Ferma Risk Management Forum 2009 Prague, 4-7 October

The Global Village
Future of Risk Management

Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

“ISO 31000:2009, an incentive or a constraint for implementing Risk Management in an organization?”

Things to watch out for….
Alex Dali
Managing Partner ATLASCOPE ARM, EFARM, Master in Risk Management & Insurance

Member of the AFNOR French Commission on RISKS Co-author of the article “ISO 31000 : the Gold Standard” published by StrategicRISK, September 2009

Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

Internationally-recognised reference
• International consensus • single global reference for stakeholders • wide application • “umbrella” for more than 60 standards • should not be ignored
Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

ISO Standard vs ISO Guideline ? • Risk Management – Principles and Guidelines • Voluntary application, not prescriptive, no legal requirement • specifically not intended for certification • ISO certifiable standard ? NO !

Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

Simple risk management architecture • 3-pillar structure • robust and simple to apply • Opportunity to review existing RM practices • Track similarities and differences
Considerations elaborated by Alex Dali & Christopher Lajtha

a) Creates value b) Integral part of organizational processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic, structured and timely f) Based on the best available information g) Tailored h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative and responsive to change k) Facilitates continual improvement and enhancement of the organization

Mandate and Commitment (4.2)

Ferma Risk Management Forum 2009 Establishing Prague, 4-7 October C
o m u n i c a t i o n & c o n s u l t a t i o n
5.2

the context (5.3)

Design of framework (4.3) Continual improvement of the Framework (4.6) Implementing risk Management (4.4)

Risk assessment (5.4) Risk identification (5.4.2)

M o n i t o r i n g & r e v i e w
(5.6)

Risk analysis (5.4.3) Risk evaluation (5.4.4)

Monitoring and review of the Framework (4.5)

Risk treatment (5.5)

Principles (Clause 3)

Framework (Clause 4)

Process (Clause 5)

ISO 31000:2009 Figure 1 – Relationship between the principles, framework and process
Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

… not a parallel management system • avoid the troubled implementation of ISO 9000 series • Promote business performance • No bureaucratic compliance reporting system
Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

Text of the ISO 31000 standard • The text is short and clear • Not radically new

• Exaggeration and self-serving statements
Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

Vocabulary ISO Guide 73
Engineer Modéliste Manager objectives Health Finance Public sector risk = danger risk = event risk = uncertainty towards risk = threat (purely negative) risk = return risk = disruption of service or job losses

All activities of an organization involve risks All activities of an organization involve combinations of probabilities of events and their consequences !!! All activities of an organization involve effects

of

uncertainty on its objectives
Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

Vocabulary ISO Guide 73 • Review by the same committee • 51 definitions related to RISK • Many improvements
• use language meaningful to your organisation • remove terms and definitions invented locally
Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

Credit Rating Agency enquiries…
S&P - Development of ERM analysis in response… Points of interest : Strategy, management vision, diagnostic, communications Exclusions : Treatment (risk-control measures)
e x tr a c t s

Existing ERM processes not very formalized A decentralized ERM organization Underfunded and underintegrated ERM Weak ERM culture and strategic risk management

Considerations elaborated by Alex Dali & Christopher Lajtha

Standards & Poors

Ferma Risk Management Forum 2009 Prague, 4-7 October

Rating and cost of capital

Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

Quality

OH&S

Finance

Environment

Supply Information Equipements security safety chain Food safety

Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

COSO - ERM

« ERM is effective if management has reasonable assurance that they understand the following : Strategic objective are being achieved Operational objectives are being achieved Reporting is reliable Laws and regulations are being complied with »

Is it risk management or compliance ?
Considerations elaborated by Alex Dali & Christopher Lajtha

Ferma Risk Management Forum 2009 Prague, 4-7 October

Reference by law

remain

AZ/NZS 4360 : 2009
AS/NZS4360 2004 Australia/NZ JIS Q 200x Japan FERMA:2004 Europe CAN/CSACAN/CSAQ850-1997 Q850-20xx Canada COSO ERM USA ? Certification BSI 31100
AIRMIC, ALARM, BSI 31100 IRM:2002

Certification of RM

ONR 49000:2008

ONR 49000

?

Considerations elaborated by Alex Dali & Christopher Lajtha

Austria (Germany/Switzerland )

Great-Britain.

Sign up to vote on this title
UsefulNot useful