Upload
leon-dziudkiewicz
View
213
Download
0
Embed Size (px)
Citation preview
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
1/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 1
Peter DENIS
November 24, 2009
ISO 31000
De nieuwe wereldwijde standaard voor Risico Management
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
2
Stellingen
Kwaliteitszorg en Risico Management gaan hand in hand
Een goed want effectief - Managementsysteem is gebaseerd op Risico
Management uitgangspunten
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
2/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 2
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
3
Opzet ISO 31000 - Risico Management
- Risico
- Risico Management proces
- Risico Management raamwerk
- Risico Management principes
Risico Management
- Relatie met kwaliteitszorg en managementsystemen
EFQM Model voor Risico Management
- Risk Management Pulsecheck
Conclusies / Vragen
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
4
Risk Management
Applying Risk Management in your organisation
is like putting brakes on a car
brakes are not meant to slow you down. They enable you to drive faster!
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
3/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 3
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
5
Development of the Standard - a bumpy ride
Development decision March June 2005
Installation TMB/WG/RM June 2005
Preliminary Working Draft June 2005
First WG meeting Sept 2005
First Working Draft Dec 2005
Second Working Draft Feb 2006
Third Working Draft Nov 2007
Draft Int. Standard (ISO/DIS) April 2008
Final Draft Int. Standard (ISO/FDIS) May 2009
International Standard (ISO 31000) 13 Nov 2009
+ revision Guide 73 Risk Management Vocabulary
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
6
Umbrella concept
R I S K
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
4/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 4
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
7
ISO 31000 - Scope
Principles and practical guidance to the risk
management process
Applicable for all types of organizations
Applicable to a wide range of activities (and associated risks)
Harmonization of risk management coverage in existing and
future standards
ISO 3100 is NOT intended
To promote uniformity in risk management across
organizations
For the purpose of certification
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
8
ISO 31000 Building blocks
Risk
Risk Management process
Risk Management framework
Risk Management principles
In order to manage risk,
a process needs to be in place,
which in order to be sustainable - should be embedded in a system
(framework)
and driven by right (business) management principles
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
5/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 5
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
9
Relationships between ISO 31000 clauses 3, 4 and 5
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
10
ISO 31000 Building blocks
Risk
Risk Management process
Risk Management framework
Risk Management principles
In order to manage risk,
a process needs to be in place,
which in order to be sustainable - should be embedded in a system
(framework)
and driven by right (business) management principles
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
6/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 6
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
11
Risk ?
the combination of the probability of
an event and its consequences
Without an event, the
statement is a trend, e.g.
increased global trade
If there is certainty, the
statement is a management
issue, e.g. Fact: our IT
systems do not link together
Consequences can be good as
well as bad
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
12
Risk definition ISO 31000
Risk is the effect of uncertainty on (achievement of) objectives
ISO Guide 73:2009
ISO/FDIS 31000:2009
An effect is a deviation from the expected, and can be positiveand/or negative
Objectives can have different aspects (such as financial,
health and safety, and environmental goals) and can apply at
different levels (such as strategic, organization-wide, project,
product and process)
Uncertainty is the state, even partial, of lack of information
related to knowledge of an event, its consequence or likelihood
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
7/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 7
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
13
Risk definition ISO 31000
Risk is the effect of uncertainty on (achievement of) objectives
ISO Guide 73:2009
ISO/FDIS 31000:2009
event consequences objectives
uncertainties
+
-
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
14
The Risk Management (r)evolution
What?
Means /
Emphesis
Who?
Definition?
R I S K
EngineerTechnician
Control
Technology
Analyse
Model
Manager
Decide
Decision
making
Impact on
Objective
Potential
event
Hazard
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
8/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 8
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
15
ISO 31000 Building blocks
Risk
Risk Management process
Risk Management framework
Risk Management principles
In order to manage risk,
a process needs to be in place,
which in order to be sustainable - should be embedded in a system
(framework)
and driven by right business principles
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
16
Risk Management process
Risk management: coordinated activities to direct and control an
organization with regard to riskISO Guide 73:2009
ISO/FDIS 31000:2009
The risk management process aims to control the effect ofuncertainty of your standard process/activity to achieve the
desired objective(s)
Therefore the risk management process should be embedded
in or running parallel with your regular process
thereby focussing on the (un)desired consequences of
factors affecting the achievement of the objectives of your
standard process
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
9/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 9
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
17
Risk Management: a parallel process
standardprocess/activities
parallel risk
management
process/activities
Goals/objectives
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
18
Components ISO 31000 Risk Management Process
5.1 General
5.2 Communication and consultation
5.3 Establishing the context
5.3.1 General
5.3.2 Establishing the external context
5.3.3 Establishing the internal context
5.3.4 Establishing the context of the risk management process
5.3.5 Defining risk criteria
5.4 Risk assessment
5.4.1 General
5.4.2 Risk identification
5.4.3 Risk analysis
5.4.4 Risk evaluation
5.5 Risk treatment
5.5.1 General
5.5.2 Selection of risk treatment options
5.5.3 Preparing and implementing risk treatment plans
5.6 Monitoring and review
5.7 Recording the risk management process
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
10/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 10
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
19
Risk Management Process
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
20
The Risk Management Process (EFQM)
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
11/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 11
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
21
ISO 31000 Building blocks
Risk
Risk Management process
Risk Management framework
Risk Management principles
In order to manage risk,
a process needs to be in place,
which in order to be sustainable - should be embedded in a system
(framework)
and driven by right (business) management principles
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
22
Risk Management framework
Risk management framework: set of components that provide the
foundations and organizational arrangements for implementing risk
mnagement in the organization ISO Guide 73:2009ISO/FDIS 31000:2009
The risk management process needs to be embedded in the
(processes of the) organization
In order to be sustainable the risk management process needs
to be part of a system or framework, which addresses the 4stages of the P-D-C-A cycle
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
12/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 12
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
23
Components ISO 31000 Risk Management Framework4.1 General
4.2 Mandate and commitment
4.3 Design of framework for managing risk
4.3.1 Understanding of the organization and its context
4.3.2 Establishing risk management policy
4.3.3 Accountability
4.3.4 Integration into organizational processes
4.3.5 Resources
4.3.6 Establishing internal communication and reporting mechanisms
4.3.7 Establishing external communication and reporting mechanisms
5.4 Implementing risk management
4.4.1 Implementing the framework for managing risk
4.4.2 Implementing the risk management process
4.5 Monitoring and review of the framework
4.6 Continual improvement of the framework
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
24
Relationship between the components of the framework
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
13/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 13
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
25
ISO 31000 Building blocks
Risk
Risk Management process
Risk Management framework
Risk Management principles
In order to manage risk,
a process needs to be in place,
which in order to be sustainable - should be embedded in a system
(framework)
and driven by right (business) management principles
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
26
Risk Management principles
To be most effective, an organizations risk management should adhere to the
following principles:
Risk Management
a) creates and protects value
b) is an integral part of organizational processes
c) is part of decision making
d) explicitly addresses uncertainty
e) is systematic, structured and timely
f) is based on the best available information
g) is tailored
h) takes human and cultural factors into account
i) is transparent and inclusive
j) is dynamic, iterative and responsive to change
k) facilitates continual improvement and enhancement of the organization
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
14/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 14
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
27
Attributes of enhanced Risk ManagementKey Outcomes
The organization has a current, correct and comprehensive understanding of its risks
The organizations risks are within its risk criteria
Attributes
Emphesis on continual improvement in risk management, through:
The setting of organizational performance goals,
Measurement and review,
and the subsequent modification of processes, systems, resources, capability and skills
Comprehensive, fully defined and fully accepted accountability for risks, controls and risk
treatment tasks
Explicit consideration of risks and the application of risk management to some appropriate
degree in all decision making within the organization
Continual communications with external and internal stakeholders, including
comprehensive and frequent reporting of risk management performance, as part of good
governance
Risk management viewed as central to the organizations management processes,
such that risks are considered in terms of effect of uncertainty on objectives
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
28
Risk Management contribution to Quality Management
Determining the need for
- documented procedures;
- control mechanisms (e.g. selection/evaluation of suppliers)
Alternative options for application of corrective/preventive action
Risk mitigation approaches
8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775
15/15
DETNORSKE VERITAS
2009 DNV. All rights reserved.
Risk Management
ISO 31000 - RISKMANAGEMENT 15
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
29
Identify Risks Assess RisksDevelop Risk
strategies
Respond to
Risks
Determine the
Business
Environment
Management of Quality = Quality of Management
Det Norske Veritas AS. All rights reserved.
ISO 31000
November 24, 2009
31
Safeguarding life, property
and the environment
www.dnv.com
Contact details:
DNV Risk Management Solutions
Tel. +32 3 206 65 37
Mob. +32 478 987986