Professional Documents
Culture Documents
Iso 31000
Iso 31000
jhsOttawa27/02/08
WhatisISO31000?
Guideforprinciplesandimplementationof riskmanagement
Moreorlessfinal willbeissuedin2009alongwithGuide73 ( (terms),and31010(revisedIECriskanalysisstandard originally ), ( y g y
Canadian eh!)
Can review 31000 and have input by asking after April 1 for the Canreview31000andhaveinputbyaskingafterApril1forthe latestdraft(freebutmustread,shortree@uwaterloo.ca ) Will WillreplaceCSAQ850,TreasuryBoard,RIMS,etc.etc.and l CSA Q850 T B d RIMS t t d becometherecognizedinternationalframeworkforrisk managementeverywhere goodstuff,nofooling
jhsOttawa27/02/08 2
firstafewthingsaboutriskand31000
risk ;effectofuncertaintyonobjectives
positiveandnegativeconsequences safet compliance strateg an thing nder the s n safety,compliance,strategy,anythingunderthesun
riskmanagement;coordinatedactivitiestodirectandcontroland organizationwithregardtorisk organization with regard to risk riskmanagementframework;setofcomponentsthatprovidethe foundationsandorganizationalarrangementsfordesigning, foundations and organizational arrangements for designing, implementing,monitoring,reviewingandcontinuallyimprovingrisk managementprocessesthroughouttheorganization riskmanagementprocess;systematicapplicationofmanagement policies,proceduresandpracticestothetasksofcommunication, consultation,establishingthecontext,identifying,analysing, evaluating,treating,monitoringandreviewingrisk evaluating treating monitoring and reviewing risk
jhsOttawa27/02/08 3
YourOrganizationand31000 g
Everyorganizationisunique,yoursmightbearegulator,a delivererofservices,apolicyanalysisshop,anenforceroflaws, , p y y p, , afacilitatorofindustryandcommerce,supportforeducationor literacyorrights,etc. Soimplementationofriskmanagementineveryorganizationis differentbutinstantaneouslyrecognizedas31000risk managementframework,process,terminology,andotherbest management framework process terminology and other best practices. Soyourorganizationsriskmanagementcouldbereviewedand evaluatedbyanyotherriskmanagementliteratepersonfrom y g g anyorganizationtomutualadvantage.
Scorecard
1. 2. 2 3. 4. 5. 6.
KeycomponentsWorkshop RiskRegister(RR)
jhsOttawa27/02/08
Thefollowingthreeslidesprovideillustrationsofrisk registers thathavebeenfoundtobeusefulin it h h b f d b f li organizationswithsuccessfulERM 1. AbowtiediagramusedbyBroadleafCapital, usedfordesignofrisktreatmentbutalsoarisk used for design of risk treatment but also a risk register 2.Anillustrativeexampleoftheapproachusedby ,and 3.Anillustrativeexampleofhowuse theirriskregisterformonitoringandreview their risk register for monitoring and review
ReadytoHeat
Risks
1
Risk Profile
MitigationActivities
1,2,3 1
2 3
Increaseofaggressivecompetition fromRiceMasterandFastRice from Rice Master and Fast Rice Aggressiveyearforgrowthtarget forthesegment&brand Achievenewproductgrowth targets
ActionPlan
4. List of risks that could hinder the ability to meet the initiatives objectives bilit t t th i iti ti bj ti
Business units are required to review and update a dashboard on a quarterly basis which allows tracking of performance over time
Initiative Initiative
Comments
Green Green
Blue Green
Red
Blue
Blue Yellow
ShipmentsstartedinP2tomeet Improving advertisingschedule.Advertising onair(P2W3).Massive presentationtoallcustomerswas presentation to all customers was executedduringP1withexcellent customerparticipation. Stable DTSoperationisimproving howevertherearestillsomeareas thatneedtoimprovefurther.We p willexpandwhenwehavea holisticstrategy. Improving Shiftmanagershavebeen providedassociateengagement training.Allmanagershaveheld meetingswiththeirteam members. Stable Ontrack,constructionpermit granted.Plantwillbereadyby P13 Stable Increasedriskduetocurrent Increased risk due to current demandexceedingsupply.We haverephasedtherolloutfor themassmarkettoensure currentsupplyisadequate.
KeycomponentsWorkshop RiskRegister(RR) discussattable, thenrateyourorganizationoutof10 discuss at table then rate your organization out of 10 riskregister; recordofinformationaboutidentifiedrisks
jhsOttawa27/02/08
12
Policythatstateseachriskownerisaccountablefor y thatrisk,theassociatedcontrolsandmonitoringof risk Accountabilityisassessedatmanagersannual performancereviewwhereevidenceisexpected performance review where evidence is expected Culture of accountability is such that everyone knows Cultureofaccountabilityissuchthateveryoneknows whatriskstheyownandwhoownsrisksthatimpact them
jhsOttawa27/02/08 13
KeycomponentsWorkshop
RiskManagementProcess
Riskassessmentis thewhiteboxes Processisforevery managerforevery project,program, decision 2pointshavebox, 1 beingdone Wewillnotspend muchtimehere sincethisshouldbe wellknown well known
KeycomponentsWorkshop
RiskManagementFramework
discuss, rateorganizationoutof discuss rate organization out of 14 Framework;setofcomponentsthatprovidethefoundations andorganizationalarrangementfordesigning,implementing, and organizational arrangement for designing implementing monitoring,reviewingandcontinuallyimprovingrisk managementprocessesthroughouttheorganization (wowa
mouthful)
Frameworkisnewto31000,followsPlanDoCheckActquality modelandmustfollowprinciplesoutlinedin31000 model and must follow principles outlined in 31000 Nexttwoslidesshow 1)relationshipofofframework,processandprinciples 2)detailsofframeworkimplementation
a) Creates value b) Integral part of organizational processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic Systematic, structured and timely f) Based on the best available information g) Tailored h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative and responsive to change k) Facilitates continual improvement and enhancement of the organization
5.2 Mandate and commitment 5.3 Design of framework for managing risk 5.6 Continual improvement of the framework 5.4 Implementing risk management framework
plan
5.3 Designofframeworkformanagingrisk 5.3.1 Understanding the organization and its context 5.3.2 Risk management policy 5.3.3 Integration into organizational processes 5.3.4 Accountability 5.3.5 Resources 5.3.6 Establishing internal communication and reporting mechanisms 5.3.7 Establishing external communication and reporting mechanisms
act
5.6 Continualimprovementoftheframework
do
5.4 Implementingriskmanagement 5.4.1 Implementing the framework for managing risk 5.4.2 Implementing the risk management process
check
5.5 Monitoringandreviewoftheframework
KeycomponentsWorkshop
RiskManagementFramework
Proclaimedcommitment&policy(2) Proclaimed commitment & policy (2) Frameworkwellknown&communicated(2) Continuousimprovementofframework(2) Continuous improvement of framework (2) Principles pointeachtomaxof(4) Championandimplementationplan(2) Ch i di l t ti l (2) Frameworkfacilitatedbyasmallriskgroupof2 4people,withprocessesandapplicationthe 4 l ith d li ti th responsibilityofmanagersineveryunitinthe organization shierarchy(2) organizations hierarchy (2)
KeycomponentsWorkshop
IntegratedRiskManagement
Integratedapproachtoallrisksilosfromstrategicto newprojectstoworkplacesafety(2) j k l f (2) I t Integratedriskmanagementbyindividualmanagers t d ik t b i di id l withotheraspectsofdecisionmaking,oversightof activities,etc.Notaseparatetask(2) , p ( ) Riskmanagementconsideredacoreactivity,referred toinannualreports,majortopicinstrategicandall decisions,etc.Opportunityfocusaswellasprevention ofnegativerisks(2) of negative risks (2)
KeycomponentsWorkshop
Terminology/concepts
risk isimpactofuncertaintyonobjectives,mustbeeither positiveornegative(1) risk management framework for whole organization (1) riskmanagementframework forwholeorganization(1) riskmanagementprocess forindividualmanagereverywhere inorganization(1) riskcontrol asresultofrisktreatment,itisbasisforrisk ownersactionstomodifyrisk(1) context,internalandexternal asthesourceofobjectives,and , j , riskcriteria usedinriskevaluation (1)
please see next slide for full list of 31000 terms
Broadleaf Capitals 10 point approach to Implementation of Risk Management g If Time topic Continued on next slide with 10 steps for implementation Approach Rational
Rather than use a design build contractor with a pre-packaged approach to ERM it is preferred to have a consultant who partners with the organization in developing a customized framework, tools and methods that reflect the organizations needs, risk profile and organization s needs profile, organization structure. Risk management champions are found within the organization and trained to implement and roll out the framework in a top-down engagement process. This seems to achieve the most rapid take-up and long term ownership of risk management in the organization, by working with the th organisations li managers and risk management specialists, i ti line d i k t i li t and building on their skills and experience risk management processes are more relevant to business needs and this also y g creates early and visible risk management benefits.
(Purdy@broadleaf.com.au) for more information
Broadleafs10pointapproachtoimplementationofRM
1. 1 Achieve an unequivocal Executive and Board mandate with a full appreciation of the changes required at all levels of the organisation. 2. Undertake a gap analysis and maturity evaluation. 3. Develop a carefully tailored framework, based on ISO 31000 risk management framework, principles, and process as well as th organisations context and f k i i l d ll the i ti t t d structure necessary for ERM to be implemented and sustained. 4. Workshop and develop a strategic risk management plan to implement the framework utilizing practical tools and best practice methods 5. Develop and gain senior management agreement on a set of performancebase standards to codify the framework and its implementation plan. 6. Create a tailored risk management information system, that enforces accountability for risks controls and tasks supports control assurance and risks, tasks, enables risk management performance management and reporting. 7. Cause Champions to be appointed within the organisation and trained to create the confidence, skills and local management support needed for roll-out 8. Help Champions engage local management and implement the framework and risk management plan, generating risk registers, etc. 9. Establish a process and structure for RM performance management and reporting, including committees and review groups, and performance measures. 10. Periodically, review, benchmark, and revise the framework.
Questions please p
20 sec questions q 30 sec answers Also ask shortree@uwaterloo.ca