Documente Academic
Documente Profesional
Documente Cultură
ISO 31000
PRINCIPLES and GUIDELINES
Jojo P. Javier
Doctor of Business Administration
Letran Graduate School of Business
About ISO
ISO (International Organization for Standardization) is an independent, non-
governmental membership organization and the world’s largest developer of
voluntary international standards.
It is made up of 165 member countries that are the national standards bodies
around the world, with a Central Secretariat that is based in Geneva, Switzerland.
What are standards?
International Standards make things work. They give world-class specifications
for products, services and systems, to ensure quality, safety and efficiency. They
are instrumental in facilitating international trade.
ISO has published more than 19,500 International Standards covering almost
every industry, from technology, to food safety, to agriculture and healthcare.
The definition set out in ISO Guide 73 is that risk is the “effect
Risk of uncertainty on objectives”.
Defined
An effect may be positive, negative or a deviation from the
expected, and that risk is often described by an event, a
change in circumstances or a consequence.
Recording and
Classifying
Risk
Assessments
Risk, Risk Management and ISO 31000
Risk management is a central part of the strategic management of
Principles of any organization. It is the process whereby organizations
Risk methodically address the risks attached to their activities.
Management A successful risk management initiative should be proportionate to
the level of risk in the organization, aligned with other corporate
activities, comprehensive in its scope, embedded into routine
activities and dynamic by being responsive to changing
circumstances.
1. Create value
2. Be an integral part of organizational processes
3. Be part of decision making
4. Explicitly address uncertainty
5. Be systematic and structured
6. Be based on the best available information
7. Be tailored
8. Take into account human factors
9. Be transparent and inclusive
10. Be dynamic, iterative and responsive to change
11. Be capable of continual improvement and enhancement
Mandate and Commitment - Clause 4.2
4.3.3 Accountability
• All accountable risk owners are clearly identified and provided with authority &
resources to manage risk
• Board accountability for framework implementation
• Accountability of risk owners at all levels of the organisation clearly identified
• Performance measurement processes in place
• Reporting and escalation processes clearly established
4.3 Design of the Framework
4.3.5 Resources
• Expenditure on the management of risk is an investment
• Good RM will make an organization more effective, but it requires dedicated
resources
• Resources include:
• People: skills, experience and competence
• Time and funds: to execute the process
• Defined processes, methods and tools
• Information systems
• Awareness, education and training programs
4.3 Design of the Framework
4.3.6 & 4.3.7 Establishing Internal & External Communication and Reporting
Mechanisms
• Internal
• Ongoing awareness, education and training
• Framework performance reporting and outcome reviews
• Information management
• Stakeholder engagement
• External
• Stakeholder engagement
• Regulatory reporting requirements
• Use reporting to build confidence
• Business continuity (management of disruption related risk) communication
4.4 Implementing Risk Management
Accept/Retain Share
Step 5 - RISK TREATMENT
• based on judgment or Selection of risk treatment options
• insurance
documented procedures/policy Preparing and implementing risk treatment plans. • outsourcing