Upload
miroslaw-dabrowski
View
574
Download
1
Embed Size (px)
Citation preview
PRINCE2®, PRINCE2 Agile ®, P3O®, MSP®, MoP®, M_o_R®, MoV®, ITIL®, P3M3® are registered trademarks of AXELOS
Ltd. The swirl logo™ is a trademark of AXELOS Ltd
Course administration
Course introduction
Start and finish Course style
LunchCoffee and breaks
M00 - Course introduction 2/14 | 2/309
Course objectives
The philosophy and principles of M_o_R Understanding terminology and scope The products/artefacts produced by M_o_R M_o_R roles, process, recommended techniques M_o_R maturity model M_o_R health check Risk specialismsMain goal Attempt Foundation exam with confidence Communicate freely within M_o_R, understanding
its principles and philosophySecondary goal Benefits and value of risk management and M_o_R
Course introduction
M00 - Course introduction 3/14 | 3/309
Please share with the class: Your name and surname Your organization Your profession Title, function, job responsibilities
Your familiarity with the risk management
Your experience with ISO 31000, ISO/EIC 27005, COSO ERM, FERMA etc.
Your personal session expectations
Course introduction
Let’s Get to Know Each Other
M00 - Course introduction 4/14 | 4/309
Day
1
Module Subject Start End Total Time(in hours)
01 Introduction to risk management and M_o_R 09:00 11:00 02:00
02 M_o_R principles 11:00 13:00 02:00
Lunch 13:00 13:30 00:30
03 M_o_R approach 13:30 16:30 03:00
Recap Day 1 (including sample exam questions) 16:30 17:00 00:30
Total Training Time 08:00
Course agenda - Day 1
Course introduction
M00 - Course introduction 5/14 | 5/309
Day
2
Module Subject Start End Total Time(in hours)
Review Day 1 09:00 09:15 00:15
03 M_o_R approach ctn. 09:15 10:00 00:45
04 M_o_R process 10:00 13:00 02:00
Lunch 13:00 13:30 00:30
05 M_o_R roles 13:30 14:00 00:30
06 M_o_R perspectives 14:00 16:30 02:30
Recap Day 2 (including sample exam questions) 16:30 17:00 00:30
Total Training Time 08:00
Course agenda - Day 2
Course introduction
M00 - Course introduction 6/14 | 6/309
Day
3
Module Subject Start End Total Time(in hours)
Review Day 2 09:00 09:15 00:15
06 M_o_R perspectives ctn. 09:15 11:15 02:00
07 Embedding and reviewing management of risk 11:45 13:00 01:15
Lunch 13:00 13:30 00:30
08 M_o_R health check and maturity model 13:30 14:00 00:30
09 Risk specialisms 14:00 15:00 01:00
Foundation exam 15:00 16:00
Total Training Time 05:30
Course agenda - Day 3
Course introduction
M00 - Course introduction 7/14 | 7/309
M_o_R Foundation certification
Foundation Exam Paper based and closed book exam Only pencil and eraser are allowed Simple multiple (ABCD) choice exam Only one answer is correct 75 questions, pass mark is 35 (50%) max 70 points, 5 questions of control
1 hour exam No negative points, no “Tricky Questions”
No pre-requisite for Foundation exam Sample, two (official) mock exams are
provided to you
Course introduction
Candidates completing an examination in a language that is not their mother tongue, will receive additional time
M00 - Course introduction 8/14 | 8/309
M_o_R Practitioner certification
Practitioner Exam: Paper based and open book exam Reference to M_o_R handbook Handbook is provided for students
Reference to ABC Documentation Part A 3 hour exam 4 questions worth 20 marks each (80
marks), pass mark is 40 (50%) Dictionary/translation lists allowed for non-
native speakers Non-scientific calculator for basic
calculations
Foundation certification is required
Course introduction
Candidates completing an examination in a language that is not their mother tongue, will receive additional time
M00 - Course introduction 9/14 | 9/309
M_o_R official handbook and examination syllabus
Course introduction
M_o_R syllabus section code and title
IG Introduction and Glossary
PI Principles
AP Approach
PR Process
ER Embedding and Review
PE Perspectives
CT Common Techniques
Module slide number / total module slides
Slide number / total slides
Module number and name
M_o_Rhandbook page
M_o_R syllabus section code
Syllabus Handbook PageM00 - Course introduction 10/14 | 10/309
M_o_R interactive study guide mind map
Course introduction
See Appendix #2 for more mind maps from AXELOS Global Best Practice
M00 - Course introduction 11/14 | 11/309
M_o_R interactive glossary
Course introduction
quizlet.com/42710371/
M00 - Course introduction 12/14 | 12/309
About course author - Mirosław Dąbrowski
twitter.com/mirodabrowski
linkedin.com/in/miroslawdabrowskigoogle.com/+miroslawdabrowski
miroslaw_dabrowski
www.miroslawdabrowski.com
Mirosław DąbrowskiAgile Coach, Trainer, Consultant(former JEE/PHP developer, UX/UI designer, BA/SA)
Creator Writer / Translator Trainer / Coach
• Creator of 50+ mind maps from PPM and related topics (2mln views): miroslawdabrowski.com
• Lead author of more than 50+ accredited materials from PRINCE2, PRINCE2 Agile, MSP, MoP, P3O, ITIL, M_o_R, MoV, PMP, Scrum, AgilePM, DSDM, CISSP, CISA, CISM, CRISC, CGEIT, TOGAF, COBIT5 etc.
• Creator of 50+ interactive mind maps from PPM topics: mindmeister.com/users/channel/2757050
• Product Owner of biggest Polish project management portal: 4PM: 4pm.pl (15.000+ views each month)
• Editorial Board Member of Official PMI Poland Chapter magazine: “Strefa PMI”: strefapmi.pl
• Official PRINCE2 Agile, AgilePM, ASL2, BiSL methods translator for Polish language
• English speaking, international, independenttrainer and coach from multiple domains.
• Master Lead Trainer• 11+ years in training and coaching / 15.000+ hours• 100+ certifications• 5000+ people trained and coached• 25+ trainers trained and coached
linkedin.com/in/miroslawdabrowski
Agile Coach / Scrum Master PM / IT architect Notable clients
• 8+ years of experience with Agile projects as a Scrum Master, Product Owner and Agile Coach
• Coached 25+ teams from Agile and Scrum• Agile Coach coaching C-level executives • Scrum Master facilitating multiple teams
experienced with UX/UI + Dev teams• Experience multiple Agile methods• Author of AgilePM/DSDM Project Health Check
Questionnaire (PHCQ) audit tool
• Dozens of mobile and ecommerce projects• IT architect experienced in IT projects with budget
above 10mln PLN and timeline of 3+ years• Experienced with (“traditional”) projects under high
security, audit and compliance requirements based on ISO/EIC 27001
• 25+ web portal design and development and mobile application projects with iterative,incremental and adaptive approach
ABB, AGH, Aiton Caldwell, Asseco, Capgemini, Deutsche Bank, Descom, Ericsson, Ericpol, Euler Hermes, General Electric, Glencore, HP Global Business Center, Ideo, Infovide-Matrix, Interia, Kemira, Lufthansa Systems, Media-Satrun Group, Ministry of Defense (Poland), Ministry of Justice (Poland), Nokia Siemens Networks, Oracle, Orange, Polish Air Force, Proama, Roche, Sabre Holdings, Samsung Electronics, Sescom, Scania, Sopra Steria, Sun Microsystems, Tauron Polish Energy, Tieto, University of Wroclaw, UBS Service Centre, Volvo IT…miroslawdabrowski.com/about-me/clients-and-references/
Accreditations/certifications (selected): CISA, CISM, CRISC, CASP, Security+, Project+, Network+, Server+, Approved Trainer: (MoP, MSP, PRINCE2, PRINCE2 Agile, M_o_R, MoV, P3O, ITIL Expert, RESILIA), ASL2, BiSL, Change Management, Facilitation, Managing Benefits, COBIT5, TOGAF 8/9L2, OBASHI, CAPM, PSM I, SDC, SMC, ESMC, SPOC, AEC, DSDM Atern,DSDM Agile Professional, DSDM Agile Trainer-Coach, AgilePM, OCUP Advanced, SCWCD, SCBCD, SCDJWS, SCMAD, ZCE 5.0, ZCE 5.3, MCT, MCP, MCITP, MCSE-S, MCSA-S, MCS, MCSA, ISTQB, IQBBA, REQB, CIW Web Design / Web Development / Web Security Professional, Playing Lean Facilitator, DISC D3 Consultant, SDI Facilitator, Certified Trainer Apollo 13 ITSM Simulation …
M00 - Course introduction 13/14 | 13/309
1. Introduction to risk management and M_o_R2. M_o_R principles3. M_o_R approach4. M_o_R process5. M_o_R roles6. M_o_R perspectives
1. Strategic2. Programme3. Project4. Operational
7. Embedding and reviewing M_o_R8. M_o_R health check and maturity model9. Risk specialisms
Agenda
Introduction to risk management and M_o_R
M01 - Introduction to risk management and M_o_R 2/21 | 16/309
Risk definition (according to M_o_R)
Risk An uncertain event or set of events which,
should it occur, will have an effect on the achievement of objectives
Risk is a combination of: Probability of a perceived threat or
opportunity occurring, and magnitude of its impact on objectives
Introduction to risk management and M_o_R
“Expect the best, plan for the worst, and prepare to be
surprised”Dwight Eisenhower
M01 - Introduction to risk management and M_o_R 3/21 | 17/309
Risk management Systematic application of principles, approach and processes to the
tasks of identifying and assessing risks, and then planning and implementing risk responses
Introduction to risk management and M_o_R
Risk management (according to M_o_R)
M01 - Introduction to risk management and M_o_R 4/21 | 18/309
Programme
Project
Operational
StrategicLong term(continuous, ad-hoc)
Medium term(all programmes)
Short term(all projects)
Business as usual(continuous, ongoing, everyday)
Escalated risks
Escalated risks
Escalated risks
Escalated risks Escalated risks
Delegated risks
Delegated risks
Delegated risks Delegated risks
Delegated risks
When and where risk management should be applied?
Introduction to risk management and M_o_R
© A
XELO
S Lt
d. 2
013.
Mat
eria
l is
repr
oduc
ed u
nder
lice
nce
from
AXE
LOS.
7
Top-
dow
n ap
proa
ch b
y ap
plyi
ng p
olic
ies
M01 - Introduction to risk management and M_o_R 5/21 | 19/309
Identify
Assess
Plan
Implement
Communicate(throughout)
M_o_R Framework
Introduction to risk management and M_o_R
M_o
_R a
ppro
ach
Risk
man
agem
ent
proc
ess
guid
e
© A
XELO
S Lt
d. 2
013.
Mat
eria
l is
repr
oduc
ed u
nder
lice
nce
from
AXE
LOS.
3
Same M_o_R framework is also used in PRINCE2,
MSP and ITIL
frame●work (frām’wûrk’) n. –
A structure for supporting or
enclosing something, esp. a skeletal support
used as the basis insomething being
constructed
M01 - Introduction to risk management and M_o_R 6/21 | 20/309
M_o_R consists of 4 components: Principles (8) Embed and review Process (1) Approach (a.k.a. documents) (9)
Applying these concepts in a systematic way enables organisations to put in place an effective framework which helps them take informed decisions regarding risks that may affect their objectives
Introduction to risk management and M_o_R
M_o_R components
3M01 - Introduction to risk management and M_o_R 7/21 | 21/309
Risk related definitions (according to M_o_R) (1/2)
Threat (-) An uncertain event that could have
a negative impact on objectives or benefits
Opportunity (+) An uncertain event that could have
a favourable impact on objectives or benefits
Risk Exposure The combined effect of risks to a set
of objectives
Introduction to risk management and M_o_R
4M01 - Introduction to risk management and M_o_R 8/21 | 22/309
Corporate Governance (according to M_o_R)
Corporate Governance The ongoing activity of maintaining a
sound system of internal control by which the directors and officers of an organisation ensure that effective management systems, including financial monitoring and control systems, have been put in place to protect assets, earnings capacity and the reputation of the organisation
Introduction to risk management and M_o_R
Confederation of British Industry (CBI) definition:“Systems by which companies are directed and controlled”
5M01 - Introduction to risk management and M_o_R 9/21 | 23/309
Corporate Governance - Responsibilities
Shareholders Appoint directors and auditors
Board of Directors Set strategic aims Provides leadership Supervise management Reporting to shareholders
Audit committee Support board and accounting
officer Review comprehensiveness and
reliability of assurances
Introduction to risk management and M_o_R
M01 - Introduction to risk management and M_o_R 10/21 | 24/309
Internal Control - Factors to Consider
UK Guidance for Directors state that the board’s deliberations should include the consideration of the following factors: Nature and extent of risks Extent and categories of acceptable risks Likelihood of risks Company's ability to reduce the incidence and
impact on the business of risks that do materialize
Costs of operating particular controls relative to the benefit thereby obtained in managing the related risks
It notes that internal audits must cover all internal control systems, not just financial controls
Introduction to risk management and M_o_R
6M01 - Introduction to risk management and M_o_R 11/21 | 25/309
The UK Corporate Governance Code
The UK Corporate Governance Code: The board is responsible for determining the
nature and extent of significant risks it is willing to take in achieving its strategic objectives, and that the board should maintain sound risk management and internal control systems and review the effectiveness of these at least annually
Board determines the nature and extent of risks fading organisation and how much risk it is willing to take to achieve its strategic objectives Board maintains risk management and internal
control systems Board reviews the effectiveness at least annually
Introduction to risk management and M_o_R
5M01 - Introduction to risk management and M_o_R 12/21 | 26/309
Changes in risk management landscape in UK since 2002 (1st M_o_R edition)
Introduction to risk management and M_o_R
2002• Sarbanes
Oxley (USA)
2003• HM Treasury -
The Green book
2004• Basel II• COSO ERM• HM Treasury -
The Orange book
2008• Credit
Crunch
2009• ISO
31000
2010• Basel III
2002M_o_R
V1
2007M_o_R
V2
2010M_o_R
V3Sold 35,000+ copies of V3 in
over 70 countries
M01 - Introduction to risk management and M_o_R 13/21 | 27/309
Other standards and frameworks dedicated to (non-regulatory) Risk Management (selected)
Introduction to risk management and M_o_R
COSOERM
PMI-RMP(qualification)
AS NZS 4360-1999
CAN-CSA-Q850-97
IEEE Std1540-2001
NIST SP 800-37
ISO/IEC 27005
ISO31000
FERMA OCTAVEAllegro
OCEG GRC Capability
Model
Risk IT
M01 - Introduction to risk management and M_o_R 14/21 | 28/309
Relationship with other AXELOS Global Best Practices
Introduction to risk management and M_o_R
8
Portfoliomanagement
Portfolio(s) Office
Programmemanagement
Programme(s)Office
Project(s) Office
Projectmanagement
Projectmanagement
Projectmanagement
Man
agem
ent o
f Risk
(M_o
_R)
ITIL
Man
agem
ent o
f Val
ue (M
oV)
RESI
LIA
M01 - Introduction to risk management and M_o_R 15/21 | 29/309
Relationship with other AXELOS Global Best Practices and Models
Introduction to risk management and M_o_R
11
The Portfolio, Programme, and Project
Management Maturity
Model (P3M3)
ITILMaturity
Model(IMM)
ITILPortfolio, Programme and Project
Offices(P3O)
Management of Value(MoV)
Management of Risk
(M_o_R)
Best practice guides
AXELOS common glossary
PRINCE2Maturity
Model(P2MM)
Models
(MoP)Management of Portfolios
(MSP)Managing Successful Programmes
(PRINCE2)PRojects IN Controlled Environments
Portfolio Office
Programme Office
Project Office
RESILIA
M01 - Introduction to risk management and M_o_R 16/21 | 30/309
How M_o_R fits with other AXELOS Global Best Practice Guides
Introduction to risk management and M_o_R
P3O
MoP
MoV
MSPPRINCE2
ITIL
RESILIA
Maintaining IT services risk level at appropriate levels
Helping in business continuity and disaster recovery activities
Providing risk management process, know how, techniques to support offices
Aggregating risks at the portfolio level
Giving clear picture of global risks in the entire organisation
Securing value optionswith defining KPI and EWIs
Securing capabilities delivery and benefits realisation
Providing proactive risk management process aligned with global organisation risk management policy
Securing project health with defining KPI and EWIs on project variables
Providing proactive risk management process aligned with global organisation risk management policy
Combining IT risk and cyber security management
Providing risk management process and techniques
M01 - Introduction to risk management and M_o_R 17/21 | 31/309
M_o_R in numbers (version 2010)
Introduction to risk management and M_o_R
1
4
8
1
9 8
6
27
1
1
Framework
Perspectives
Principles
Process
ProductsRisk Response
Options
Roles
Techniques
Health Check
Maturity Model
M01 - Introduction to risk management and M_o_R 19/21 | 33/309
Q&A
Introduction to risk management and M_o_R
M01 - Introduction to risk management and M_o_R 20/21 | 34/309