Beruflich Dokumente
Kultur Dokumente
Ri
k
tb t
ti
is ISO 31000
isISO31000
JohnShortreed
John
Shortreed
Director,InstituteforRiskResearch
UniversityofWaterloo
y
IMPLEMENTINGRISKMANAGEMENTIN
2008
TorontoMay9,2008
ISO31000isamusthavefor
Organizations
Internationalstandardsallowforeasyinterchangeof
ideas,contractualarrangements,andinnovation
St
Standardscanalsobechecklists,meaninglessexercisesin
d d
l b h k li t
i l
i
i
futilityandaboontoconsultants
31000
31000isnoncertifiablewhichmakesitagood
is non certifiable which makes it a good
standard
Now10yearssinceISOGuide73and20yearssince
Now 10 years since ISO Guide 73 and 20 years since
AUS/NZ4360andCSAQ850 welldiscussed,tested,
andvalidated
WhydidtheCanadiancrosstheroad?
2
OBJECTIVESdrivenwithinContextbyRiskCriteria
ACCOUNTABILITY
OrganizationwideFRAMEWORK
Individual decisionmaker
Individualdecision
makerRiskManagementPROCESS
Risk Management PROCESS
Design,implementation,monitorandreview,KPI,
documentation CONTINUOUS IMPROVEMENT
documentation,CONTINUOUSIMPROVEMENT
6
a)Createsvalue
b)Integralpartof
g
p
organizationalprocesses
c)Partofdecisionmaking
d)Explicitlyaddresses
uncertainty
e)Systematic,structured
andtimely
f)
f)Basedonthebest
d
h b
availableinformation
g)Tailored
h)Takeshumanand
culturalfactorsinto
account
i)Transparentandinclusive
j)Dynamic,iterativeand
responsivetochange
k)Facilitatescontinual
improvementand
enhancementofthe
organization
5.2
Mandate
and
and
commitment
ISOOverview
3mainclauses
plusterminology
5.3
g
Designof
framework
formanagingrisk
5.6
Continual
improvement
ofthe
framework
5.4
Implementing
Implementing
risk
management
5.5
Monitoring
andreview
ofthe
framework
Principlesfor
managingrisk
(Clause 4)
(Clause4)
Frameworkfor
managingrisk
(Clause 5)
(Clause5)
Processformanaging
risk
((Clause6))
5.2 Mandateandcommitment
5.3 Designofframeworkformanagingrisk
5.3.1 Understandingtheorganizationanditscontext
5.3.2 Riskmanagementpolicy
5.3.3 Integrationintoorganizationalprocesses
5.3.4 Accountability
5.3.5 Resources
5.3.6 Establishinginternalcommunicationandreportingmechanisms
5.3.7 Establishingexternalcommunicationandreportingmechanisms
5 6 Continualimprovementoftheframework
5.6
Continual improvement of the framework
5.4 Implementingriskmanagement
5.4.1 Implementingtheframeworkformanagingrisk
l
h f
kf
k
5.4.2 Implementingtheriskmanagementprocess
5.5 Monitoringandreviewoftheframework
ISO31000FrameworkforRiskManagement
Terminology
( Guide 73 )
(Guide73)
risk profile
risk attitude
resilience
risk effect
of uncertainty
on objectives
event
consequence
risk criteria risk tolerance
risk matrix risk aggregation
likelihood
risk aversion
uncertainty
probability
frequency
and practices to the tasks of communicating, consultation, establishing the context, identifying,
analysing, evaluating, treating, monitoring and reviewing risk
level of risk
risk assessment
risk register
risk source
h
hazard
d
risk identification
risk analysis
monitoring
review
vulnerability
control
risk acceptance
risk sharing
risk avoidance
risk financing
residual risk
risk retention
risk mitigation
Theriskmanagementprocess
g
p
Monito
orandreview
Identifyrisks
Analyserisks
Evaluate risks
Evaluaterisks
Treatrisks
Communiicateandconsult
RMInformationSystem
RiskRegisters
TreatmentPlan
AssurancePlan
Reportingtemplates
Advantages of 31000
Advantagesof31000
Strategic,operations,processes,projects,products,assets,
governance,everything
thi
Proactivelycreatevaluebytreatinguncertainty,whilerespecting
regulations,laws,organization
Expectbetterprofits,moral,trust,controls,initiatives,reporting,and
Expect better profits moral trust controls initiatives reporting and
corporateculture
Designedtointegratewithexistingmanagement
Buildonexistingmanagementsystems,addcommitment,alignment,
Build on existing management systems add commitment alignment
IT,stakeholders,ownershipofrisk,etc.
CommunicationandConsultationasappropriate considerthe
valuesandperceptionsofstakeholders
p
p
Riskineverydecisionissetincontext,assessed,treated,documented
Review,review,andreview,thenact,act,act
11
ExampleriskregisterforaspecificObjective illustrationonly
CourtesyofLarryWarneroftheFoodCompany
6.ManagementTeamevaluatestheprobability
ofsuccessinachievingthisinitiativesoverall
objectives
1.Identifyinitiativesandtheirassociated
descriptionswithmeasurableobjectives
Risk
Profile
ReadytoHeat
Aggressivelygrowandbuildthereadytoheatbusinessbyexpandingthe Priority
d t li (15% NSV
th & i t i h
b
30%) d
productline(15%NSVgrowth&maintainsharesabove30%)and
Owner
broadentheavailabilityoftheproduct.
Risks
1
2
3
TreatmentActivities
Increaseofaggressivecompetition
from Rice Master and Fast Rice
fromRiceMasterandFastRice
Aggressiveyearforgrowthtarget
forthesegment&brand
Achievenewproductgrowth
targets
1,2,3
1
Accelerateinnovation
C d t
Conductcompetitoranalysis
tit
l i
session
3.Documentthe
individualinchargeof
thegiveninitiative
5.Listofplannedactivitiesthatwilltreatthe
risks matchthetreatmentstrategiestorisk
throughthereferencenumbers
ActionPlan
4.Listofrisksthatcouldhindertheabilityto
meettheinitiativesobjectives
t th i iti ti bj ti
2.Prioritizeorderof
thekeyinitiatives
basedontheir
contributionto
achievingtheoverall
financialandstrategic
objectives within the
objectiveswithinthe
OP
7.Documentthe
immediatenextsteps
for effective initiative
foreffectiveinitiative
execution
Initiative
Initiative
Risk Profile
RiskProfile
Trend
Q305Q405Q106Q206
RelaunchofPedigree
Yellow Green
EffectivelyexecutetherelaunchofPedigreeto
achievethegrowthtargets(10%)
Directtostore(DTS)
IncreaseDTSoperationsby10%andadd500
pointsofsalepercell
p
p
Green Green
Associateengagement
Increaseassociateengagementscorefrom85%to
90%withinthefactory
Blue Green
BringPetDryplantonline
MaketheDryplantfullyoperationalbyP13
Red
LaunchofDove
Launch
of Dove
SuccessfullylaunchDoveintothemassmarketand
achieve65%distribution
Blue Yellow
Blue
Comments
ShipmentsstartedinP2tomeet
Improving advertisingschedule.Advertising
onair(P2W3).Massive
presentation to all customers was
presentationtoallcustomerswas
executedduringP1withexcellent
customerparticipation.
Stable
DTSoperationisimproving
howevertherearestillsomeareas
thatneedtoimprovefurther.We
p
willexpandwhenwehavea
holisticstrategy.
Improving Shiftmanagershavebeen
providedassociateengagement
training.Allmanagershaveheld
meetingswiththeirteam
members.
Stable
Ontrack,constructionpermit
granted.Plantwillbereadyby
P13
Stable
Increased risk due to current
Increasedriskduetocurrent
demandexceedingsupply.We
haverephasedtherolloutfor
themassmarkettoensure
currentsupplyisadequate.
Letscheck
what ISO 31000 is, and
whatISO31000is,and
whatitexpectsofanorganization
then
Discussion,Comments,Questionsand
Discussion
Comments Questions and
usefularguments
14