Risk Management and ISO 31000 - An Overview

7/29/2019 Risk Management and ISO 31000 - An Overview

1/14

Risk Management and ISO 31000

Doug Newdick


2/14


What Is Risk Management?

Risk is:

The effect of uncertainty on the ability of an organisation to

meet its objectives.

Risk management is:The range of activities that an organisation intentionally

undertakes to understand and reduce these effects.

Effective risk management is:

Executing these activities efficiently and in a way thatactually and demonstrably improves the ability of the

organisation to meet its objectives in a repeatable fashion.


3/14


What Is ISO 31000?

ISO 31000:2009 is:

An international standard that provides principles andguidelines for effective risk management

Not specific to any industry or sector

Able to be applied to any kind of risk Able to be applied to any kind of organisation

Intended to be tailored to meet the needs of theorganisation

The generic approach described in this Standard provides theprinciples and guidelines for managing any form of risk in asystematic, transparent and credible manner and within any

scope and context.


4/14


What Does ISO 31000 Cover?

ISO 31000:2009 contains: A set of risk management terms and their definitions

A set of principles for guiding and informing effectiverisk management for an enterprise

An outline and process for creating a riskmanagement framework

An outline and process for creating a riskmanagement process

ISO 31000 is: Clear

Sensible

Brief (24 pages)


5/14


What Does ISO 31000 Not Cover?

Detailed instructions on how to managerisk

A complete risk management framework

A complete risk management process

Formats or attributes for describing risks

Templates

Guidance on how to identify risks Advice on how to manage risks for a

specific domain


6/14


Background to ISO 31000

Australia and NZ developed AS/NZS 4360:1999 in1999. This was revised and reissued as AS/NZS4360:2004 in 2004. Australia and New Zealand ledthe world in enterprise risk management at thispoint!

There was no agreed de jure or de facto internationalstandard in place at this stage. There were a smallnumber of competing frameworks which were regardedas unsatisfactory.

In 2005 the International Standards Organisationstarted work on ISO 31000 using AS/NZS 4360:2004as its first draft.

ISO 31000 was issued to widespread acclaim in 2009.


7/14


ISO 31000 An Overview

Principles guide the creation ofthe framework

The framework defines theprocess

The performance of theprocess feeds back into the

framework

Principles Framework Process


8/14


ISO 31000 An Overview: Principles

Risk Management Principles

Creates and protects value

Integral part of organisational

processes

Explicitly addresses uncertainty

Part of decision making

Systematic, structured, and timely

Based on the best information

Tailored

Takes human and cultural factors

into account

Transparent and inclusive

Dynamic, iterative and responsive tochange

Facilitates continual improvement of

the organisation


9/14


ISO 31000 An Overview: Framework

Mandate and commitment

Monitoring and review of the

framework

Design of framework for managing risk

Understanding the organisation and

its contextEstablishing risk management policy

AccountabilityIntegration into organisational

processes

ResourcesEstablishing internal communication

and reporting mechanisms

Establishing external communication and

reporting mechanisms

Continual improvement of theframework

Implementing risk management

Implementing the framework for

managing risk

Implementing the risk management

process


10/14


ISO 31000 An Overview: Process

Communication

and

consultation

Establishing the context

Risk assessment

Monitoring and

review

Risk treatment

Risk identification

Risk analysis

Risk evaluation


11/14


Why Use ISO 31000?

Save yourself time and effort: Using the terms, principles and guidelines in ISO 31000

means you dont have to spend time and effort creatingyour own.

You can spend time on the things that really add value

managing the actual risks.Facilitate communication: Avoid misunderstandings by using concepts and terms

that are well known in the risk management community.

Provide higher quality output: Take advantage of the significant expertise in risk

management that the ISO has used in coming up with the

standard. Ensure you dont miss out any aspects of risk

management by using the standard as a checklist.


12/14


How Do I Apply ISO 31000?

When should I use ISO 31000?

When you are asked to identify or assess risks

When you are asked to manage risks

When you are asked to assess a riskmanagement framework or process

How should I use ISO 31000

Use it to frame the scope of the work

Use it to guide the engagement Use it to create a risk management process


13/14


ISO 31000 In Summary

ISO 31000 gives you a structured, crediblefoundation for discussions with about risk andrisk management.

ISO 31000 gives you a starting point for a riskmanagement process if you dont have one.

ISO 31000 gives you a standard vocabulary fortalking about risks and risk management.

ISO 31000 gives you a baseline for

comparisons and assessments of riskmanagement processes.


14/14


For Further Resources

Visit my blog:

http://dougnewdick.wordpress.com

Follow me on Twitter:@dougnewdick
http://dougnewdick.wordpress.com/http://dougnewdick.wordpress.com/

Date post:	14-Apr-2018
Category:	Documents
Upload:	rizaldi-djamil
View:	228 times
Download:	0 times

Risk Management and ISO 31000 - An Overview

Documents