Risk Management

Framework
(ISO 31000)
Yasya Rusyda Aslina
13516091
 Framework
”The success of risk management depend on the effectiveness of management framework
providing the foundation and arrangements that will embed it throughout the organizations at all
levels.”

assists in managing risks effectively through application of the risk

management process 

ensures that information about risk derived from the risk

management process is adequately reported and used as a basis for
decision

2
 Component of Risk Management Framework
1. Mandate and
commitment

5. Continual Improvement 2. Design of Framework 3. Implementing Risk

of the Framework for Managing Risk Management

4. Monitoring and Review

of the Framework
 Component of Risk Management Framework
1. Mandate and
commitment

5. Continual Improvement 2. Design of Framework 3. Implementing Risk

of the Framework for Managing Risk Management

4. Monitoring and Review

of the Framework
1. Mandate and Commitment

Define and endorse risk management policy

Ensure that organization’s culture and risk management are aligned

Determine risk management performance indicators

Align risk management objectives with organization’s strategies and
objectives
Ensure legal and regulatory compliance

Assign accountabilities and responsibilities

Ensure that necessary resources are allocated for risk management

Communicate the benefit of risk management to all stakeholder

Ensure that the framework continues to remain appropriate

5
 Component of Risk Management Framework
1. Mandate and
commitment

5. Continual Improvement 2. Design of Framework 3. Implementing Risk

of the Framework for Managing Risk Management

4. Monitoring and Review

of the Framework
 Component of Risk Management Framework
1. Mandate and
commitment

5. Continual Improvement 2. Design of Framework 3. Implementing Risk

of the Framework for Managing Risk Management

4. Monitoring and Review

of the Framework
 2. Design of Framework
2.1 Understanding of the organizations and its context

2.2 Establishing risk management policy

2.3 Accountability

April - June
2.4 Integration into organizational process

2.5 Resources

Task 1 2.6January
Establishing internal communication and reporting
- March
mechanisms

2.7 Establishing external communication and reporting

mechanisms

09/23/2020 8
 2. Design of Framework :
Understanding of the organizations and its context
Organization’s external context:
2.1 Understanding of the • The social, cultural, political, legal, regulatory, financial, technological, economic, natural,
organizations and its context and competitive environment

2.2 Establishing risk • Key drivers and trends

management policy • Relationship with, perception and values of external stakeholders

2.3 Accountability Organization’s internal context:

April - June
2.4 Integration into
organizational process
2.5 Resources
• Governance, organizational structure, roles and accountabilities
• Policies, objectives, and the strategies
• Capabilities in resource and knowledge (Modal, waktu, teknologi, dsb)
• Information system, information flow, and decision making process

Task 1
2.6 Establishing internal
• Relationship with, and perception values of internal stakeholders
January - March
communication and reporting • Organization’s culture
mechanisms
• Standards and guidelines
2.7 Establishing external
communication and reporting • Form and extent of contractual relationship
mechanisms

09/23/2020 9
 2. Design of Framework :
Establishing risk management policy

2.1 Understanding of the

organizations and its context

2.2 Establishing risk Risk management policy should clearly state objectives for, commitment to risk
management policy management and typically addresses the following:
• Organization’s rationale for managing risk
2.3 Accountability
• Links between the organization’s objectives & policies and the risk management
April - June
2.4 Integration into policy
organizational process • Accountabilities and responsibilities for managing risk
• The way in which conflicting interests are dealt with
2.5 Resources
• Commitment to make the necessary resources available
Task 1
2.6 Establishing internal • The way in which risk management performance will be measured and reported
January - March
communication and reporting
mechanisms
• Commitment to review and improve the risk management policy and
2.7 Establishing external framework
communication and reporting
mechanisms

09/23/2020 10
 2. Design of Framework :
Accountability

2.1 Understanding of the

organizations and its context Organization should ensure that there is accountability, authority, and
appropriate competence for managing risk,
2.2 Establishing risk
management policy
this can be facilitated by:
2.3 Accountability • Identifying risk owners that have the accountability and authority to manage risk

April - June
• Identifying who is accountable for the development, implementation and
2.4 Integration into
organizational process maintenance of framework
• Identifying other responsibilities of people at all levels in the organization for
2.5 Resources the risk management process
Task 1
2.6 Establishing internal
• Establishing performance measurement and external/internal reporting and
January - March
communication and reporting escalation process
mechanisms
2.7 Establishing external
• Ensuring appropriate levels of recognition
communication and reporting
mechanisms

09/23/2020 11
 2. Design of Framework :
Integration into organizational process

2.1 Understanding of the

organizations and its context

2.2 Establishing risk

management policy
Risk management should be embedded in all organization’s practices and processes
in a way that is relevant, effective and efficient
2.3 Accountability

April - June
2.4 Integration into
organizational process

Risk Management Plan  Organizational Plan

2.5 Resources

Task 1
2.6 Establishing internal
January - March
communication and reporting
mechanisms
2.7 Establishing external
communication and reporting
mechanisms

09/23/2020 12
 2. Design of Framework :
Resources

2.1 Understanding of the

organizations and its context Consideration should be given to :
• People, skills, experience, and competence
2.2 Establishing risk
management policy • Resources needed for each step of the risk management process
• The organization’s processes, methods and tools
2.3 Accountability • Documented processes and procedures

April - June
• Information and knowledge management systems
2.4 Integration into
organizational process • Training programmes

2.5 Resources

Task 1
2.6 Establishing internal
January - March
communication and reporting
mechanisms
2.7 Establishing external
communication and reporting
mechanisms

09/23/2020 13
 2. Design of Framework :
Establishing internal communication and reporting mechanism

2.1 Understanding of the

organizations and its context Communication aim is to encourage accountability and ownership of the risk
These mechanisms should ensure that:
2.2 Establishing risk
management policy • Key components of the risk management framework communicated
appropriately
2.3 Accountability • There is adequate internal reporting on the framework

April - June
• Relevant information derived from application of risk management is available
2.4 Integration into
organizational process • There are processes for consultation with internal stakeholders

2.5 Resources

Task 1
2.6 Establishing internal
January - March
communication and reporting
mechanisms
2.7 Establishing external
communication and reporting
mechanisms

09/23/2020 14
 2. Design of Framework :
Establishing external communication and reporting mechanism

2.1 Understanding of the

organizations and its context Mechanisms should involves:
• Engaging appropriate external stakeholders and ensuring an effective exchange
2.2 Establishing risk
management policy of information
• External reporting to comply with legal, regulatory, and governance requirements
2.3 Accountability • Providing feedback and reporting on communication and consultation

April - June
• Using communication to build confidence in the organization
2.4 Integration into
organizational process • Communicating with stakeholders in the event of a crisis or contingency

2.5 Resources

Task 1
2.6 Establishing internal
January - March
communication and reporting
mechanisms
2.7 Establishing external
communication and reporting
mechanisms

09/23/2020 15
 Component of Risk Management Framework
1. Mandate and
commitment

5. Continual Improvement 2. Design of Framework 3. Implementing Risk

of the Framework for Managing Risk Management

4. Monitoring and Review

of the Framework
 Component of Risk Management Framework
1. Mandate and
commitment

5. Continual Improvement 2. Design of Framework 3. Implementing Risk

of the Framework for Managing Risk Management

4. Monitoring and Review

of the Framework
 3. Implementing Risk Management

Implementing the framework for managing risk Implementing the risk management process

• Define appropriate timing and strategy • Ensuring that the risk management process is
• Apply the risk management policy and process to applied through a risk management plan at all
organizational process relevant levels and functions as part of its practices
• Comply with legal and regulation and processes
• Ensure that decision making aligned with the
outcome of risk management process
• Hold information and training sessions
• Communicate and consult with stakeholder to
ensure framework remains apropriate

18
 Component of Risk Management Framework
1. Mandate and
commitment

5. Continual Improvement 2. Design of Framework 3. Implementing Risk

of the Framework for Managing Risk Management

4. Monitoring and Review

of the Framework
 Component of Risk Management Framework
1. Mandate and
commitment

5. Continual Improvement 2. Design of Framework 3. Implementing Risk

of the Framework for Managing Risk Management

4. Monitoring and Review

of the Framework
4. Monitoring and Review of The Framework

Measure risk management performance against indicator

Periodically measure progress against the risk management plan

Periodically review whether the risk management framework, policy, and plan are still
appropriate
Report on risk, progress with the risk management plan and how well the risk management
policy is being followed

Review the effectiveness of framework

21
 Component of Risk Management Framework
1. Mandate and
commitment

5. Continual Improvement 2. Design of Framework 3. Implementing Risk

of the Framework for Managing Risk Management

4. Monitoring and Review

of the Framework
 Component of Risk Management Framework
1. Mandate and
commitment

5. Continual Improvement 2. Design of Framework 3. Implementing Risk

of the Framework for Managing Risk Management

4. Monitoring and Review

of the Framework
5. Continual Improvement of the Framework

Result &
Monitoring Decision Improvement
Review
On how the In the organization’s
framework, policy, management of risk
plan can be and its risk
improved management culture

24
 Component of Risk Management Framework
1. Mandate and
commitment

5. Continual Improvement 2. Design of Framework 3. Implementing Risk

of the Framework for Managing Risk Management

4. Monitoring and Review

of the Framework
1. Mandate and Commitment

Define and endorse risk management policy

Ensure that organization’s culture and risk management are aligned

Determine risk management performance indicators

Align risk management objectives with organization’s strategies and
objectives
Ensure legal and regulatory compliance

Assign accountabilities and responsibilities

Ensure that necessary resources are allocated for risk management

Communicate the benefit of risk management to all stakeholder

Ensure that the framework continues to remain appropriate

26
 Attributes of Enhanced Risk Management

Continual Full accountability Application of risk Continual Full Integration in

Improvement for risk management in all communication the
decision making organizational’s
governance
structure
Thank You