Issuu on Google+

ISO 31000, a risk management standard for decision-makers

Alex Dali, MBA, ARM President at G31000 Alex.Dali@G31000.org


About ISO 31000

 History  Objectives of ISO 31000    

Scope Structure Users Benefits

About the First global survey on ISO 31000 About certification  Certification of organisations  Certification of individuals 2


History of ISO 31000

3


About ISO 31000

Quality OH&S Environment

Finance IT security Food safety

Equipment

Project Supply chain 4


About ISO 31000

Engineer Scenario Manager Health Finance Public sector

 risk = hazard  risk = event  risk = uncertainty on objectives  risk = threat (purely negative)  risk = return  risk = discontinuity of service

 Organisations of all types face a range of risks…  Organisations of all types face a range of combinations of the probability of an event and its consequences …  Organisations of all types face a range of effects of uncertainty on objectives… 5


About ISO 31000

? AZ/NZS ISO31000 AS/NZS4360 2009 95/99/04 Australia ONR 49000:2008 Austria(DE/CH)

COSO 2 (ERM) : 2004 USA

FERMA:2004 Europe

JIS JISQQ31000 2001

Japan Japan CAN/CSAQ850-1997 ISO 31000

•AIRMIC, ALARM, IRM:2002 • M_o_R:2002/2007/2011 • BS ISO31000 • BS 31100 Guide

UK

Canada 6


About ISO 31000

Internationally-recognised reference • International consensus • single global reference for stakeholders • wide application • “umbrella” for more than 60 standards • should not be ignored 7


About ISO 31000

OECD

Argentina, Australia, Austria, Belarus, Bulgaria, Brazil, Canada, Chile, China, Czech Republic, Denmark, Estonia, Finland, France, Germany, India, Iran, Israel, Italy, Japan, Malaysia, Mexico, Netherlands, New-Zealand, Norway, Poland, Portugal, Romania, Russia, Singapore, Slovak Republic, Slovenia, South-Africa, Spain, Sweden, Switzerland, Thailand, Turkey, United Kingdom, Uruguay, United States


ISO31000 standards in Europe

SFS ISO31000 SS ISO31000 EVS ISO 31000

NS ISO31000

LVS ISO 31000

GOST R ISO 31000 BS ISO31000

DS ISO 31000

STB ISO 31000

PN ISO 31000

NEN ISO31000

CSN ISO 31000 DIN ISO31000

STN ISO 31000 NF ISO31000 ÖNORM ISO 31000 ISO31000

SIST ISO 31000 NP ISO31000 SR ISO 31000

xxxISO 31000 UNE ISO31000

UNI ISO31000

Based on informal information received on 6th August 2012


Survey Population USA – 20%

UK– 10%

(based on 1823 responses)

111 countries

Australia– 10%

United Arab Emirates– 3%

South Africa– 10% © G31000. Commercial in Confidence. 2012

India– 4%

Canada– 4% 10


Participation by Department

Š G31000. Commercial in Confidence. 2012

11


Objectives of ISO 31000

SCOPE

 All organisation: Any sector, any activity, any size  All risk: Any type of risk, + or - consequences  Generic guidelines: Harmonizes processus, not practices  Global reference: Harmonize RM in existing and future standards

Global application: Objectives, context, structure, operations, processes, functions, projects, products, services, or assets

12


Objectives of ISO 31000

SCOPE

ISO Standard vs ISO Guideline ?

• Risk Management – Principles and Guidelines • voluntary application, not prescriptive, no legal requirement

• specifically not intended for certification • ISO  certifiable standard ? NO ! 13


Objectives of ISO 31000

SCOPE

… not a parallel management system

• avoid the troubled implementation of ISO 9000 series • promote business performance

• no bureaucratic compliance reporting system • simplify further if necessary


Objectives of ISO 31000

STRUCTURE

Process Principles

Framework


Objectives of ISO 31000

STRUCTURE

Simple risk management architecture • 3-pillar structure • robust and simple to apply • opportunity to review existing RM practices

• Track similarities and differences


Objectives of ISO 31000

STRUCTURE FRAMEWORK

PRINCIPLES

MANDATE AND COMMITMENT

a) Creates value

b) Integral part of organizational processes

DESIGN OF

c) Part of decision making

FRAMEWORK FOR MANAGING

d) Explicitly addresses uncertainty

RISK

e) Systematic, structured and timely f) Based on the best available information g) Tailored

IMPLEMENTING CONTINUAL

RISK

IMPROVEMENT

MANAGEMENT

h) Takes human and cultural factors into account

MONITORING

i) Transparent and inclusive

AND REVIEW

j) Dynamic, iterative and responsive to change k) Facilitates continual improvement and enhancement of the

17


Objectives of ISO 31000

STRUCTURE

COMMUNICATION AND CONSULTATION

ESTABLISH THE CONTEXT

RISK IDENTIFICATION

RISK ANALYSIS RISK EVALUATION

RISK TREATMENT

MONITORING AND REVIEW

RISK MANAGEMENT PROCESS

+

ISO GUIDE 73 RISK MANAGEMENT VOCABULARY

18


Objectives of ISO 31000

STRUCTURE

Text of the ISO 31000 standard • The text is short and clear

• Not radically new • Some statements like “embedded in all...” seem ideallic goals


Objectives of ISO 31000

STRUCTURE

Vocabulary ISO Guide 73

• reviewed by the same committee • 51 definitions related to RISK

• many improvements • use language meaningful to your organisation


Objectives of ISO 31000

USERS

1. CORPORATE LEVEL : policy, program, framework 2. OPERATIONAL LEVEL : Project, activity, sectors 3. AUDIT : Audit, evaluation and reporting 4. WRITERS : Guides, procedures, practices


Objectives of ISO 31000

BENEFITS

1. Standard = consensus (compromise) 2. Standards  regulation voluntary endorsment 3. Wide range of input  one point of view 4. Apply to any activity or domain in any organisation 5. Integrated appoach for the management of risk 6. Very general allowing interpretation  guideline 7. Regular updates through ISO 8. Recognizing best practices 9. Facilitate communication and training 10. Recognization for the profession


Certification

ORGANISATIONS

• ISO  certifiable standard ? NO !

The 3 last slides could be used for debatting…


Certification

SURVEY 2011


Certification

SURVEY 2011


Certification

ORGANISATIONS

PROS

CONS

• Validation by external independant third parties

• Rarely objective and different in each countries • Additional burden on ressources with no • Validation of the decision-making process or tangible gain • Certified companies do not enojyed • Simple link with mandatory obligation in better performance

specific sectors/areas

• False security

• Confidence of • Might become mandatory by law stakeholders to an international recognized • In a legal dispute, source of negligence standard • Too much focussing on audits and not on processes!


Certification

INDIVIDUALS

 Growing understanding of the importance of effectively managing risk  Increasing recognition of ISO 31000

 individuals wishing for knowledge and understanding about risk management Improved decision making through explicit consideration of uncertainty


LINKEDIN

ISO 31000 discussion group Link to the LinkedIn group : www.linkedin.com/groups?mostPopular=&gid=1834592


LINKEDIN

OTHER GROUPS


LINKEDIN

COUNTRIES


ISO 31000 SURVEY

2011

Global ISO 31000 survey 2011 Results & analysis


ISO 31000 SURVEY

2011

What is your level of awareness about ISO 31000 ?


ISO 31000 SURVEY

2011

What is your level of awareness about ISO 31000 ?


ISO 31000 SURVEY

2011

What is your level of awareness about ISO 31000 ?


ISO 31000 SURVEY

2011

How is risk management mainly used within your organization ?


ISO 31000 SURVEY

2011

How is risk management mainly used within your organization ?


www.G31000conference2012.org


QUIZZ on the ISO 31000 STANDARD

Quizz on the ISO 31000 risk Management standard


QUIZZ on the ISO 31000 STANDARD

Question 1 : The ISO 31000 document is a A

Technical specifications for Risk Management

B

Guidance standard for Risk Management

C

Certificable standard for Risk Management

D

Umbrella standard for in existing or future standards


USEFUL LINKS

ISO 31000 GLOBAL SURVEY 2011 : http://www.g31000conference2012.org/ISO31000Survey2011

ISO 31000 INTERNATIONAL CONFERENCE :http://g31000conference2012.org/

LINKEDIN GROUP on ISO 31000 : http://www.linkedin.com/groups?mostPopular=&gid=1834592

About ISO 31000 – official link: http://www.iso.org/iso/catalogue_detail?csnumber=43170

40


erm2012_day1_07-alex_dali-ermconference-kuwait-version1