Champion and implementation plan (2) • Framework facilitated by a small risk group of 2‐ 4 l ith d li ti th 4 people, with processes and application the responsibility of managers in every unit in the organization’s hierarchy (2) organization s hierarchy (2)
  • 19. Key components Workshop Integrated Risk Management discuss rate organization out of 6 discuss, rate organization out of 6 • Integrated approach to all risk silos from strategic to j k l f (2) new projects to workplace safety (2) I t t d i k t b i di id l • Integrated risk management by individual managers with other aspects of decision making, oversight of activities, etc. Not a separate task (2) , p ( ) • Risk management considered a core activity, referred to in annual reports, major topic in strategic and all decisions, etc. Opportunity focus as well as prevention of negative risks (2) of negative risks (2)
  • 20. Key components Workshop –Terminology/concepts discuss have a term for 5 (bonus points) discuss, have a term for_______ 5 (bonus points) may currently use other than ISO 31000 terms • risk is “impact of uncertainty on objectives”, must be either positive or negative (1) • risk management framework for whole organization (1) • risk management framework for whole organization (1) • risk management process for individual manager everywhere in organization (1) • risk control as result of risk treatment, it is basis for risk owner’s actions to modify risk (1) • context, internal and external as the source of objectives, and , j , risk criteria used in risk evaluation (1) please see next slide for full list of 31000 terms please see next slide for full list of 31000 terms
  • 21. risk management-coordinated activities to direct and control an organization with regard to risk risk management policy external context internal context risk profile Terms in ISO 31000 & Guide 73 risk – effect of uncertainty risk management framework risk management plan risk appetite risk attitude risk owner risk management audit exposure resilience risk evaluation-process of comparing the stakeholder those people and & Guide 73 on objectives event consequence results of risk analysis against risk criteria to determine whether the level of risk is acceptable or tolerable (part of risk management process) risk criteria risk tolerance risk aversion stakeholder those people and organizations who can affect, be affected by, or perceive themselves to be affected by a decision or activity likelihood uncertainty probability risk criteria risk tolerance risk aversion risk matrix risk aggregation communication and consultation risk perception risk reporting risk management process-systematic application of management policies, procedures frequency level of risk risk source h d and practices to the tasks of communicating, consultation, establishing the context, identifying, analysing, evaluating, treating, monitoring and reviewing risk risk assessment risk identification risk analysis monitoring review risk register hazard vulnerability risk register risk treatment–process of developing, selecting, and implementing measures to modify risk (part of risk management process) control risk sharing risk financing risk retention risk acceptance risk avoidance residual risk risk mitigation
  • 22. Broadleaf Capital’s 10 point approach to Implementation of Risk Management g If Time topic ‐ Continued on next slide with 10 steps for implementation Approach Rational Rather than use a “design build” contractor with a pre-packaged approach to ERM it is preferred to have a consultant who partners with the organization in developing a customized framework, tools and methods that reflect the organization’s needs risk profile and and methods that reflect the organization s needs, risk profile, and organization structure. Risk management champions are found within the organization and trained to implement and roll out the framework in a top-down engagement process. This seems to achieve the most rapid take-up and long term ownership of risk management in the organization, by working with th i ti ’ li d i k t i li t the organisation’s line managers and risk management specialists, and building on their skills and experience risk management processes are more relevant to business needs and this also creates early and visible risk management benefits. y g (Purdy@broadleaf.com.au) for more information
  • 23. Broadleaf’s 10 point approach to implementation of RM 1 Achieve an unequivocal Executive and Board mandate with a full appreciation 1. Achieve an unequivocal Executive and Board mandate with a full appreciation of the changes required at all levels of the organisation. 2. Undertake a gap analysis and maturity evaluation. 3. Develop a carefully tailored framework, based on ISO 31000 risk management f k i i l d ll th i ti ’ t t d framework, principles, and process as well as the organisation’s context and structure necessary for ERM to be implemented and sustained. 4. Workshop and develop a strategic risk management plan to implement the framework utilizing practical tools and best practice methods 5. Develop and gain senior management agreement on a set of performance- base standards to codify the framework and its implementation plan. 6. Create a tailored risk management information system, that enforces accountability for risks controls and tasks supports control assurance and accountability for risks, controls and tasks, supports control assurance and enables risk management performance management and reporting. 7. Cause Champions to be appointed within the organisation and trained to create the confidence, skills and local management support needed for roll-out 8. Help Champions engage local management and implement the framework and risk management plan, generating risk registers, etc. 9. Establish a process and structure for RM performance management and reporting, including committees and review groups, and performance reporting, including committees and review groups, and performance measures. 10. Periodically, review, benchmark, and revise the framework.
  • 24. Questions please p 20 sec questions q 30 sec answers Also ask shortree@uwaterloo.ca