2/6/2013 1 Using the ISO 31000 Risk Management Guide In your Risk Control Work Jim Newberry - ISO 31000 TAG member Risk Mgt./Ins. Practice Specialty Admin. AVP & Risk Control Mgr. - Island Ins. Co. Loss Control Virtual Symposium February 6, 2013 Be Flexible You can use RM whole sale or ala-carte RA tools – what you need to know There are many tools – go discover Use the right one for the job Create a risk register and go from there Risk Assessment Tools
15
Embed
Using ISO 31000 · PDF fileUsing the ISO 31000 Risk Management Guide ... • COSO ERM Framework Canada ... vs. budget limitations Public-private partnerships
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
2/6/2013
1
Using the ISO 31000Risk Management GuideIn your Risk Control Work
Jim Newberry - ISO 31000 TAG memberRisk Mgt./Ins. Practice Specialty Admin.AVP & Risk Control Mgr. - Island Ins. Co.
Loss Control Virtual SymposiumFebruary 6, 2013
Be Flexible
You can use RM whole sale or ala-carte
RA tools – what you need to knowThere are many tools – go discover
Use the right one for the job
Create a risk register and go from there
Risk Assessment Tools
2/6/2013
2
How to begin
Begin by getting more familiar with the standards/guidelines
Dive into the Risk Assessment tools and put as many at your disposal as possible
Find out which ones are good for your needs
Practice using them within your network
Conclusion
Organizations are looking for better ways to make decisions
By using RM and RA with your customers, they will get exposure to ways and means of improving the management of their risks
ISO (International Organization for Standardization) is the world's largest developer and publisher of International Standards.
Established in 1947, ISO is a network of the national standards institutes of 160+ countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system.
The Baltimore SunJuly 16, 2008An underground fire shut down power to 30 residential and commercial buildings in Baltimore and took nearly 10 hours to control. Baltimore’s utility lines are part of the city’s aging infrastructure –carrying electricity, cable, telephone, street light and fiber-optic service through 3.7 million feet of conduits. The cost to update the >100 year-old system is $900 million.
A Good Intro to ERMRisk management is an increasingly important businesss driver and stakeholders have become much more concerned about risk.Risk may be:• A driver of strategic decisions• The cause of uncertainty in an organization• Embedded in the activities of the organizationAn enterprise-wide approach to risk management enables an organization to consider the potential impact of all types of risks on all processes, activities, stakeholders, products and services.
Excerpt from the Executive Summary “A Structured Approach to ERM and the Requirements of ISO 31000” published by airmic, alarm and the irm – all based in the U.K.
Scope of ISO 31000This international standard provides principles and generic guidelines on risk management… it can be used by any public, private or community enterprise, association, group or individual. Therefore, this standard is not specific to any industry or sector.
• Streamlined and easy to understand• Proactive approach vs compliance• Emphasizes top-down implementation• Links risks to strategy & the achievement of
objectives• Addresses both threats and opportunities• Provides a consistent approach that can be tailored
to any type of operation in any location and integrated with other standards and guidelines
Risk Management PrinciplesRisk Management:• Creates value• Is an integral part of all organizational processes• Is part of decision-making• Explicitly addresses uncertainty• Is systematic, structure and timely• Is based on the best available information
Risk Management Principles (cont’d)Risk Management:• Is tailored• Takes human and cultural factors into account• Is transparent and inclusive• Is dynamic, iterative and responsive to change• Facilitates continual improvement & enhancement of
The Framework Includes:• The organization & its context• Risk Management Policy• Accountability• Integration into organizational processes• Resources• Communication & reporting – internal• Communication & reporting - external
Select DefinitionsRisk = the effect of uncertainty on objectives
Note 1 An effect may be positive, negative or a deviation from the expected
Note 2 An objective may be financial, related to health and safety or defined in other terms
Note 3 Risk is often described by an event, a change in circumstances, a consequence or a combination of these and how they may affect the achievement of objectives
Note 4 Risk can be expressed in terms of a combination of the consequences of an event or a change in circumstances and their likelihood
Note 5 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence or likelihood
The threat is that we are not prepared for a disruptive event. If people don't know (or aren't trained to follow) the protocol, if facilities are not "disaster ready," we will not be ready to respond or be able to return to normal quickly. If we manage this risk well, the opportunity is that we build resilience.
With a large number of impending retirements in the coming years, the threat is that we are not prepared for continuity of operations ‐maintaining our culture and institutional knowledge. The opportunities of this risk include improving processes and programs through the influx of new ideas & employees.
The threat of future financial instability and continued budget pressures. The opportunities include the opportunity to streamline operations & operate more efficiently.
The threat is that we won't keep up with infrastructure needs and care for our aging facilities and infrastructure. The opportunity is that if we plan ahead, we will be able to justify needs, prioritize projects and implement improvements over time.
Select DefinitionsRisk management = the coordinated activities to direct and control an organization with regard to riskRisk owner = the person with the accountability and authority to manage the riskStakeholder = any person or organization that can affect, be affected by or perceive themselves to be affected by a decision or activity. They are both internal and external. Stakeholders are important to the process and key to activities like communication, consultation and reporting. Stakeholders’ interests and fears should be taken into account
A Vision for Enhanced Risk ManagementKey Outcomes• The organization has a current, correct and comprehensive
understanding of its risks.• The organization's risks are managed to an acceptable level of
tolerance.
Page | 37
Attributes• Continual improvement• Full accountability for risks• Application of risk management in all decision making• Continual communications• Full integration into the organization’s governance structure