ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775

8/8/2019 ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775

1/15

DETNORSKE VERITAS

2009 DNV. All rights reserved.

Risk Management

ISO 31000 - RISKMANAGEMENT 1

Peter DENIS

November 24, 2009

ISO 31000

De nieuwe wereldwijde standaard voor Risico Management

Det Norske Veritas AS. All rights reserved.

ISO 31000

November 24, 2009

2

Stellingen

Kwaliteitszorg en Risico Management gaan hand in hand

Een goed want effectief - Managementsysteem is gebaseerd op Risico

Management uitgangspunten


2/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

3

Opzet ISO 31000 - Risico Management

- Risico

- Risico Management proces

- Risico Management raamwerk

- Risico Management principes

Risico Management

- Relatie met kwaliteitszorg en managementsystemen

EFQM Model voor Risico Management

- Risk Management Pulsecheck

Conclusies / Vragen


ISO 31000

November 24, 2009

4

Risk Management

Applying Risk Management in your organisation

is like putting brakes on a car

brakes are not meant to slow you down. They enable you to drive faster!


3/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

5

Development of the Standard - a bumpy ride

Development decision March June 2005

Installation TMB/WG/RM June 2005

Preliminary Working Draft June 2005

First WG meeting Sept 2005

First Working Draft Dec 2005

Second Working Draft Feb 2006

Third Working Draft Nov 2007

Draft Int. Standard (ISO/DIS) April 2008

Final Draft Int. Standard (ISO/FDIS) May 2009

International Standard (ISO 31000) 13 Nov 2009

+ revision Guide 73 Risk Management Vocabulary


ISO 31000

November 24, 2009

6

Umbrella concept

R I S K


4/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

7

ISO 31000 - Scope

Principles and practical guidance to the risk

management process

Applicable for all types of organizations

Applicable to a wide range of activities (and associated risks)

Harmonization of risk management coverage in existing and

future standards

ISO 3100 is NOT intended

To promote uniformity in risk management across

organizations

For the purpose of certification


ISO 31000

November 24, 2009

8

ISO 31000 Building blocks

Risk

Risk Management process

Risk Management framework

Risk Management principles

In order to manage risk,

a process needs to be in place,

which in order to be sustainable - should be embedded in a system

(framework)

and driven by right (business) management principles


5/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

9

Relationships between ISO 31000 clauses 3, 4 and 5


ISO 31000

November 24, 2009

10


Risk







(framework)



6/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

11

Risk ?

the combination of the probability of

an event and its consequences

Without an event, the

statement is a trend, e.g.

increased global trade

If there is certainty, the

statement is a management

issue, e.g. Fact: our IT

systems do not link together

Consequences can be good as

well as bad


ISO 31000

November 24, 2009

12

Risk definition ISO 31000

Risk is the effect of uncertainty on (achievement of) objectives

ISO Guide 73:2009

ISO/FDIS 31000:2009

An effect is a deviation from the expected, and can be positiveand/or negative

Objectives can have different aspects (such as financial,

health and safety, and environmental goals) and can apply at

different levels (such as strategic, organization-wide, project,

product and process)

Uncertainty is the state, even partial, of lack of information

related to knowledge of an event, its consequence or likelihood


7/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

13

Risk definition ISO 31000

Risk is the effect of uncertainty on (achievement of) objectives

ISO Guide 73:2009

ISO/FDIS 31000:2009

event consequences objectives

uncertainties

+

-


ISO 31000

November 24, 2009

14

The Risk Management (r)evolution

What?

Means /

Emphesis

Who?

Definition?

R I S K

EngineerTechnician

Control

Technology

Analyse

Model

Manager

Decide

Decision

making

Impact on

Objective

Potential

event

Hazard


8/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

15


Risk







(framework)

and driven by right business principles


ISO 31000

November 24, 2009

16


Risk management: coordinated activities to direct and control an

organization with regard to riskISO Guide 73:2009

ISO/FDIS 31000:2009

The risk management process aims to control the effect ofuncertainty of your standard process/activity to achieve the

desired objective(s)

Therefore the risk management process should be embedded

in or running parallel with your regular process

thereby focussing on the (un)desired consequences of

factors affecting the achievement of the objectives of your

standard process


9/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

17

Risk Management: a parallel process

standardprocess/activities

parallel risk

management

process/activities

Goals/objectives


ISO 31000

November 24, 2009

18

Components ISO 31000 Risk Management Process

5.1 General

5.2 Communication and consultation

5.3 Establishing the context

5.3.1 General

5.3.2 Establishing the external context

5.3.3 Establishing the internal context

5.3.4 Establishing the context of the risk management process

5.3.5 Defining risk criteria

5.4 Risk assessment

5.4.1 General

5.4.2 Risk identification

5.4.3 Risk analysis

5.4.4 Risk evaluation

5.5 Risk treatment

5.5.1 General

5.5.2 Selection of risk treatment options

5.5.3 Preparing and implementing risk treatment plans

5.6 Monitoring and review

5.7 Recording the risk management process


10/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

19

Risk Management Process


ISO 31000

November 24, 2009

20

The Risk Management Process (EFQM)


11/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

21


Risk







(framework)



ISO 31000

November 24, 2009

22


Risk management framework: set of components that provide the

foundations and organizational arrangements for implementing risk

mnagement in the organization ISO Guide 73:2009ISO/FDIS 31000:2009

The risk management process needs to be embedded in the

(processes of the) organization

In order to be sustainable the risk management process needs

to be part of a system or framework, which addresses the 4stages of the P-D-C-A cycle


12/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

23

Components ISO 31000 Risk Management Framework4.1 General

4.2 Mandate and commitment

4.3 Design of framework for managing risk

4.3.1 Understanding of the organization and its context

4.3.2 Establishing risk management policy

4.3.3 Accountability

4.3.4 Integration into organizational processes

4.3.5 Resources

4.3.6 Establishing internal communication and reporting mechanisms

4.3.7 Establishing external communication and reporting mechanisms

5.4 Implementing risk management

4.4.1 Implementing the framework for managing risk

4.4.2 Implementing the risk management process

4.5 Monitoring and review of the framework

4.6 Continual improvement of the framework


ISO 31000

November 24, 2009

24

Relationship between the components of the framework


13/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

25


Risk







(framework)



ISO 31000

November 24, 2009

26


To be most effective, an organizations risk management should adhere to the

following principles:

Risk Management

a) creates and protects value

b) is an integral part of organizational processes

c) is part of decision making

d) explicitly addresses uncertainty

e) is systematic, structured and timely

f) is based on the best available information

g) is tailored

h) takes human and cultural factors into account

i) is transparent and inclusive

j) is dynamic, iterative and responsive to change

k) facilitates continual improvement and enhancement of the organization


14/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

27

Attributes of enhanced Risk ManagementKey Outcomes

The organization has a current, correct and comprehensive understanding of its risks

The organizations risks are within its risk criteria

Attributes

Emphesis on continual improvement in risk management, through:

The setting of organizational performance goals,

Measurement and review,

and the subsequent modification of processes, systems, resources, capability and skills

Comprehensive, fully defined and fully accepted accountability for risks, controls and risk

treatment tasks

Explicit consideration of risks and the application of risk management to some appropriate

degree in all decision making within the organization

Continual communications with external and internal stakeholders, including

comprehensive and frequent reporting of risk management performance, as part of good

governance

Risk management viewed as central to the organizations management processes,

such that risks are considered in terms of effect of uncertainty on objectives


ISO 31000

November 24, 2009

28

Risk Management contribution to Quality Management

Determining the need for

- documented procedures;

- control mechanisms (e.g. selection/evaluation of suppliers)

Alternative options for application of corrective/preventive action

Risk mitigation approaches


15/15

DETNORSKE VERITAS


Risk Management



ISO 31000

November 24, 2009

29

Identify Risks Assess RisksDevelop Risk

strategies

Respond to

Risks

Determine the

Business

Environment

Management of Quality = Quality of Management


ISO 31000

November 24, 2009

31

Safeguarding life, property

and the environment

www.dnv.com

Contact details:

DNV Risk Management Solutions

[email protected]

Tel. +32 3 206 65 37

Mob. +32 478 987986

Documents

ISO 31000 - Risico Management - Present a Tie INK Jaarcongres Dd 2009-11-24_tcm141-397775