Америка
<<  Как вставить видеофайл в 2003 New tehnology for the preschool market  >>
ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 New Standards for
ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 New Standards for
Managing Risk
Managing Risk
History of the ISO and Risk Management
History of the ISO and Risk Management
Terms of Reference as approved by Technical Management Board
Terms of Reference as approved by Technical Management Board
Terms of Reference as approved by ISO TMB (Continued)
Terms of Reference as approved by ISO TMB (Continued)
2. Type of deliverable The standard to be developed is a Guideline
2. Type of deliverable The standard to be developed is a Guideline
ISO Guide 73:2009 - Scope
ISO Guide 73:2009 - Scope
Terms included in ISO Guide 73 in Alphabetical order
Terms included in ISO Guide 73 in Alphabetical order
The Pivotal Definition
The Pivotal Definition
risk
risk
risk owner person or entity with the accountability and authority to
risk owner person or entity with the accountability and authority to
Accountable Responsible
Accountable Responsible
ISO 31000:2009 - Users
ISO 31000:2009 - Users
A Business Principles Approach to the Management of Risk
A Business Principles Approach to the Management of Risk
Principles (Clause 3)
Principles (Clause 3)
Corporate Governance
Corporate Governance
Corporate Governance
Corporate Governance
ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 New Standards for
ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 New Standards for
Business Principles Approach ISO 31000:2009 Principles (Clause 3)
Business Principles Approach ISO 31000:2009 Principles (Clause 3)
Risk management should create value
Risk management should create value
Risk management should be an integral part of organizational processes
Risk management should be an integral part of organizational processes
Risk management should be part of decision making
Risk management should be part of decision making
Risk management explicitly addresses uncertainty
Risk management explicitly addresses uncertainty
Risk management should be systematic and structured
Risk management should be systematic and structured
Risk management should be based on the best available information
Risk management should be based on the best available information
Risk management should be tailored
Risk management should be tailored
Risk management should take into account human factors
Risk management should take into account human factors
Risk management should be transparent and inclusive
Risk management should be transparent and inclusive
Risk management should be dynamic, iterative and responsive to change
Risk management should be dynamic, iterative and responsive to change
Risk management should be capable of continual improvement and
Risk management should be capable of continual improvement and
PDCA – a starting point for a framework
PDCA – a starting point for a framework
AS/NZS ISO 31000:2009 Risk management framework (Clause 4)
AS/NZS ISO 31000:2009 Risk management framework (Clause 4)
Mandate and commitment (4
Mandate and commitment (4
External Context Consider: Trends Key drivers Perceptions/values of
External Context Consider: Trends Key drivers Perceptions/values of
Understanding the organisation and its context
Understanding the organisation and its context
Risk Management Policy
Risk Management Policy
Accountability
Accountability
Integration into organisational processes
Integration into organisational processes
Resources
Resources
Establishing internal & external communication and reporting
Establishing internal & external communication and reporting
Implementing risk management
Implementing risk management
ISO 31000:2009 Risk management process (Clause 5)
ISO 31000:2009 Risk management process (Clause 5)
ISO 31000:2009 Process Overview
ISO 31000:2009 Process Overview
ASSESSMENT
ASSESSMENT
ISO/IEC 31010:2009 Risk Management - Risk Assessment Techniques
ISO/IEC 31010:2009 Risk Management - Risk Assessment Techniques
ISO/IEC 31010:2009 Risk Management - Risk Assessment Techniques
ISO/IEC 31010:2009 Risk Management - Risk Assessment Techniques
A pronounced emphasis on continuous improvement in risk management
A pronounced emphasis on continuous improvement in risk management
All decision making within the organization, whatever the level of
All decision making within the organization, whatever the level of
Risk management is always viewed as a core organizational process
Risk management is always viewed as a core organizational process
ISO 31000:2009 – Reducing the Risk in Risk Management
ISO 31000:2009 – Reducing the Risk in Risk Management
And Finally
And Finally
YOU DO NOT HAVE TO MANAGE RISK
YOU DO NOT HAVE TO MANAGE RISK
The greatest risk of all is to take no risk at all
The greatest risk of all is to take no risk at all
The Journey Continues
The Journey Continues

Презентация: «По изо круглое королевство 1 класс». Автор: JDT. Файл: «По изо круглое королевство 1 класс.ppt». Размер zip-архива: 174 КБ.

По изо круглое королевство 1 класс

содержание презентации «По изо круглое королевство 1 класс.ppt»
СлайдТекст
1 ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 New Standards for

ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 New Standards for

the Management of Risk Kevin W Knight AM; CPRM; Hon FRMIA; FIRM (UK); LMRMIA; ANZIIF (Mem). CHAIRMAN ISO WORKING GROUP - RISK MANAGEMENT STANDARD MEMBER STANDARDS AUSTRALIA / STANDARDS NEW ZEALAND JOINT TECHNICAL COMMITTEE OB/7 - RISK MANAGEMENT P 0 BOX 226, NUNDAH Qld 4012, Australia E-mail: kknight@bigpond.net.au 06/10

2 Managing Risk

Managing Risk

We all manage risk consciously or unconsciously - but rarely systematically Managing risk means forward thinking Managing risk means responsible thinking Managing risk means balanced thinking Managing risk is all about maximising opportunity and minimising threats The risk management process provides a framework to facilitate more effective decision making

3 History of the ISO and Risk Management

History of the ISO and Risk Management

Over 80 separate ISO and IEC Technical Committees are addressing aspects of risk management 27th June 2002, ISO/IEC Guide 73, Risk Management - Vocabulary” published. 2004 ISO Technical Management Board (TMB) approached by Australia and Japan AS/NZS 4360:2004 to be adopted by ISO. June 2005, TMB sets up Working Group (WG) 15.11.2009 ISO 31000 & ISO Guide 73 published 27.11.2009 ISO/IEC 31010 published.

4 Terms of Reference as approved by Technical Management Board

Terms of Reference as approved by Technical Management Board

The WG provides a document which provides principles and practical guidance to the risk management process. The document is applicable to all organizations, regardless of type, size, activities and location and should apply to all type of risk.

5 Terms of Reference as approved by ISO TMB (Continued)

Terms of Reference as approved by ISO TMB (Continued)

The document should: establish a common concept of a risk management process and related matters. provide practical guidelines to: understand how to implement risk management identify and treat all types of risk, treat and manage the identified risks, improve an organization's performance through the management of risk, maximize opportunities and minimize losses in the organization; raise awareness of the need to treat and manage risk in organizations.

6 2. Type of deliverable The standard to be developed is a Guideline

2. Type of deliverable The standard to be developed is a Guideline

document, and is NOT to be used for the purpose of certification.

Terms of Reference as approved by TMB (Continued)

7 ISO Guide 73:2009 - Scope

ISO Guide 73:2009 - Scope

provides a basic vocabulary of the definitions of generic terms related to risk management aims to encourage a mutual and consistent understanding, a coherent approach to the description of activities relating to the management of risk, and use of risk management terminology in processes and frameworks dealing with the management of risk.

8 Terms included in ISO Guide 73 in Alphabetical order

Terms included in ISO Guide 73 in Alphabetical order

COMMUNICATION & CONSULTATION CONSEQUENCE CONTROL ESTABLISHING THE CONTEXT EVENT EXPOSURE EXTERNAL CONTEXT FREQUENCY HAZARD INTERNAL CONTEXT LEVEL OF RISK LIKELIHOOD MONITORING PROBABILITY RESIDUAL RISK RESILIENCE REVIEW RISK RISK ACCEPTANCE RISK AGGREGATION RISK ANALYSIS RISK APPETITE RISK ASSESSMENT RISK ATTITUDE RISK AVERSION

RISK AVOIDANCE RISK CRITERIA RISK DESCRIPTION RISK EVALUATION RISK FINANCING RISK IDENTIFICATION RISK MANAGEMENT RISK MANAGEMENT AUDIT RISK MANAGEMENT FRAMEWORK RISK MANAGEMENT PLAN RISK MANAGEMENT POLICY RISK MANAGEMENT PROCESS RISK MATRIX RISK OWNER RISK PERCEPTION RISK PROFILE RISK REGISTER RISK REPORTING RISK RETENTION RISK SHARING RISK SOURCE RISK TOLERANCE RISK TREATMENT STAKEHOLDER VULNERABILITY

9 The Pivotal Definition

The Pivotal Definition

risk effect of uncertainty on objectives NOTE 1 An effect is a deviation from the expected — positive and/or negative. NOTE 2 Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process). NOTE 3 Risk is often characterized by reference to potential events and consequences, or a combination of these. NOTE 4 Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence. NOTE 5 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood. [ISO Guide 73:2009]

10 risk

risk

“INCERTITUDE”

ambiguity

KNOWLEDGE ABOUT LIKELIHOODS

uncertainty

ignorance

KNOWLEDGE ABOUT OUTCOMES

Well-defined outcomes

Poorly defined outcomes

Some basis for probabilities

No basis for probabilities

O’Riordan, T, and Cox, P. 2001. Science, Risk, Uncertainty and Precaution. Senior Executive’s Seminar – HRH the Prince of Wales’s Business and the Environment Programme. University of Cambridge.

11 risk owner person or entity with the accountability and authority to

risk owner person or entity with the accountability and authority to

manage a risk control measure that is modifying risk NOTE 1 Controls include any process, policy, device, practice, or other actions which modify risk. NOTE 2 Controls may not always exert the intended or assumed modifying effect. [ISO Guide 73:2009]

12 Accountable Responsible

Accountable Responsible

Yet to be defined

Liability for the outcomes of actions or decisions NOTE: Includes failure to act or make decisions OR being obligated to answer for a decision OR obligation to answer for an action. ______________________________ Obligation to carry out duties or decisions, or control over others as directed OR having the obligation to act OR obligation to carry out instructions.

13 ISO 31000:2009 - Users

ISO 31000:2009 - Users

ISO 31000:2009 is intended to be used by a wide range of stakeholders including: those responsible for implementing risk management within their organization; those who need to ensure that an organization manages risk; those who need to manage risk for the organization as a whole or within a specific area or activity; those needing to evaluate an organization’s practices in managing risk; and developers of standards, guides, procedures, and codes of practice that in whole or in part set out how risk is to be managed within the specific context of these documents.

14 A Business Principles Approach to the Management of Risk

A Business Principles Approach to the Management of Risk

15 Principles (Clause 3)

Principles (Clause 3)

Framework (Clause 4)

Process (Clause 5)

a) Creates value b) Integral part of organizational processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic, structured and timely f) Based on the best available information g) Tailored h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative and responsive to change k) Facilitates continual improvement and enhancement of the organization

Mandate and Commitment (4.2)

Establishing the context (5.3)

C o m u n i c a t i o n & c o n s u l t a t i o n 5.2

M o n i t o r i n g & r e v i e w (5.6)

Risk assessment (5.4)

Design of framework (4.3)

Risk identification (5.4.2)

Continual improvement of the Framework (4.6)

Implementing risk Management (4.4)

Risk analysis (5.4.3)

Risk evaluation (5.4.4)

Monitoring and review of the Framework (4.5)

Risk treatment (5.5)

ISO 31000:2009 Figure 1 – Relationship between the principles, framework and process

16 Corporate Governance

Corporate Governance

The way in which an organisation is governed and controlled in order to achieve its objectives. The control environment makes an organisation reliable in achieving these objectives within a tolerable degree of risk. It is the glue which holds the organisation together in pursuit of its objectives while risk management provides the resilience. Queensland Audit Office – Report No. 7 1998- 99: - http://www.qao.qld.gov.au/publications/document/AGReports/9899/report7.html

17 Corporate Governance

Corporate Governance

“The system by which entities are directed and controlled.” ”Corporate governance generally refers to the processes by which organisations are directed, controlled and held to account. It encompasses authority, accountability, stewardship, leadership, direction and control exercised in the organisation.” SAA HB 254-2005 Governance, risk management and control assurance Standards Australia. ISBN 0 7337 6892 X

18 ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 New Standards for
19 Business Principles Approach ISO 31000:2009 Principles (Clause 3)

Business Principles Approach ISO 31000:2009 Principles (Clause 3)

Risk management should…. Create value Be an integral part of organisational processes Be part of decision making Explicitly address uncertainty Be systematic and structured Be based on the best available information Be tailored Take into account human factors Be transparent and inclusive Be dynamic, iterative and responsive to change Be capable of continual improvement and enhancement

20 Risk management should create value

Risk management should create value

RM contributes to the achievement of objectives. Protects value – minimise downside risk, protects people, systems and processes.

21 Risk management should be an integral part of organizational processes

Risk management should be an integral part of organizational processes

RM is not a stand-alone activity from the management system of the organisation. RM is part of the process - not an ‘additional’ compliance task.

22 Risk management should be part of decision making

Risk management should be part of decision making

Risk management helps decision makers make informed choices, prioritize actions and distinguish among alternative courses of action. Helps allocate scarce resources.

23 Risk management explicitly addresses uncertainty

Risk management explicitly addresses uncertainty

Risk management explicitly takes account of uncertainty, the nature of that uncertainty, and how it can be addressed. RM addresses uncertainty, no matter the level of uncertainty.

24 Risk management should be systematic and structured

Risk management should be systematic and structured

A systematic, timely and structured approach to the management of risk contributes to efficiency and to consistent, comparable and reliable results. The more aligned – the more effective and efficient.

25 Risk management should be based on the best available information

Risk management should be based on the best available information

The inputs to the process of managing risk are based on information sources such as historical data, experience, stakeholder feedback, observation, forecasts and expert judgement. Information costs money. Perfect information is not always possible. Start with resources/expertise you have or gain easily. Increase information as the level of risk increases.

26 Risk management should be tailored

Risk management should be tailored

Risk management is aligned with the organization's external and internal context and risk profile. Different risk appetites & different measurements. Context remains one of the most difficult areas.

27 Risk management should take into account human factors

Risk management should take into account human factors

The management of risk recognizes the capabilities, perceptions and intentions of people that make every organisation different.

28 Risk management should be transparent and inclusive

Risk management should be transparent and inclusive

Appropriate and timely involvement of stakeholders at all levels of the organization, ensures that the management of risk remains relevant and up-to-date. The management of risk must be clearly set out in job profiles/employment contracts and annual appraisals.

29 Risk management should be dynamic, iterative and responsive to change

Risk management should be dynamic, iterative and responsive to change

External and internal events happen, context and knowledge change, monitoring and review take place, new risks emerge, some change, and others disappear. Must keep RM relevant and accurate so as to support decisions and strategies. Regular reviews of risk register and framework. Internal audit programme informed by corporate risk register.

30 Risk management should be capable of continual improvement and

Risk management should be capable of continual improvement and

enhancement

Organizations should develop and implement strategies to improve the maturity of their management of risk alongside all other aspects of their management system. RM maturity and improvement strategies should be included in the RM Plan.

31 PDCA – a starting point for a framework

PDCA – a starting point for a framework

Communicate and Train Communications and reporting plan Training strategy RM Network

Commitment and Mandate Policy Statement Risk Management Plan Assurance plan Standards Procedures/Guidelines

Organise and Allocate Board RM Committee Exec RM Committee Manager, RM RM Champions Risk, Control, Risk owners Assurance providers

Measure and review Control assurance RM Plan progress Governance reporting Benchmarking Performance criteria

32 AS/NZS ISO 31000:2009 Risk management framework (Clause 4)

AS/NZS ISO 31000:2009 Risk management framework (Clause 4)

The framework in Clause 4 of AS/NZS ISO 31000:2009 is not intended to describe a management system; but rather, it is to assist the organization to integrate risk management within its overall management system. Therefore, organizations should adapt the components of the framework to their specific needs.

33 Mandate and commitment (4

Mandate and commitment (4

2)

ISO 31000:2009 Figure 2 — Relationship between the components of the framework for managing risk

4.3 Design of framework 4.3.1 Understanding the organization and its context 4.3.2 Establishing risk management policy 4.3.3 Accountability 4.3.4 Integration into organizational processes 4.3.5 Resources 4.3.6 Establishing internal communication and reporting mechanisms 4.3.7 Establishing external communication and reporting mechanisms

4.4 Implementing risk management 4.4.1 Implementing the framework for managing risk 4.4.2 Implementing the risk management process

4.6 Continual improvement of the framework

4.5 Monitoring and review of the framework

34 External Context Consider: Trends Key drivers Perceptions/values of

External Context Consider: Trends Key drivers Perceptions/values of

key stakeholders PESTLE: (Political, Economic, Social, Technological, Legal, Environmental factors)

Understanding the organisation and its context

35 Understanding the organisation and its context

Understanding the organisation and its context

Internal Context Governance Structures Objectives, strategies and policies Knowledge, skills and resources Organisational culture Contractual relationships

36 Risk Management Policy

Risk Management Policy

Must be simple, achievable, understandable and auditable with the clear mandate and commitment of top management aligned to the organisation’s culture with the risk makers and the risk takers the risk owners. Document components Rationale and policy links Accountability and responsibility Management of conflicts of interest Measurement of RM performance Reporting processes Policy review process/cycle

37 Accountability

Accountability

All accountable risk owners are clearly identified and provided with authority & resources to manage risk Board accountability for framework implementation Accountability of risk owners at all levels of the organisation clearly identified Performance measurement processes in place Reporting and escalation processes clearly established

38 Integration into organisational processes

Integration into organisational processes

The management of risk should be part of routine organisational processes Policy development Business/strategic planning Change management Decision-making processes Risk Management Plan Organisation-wide Linked to or integrated in to other plans: strategic plans, implementation plans, operational plans etc

39 Resources

Resources

expenditure on the management of risk is an investment Good RM will make an organisation more effective, but it requires dedicated resources Resources include: People: skills, experience and competence Time and funds: to execute the process Defined processes, methods and tools Information systems Awareness, education and training programs

40 Establishing internal & external communication and reporting

Establishing internal & external communication and reporting

mechanisms

Internal Ongoing awareness, education and training Framework performance reporting and outcome reviews Information management Stakeholder engagement External Stakeholder engagement Regulatory reporting requirements Use reporting to build confidence Business continuity (management of disruption related risk) communication

41 Implementing risk management

Implementing risk management

Implementing the framework Ensure Appropriate timing Alignment with organisational strategy and processes Compliance with regulation Apply to organisational processes Train and educate staff Communicate and consult Implementing the risk management process Define the process for the organisation Implement at all levels (appropriate processes) Establish a monitoring process

42 ISO 31000:2009 Risk management process (Clause 5)

ISO 31000:2009 Risk management process (Clause 5)

should be an integral part of management, be embedded in culture and practices and tailored to the business processes of the organization. includes five activities: communication and consultation; establishing the context; risk assessment; risk treatment; and monitoring and review.

43 ISO 31000:2009 Process Overview

ISO 31000:2009 Process Overview

24

44 ASSESSMENT

ASSESSMENT

5.4 R I S K

ISO 31000:2009 Risk management process in detail

5.2 C O M M U N I C A T I O N & C O N S U L T A T I O N

5.6 M O N I T O R & R E V I E W

5.3 ESTABLISHING THE CONTEXT

5.4.2 RISK IDENTIFICATION

5.4.3 RISK ANALYSIS

5.4.4 RISK EVALUATION

5.5 RISK TREATMENT

5.3.2 External Context 5.3.3 Internal Context 5.3.4 Risk Management Process Context 5.3.5 Developing Risk Criteria

What can happen, when, where, how & why

Determine existing controls

Determine Likelihood

Determine Consequences

Estimate Level of Risk

Compare against criteria. Identify & assess options. Decide on response. Establish priorities.

5.5.2 Selection of risk treatment options 5.5.3 Preparing and implementing risk treatment plans

45 ISO/IEC 31010:2009 Risk Management - Risk Assessment Techniques

ISO/IEC 31010:2009 Risk Management - Risk Assessment Techniques

Risk assessment attempts to answer the following fundamental questions: • what can happen and why (by risk identification)? • what is the likelihood of their future occurrence? what are the consequences? • are there any factors that reduce the likelihood of the risk or that mitigate the consequence of the risk?

46 ISO/IEC 31010:2009 Risk Management - Risk Assessment Techniques

ISO/IEC 31010:2009 Risk Management - Risk Assessment Techniques

In particular, those carrying out risk assessments should be clear about • the context and objectives of the organization, • the extent and type of risks that are tolerable, and how unacceptable risks are to be treated, • how risk assessment integrates into organizational processes, • methods and techniques to be used for risk assessment, and their contribution to the risk management process, • accountability, responsibility and authority for performing risk assessment, • resources available to carry out risk assessment, • how the risk assessment will be reported and reviewed.

47 A pronounced emphasis on continuous improvement in risk management

A pronounced emphasis on continuous improvement in risk management

through the setting of organizational performance goals, measurement, review and the subsequent modification of processes, systems, resources and capability/skills. Comprehensive, fully defined and fully accepted accountability for risks, controls and treatment tasks. Named individuals fully accept, are appropriately skilled and have adequate resources to check controls, monitor risks, improve controls and communicate effectively about risks and their management to interested parties.

ISO 31000:2009 Annex A (Informative) Attributes of enhanced risk management

48 All decision making within the organization, whatever the level of

All decision making within the organization, whatever the level of

importance and significance, involves the explicit consideration of risks and the application of the risk management process to some appropriate degree. Continual communications and highly visible, comprehensive and frequent reporting of risk management performance to all “interested parties” as part of a governance process.

ISO 31000:2009 Annex A (Informative) Attributes of enhanced risk management

49 Risk management is always viewed as a core organizational process

Risk management is always viewed as a core organizational process

where risks are considered in terms of sources of uncertainty that can be treated to maximize the chance of gain while minimizing the chance of loss. Critically, effective risk management is regarded by senior managers as essential for the achievement of the organization’s objectives. The organization’s governance structure and process are founded on the risk management process.

ISO 31000:2009 Annex A (Informative) Attributes of enhanced risk management

50 ISO 31000:2009 – Reducing the Risk in Risk Management

ISO 31000:2009 – Reducing the Risk in Risk Management

Avoids organisations re-inventing the wheel Allows all to benefit from proven best practice Provides a universal benchmark Reduces barriers to trade Advises exactly what you need to do and how you need to do it – no wasted effort and no false starts Scalable – works for all sizes of organisation Risk management = making optimal decisions in the face of uncertainty

51 And Finally

And Finally

ISO 31000:2009 is the natural successor to AS/NZS 4360:2004 Hopefully it will influence a revision of COSO It will fit ‘ERM’ requirements, but will also allow silo/project risk management Following ISO 31000:2009 will provide a low cost, high chance of success approach to ERM ISO 31000:2009 will add value and reduce risk in risk management Managing risk is about creating value out of uncertainty

52 YOU DO NOT HAVE TO MANAGE RISK

YOU DO NOT HAVE TO MANAGE RISK

! SURVIVAL IS NOT COMPULSORY

53 The greatest risk of all is to take no risk at all

The greatest risk of all is to take no risk at all

54 The Journey Continues

The Journey Continues

ISO 31000, ISO/IEC 31010 and ISO Guide 73 provide generic guidance on how to embrace the management of risk in order to maximise the opportunities and minimise the threats to the achievement of your objectives.

Building Value

«По изо круглое королевство 1 класс»
http://900igr.net/prezentacija/anglijskij-jazyk/po-izo-krugloe-korolevstvo-1-klass-182106.html
cсылка на страницу

Америка

13 презентаций об Америке
Урок

Английский язык

29 тем
Слайды
900igr.net > Презентации по английскому языку > Америка > По изо круглое королевство 1 класс