Documente Academic
Documente Profesional
Documente Cultură
AND
INTEGRATED RISK
MANAGEMENT
RIMS Breakfast
Thursday October 16th, 8:30
Earl Grey Room, Minto Suites Hotel
427 Laurier Street
Ottawa
John Lark, Stratos Inc.
This Presentation
A Global Standard
Integrated Risk Management in Canada
What is in ISO 31000 ?
How ISO 31000 can help
Bringing it to your clients
Steps to implementing a sustainable and
risk based adaptive management regime
2
Assurance
3
Drivers for a Global Standard
4
The Search for a Standard
5
The Canadian Context
6
Management Accountability Framework
Performance Indicators
Framework
7
Performance Indicators for IRM
Risk Management
• Key risks identified and
managed
• Risk lens in decision making
• Risk smart culture
• Capacity to communicate
and manage risk in public
context
In June of 2007
The “Policy for the Management of Projects” was
approved by the Treasury Board Secretariat
5.1 Objective The objective of this policy is to ensure that the
appropriate systems, processes and controls for managing
projects are in place, at a departmental, horizontal or
government-wide level, and support the achievement of
project and program outcomes while limiting the risk to
stakeholders and taxpayers.
5.2 Expected results
The expected results of this policy, associated standards and
directive are that:
• Projects achieve value for money;
• Sound stewardship of project funds is demonstrated;
• Accountability for project outcomes is transparent; and
• Outcomes are achieved within time and cost constraints.
9
What the Policy requires
10
Principle On Which ISO 31000 is based
Risk
“the effect of uncertainty on objectives”
Defined in Guide 73
11
ISO 31000 Table of Contents
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Principles for managing risk
5 Framework for managing risk
6 Process for managing risk
12
Steps to Develop and Sustain a Risk Management Framework
5.3 Designing
the Framework
13
Chapter 4 Principles for Managing Risk
To be most effective, an organization’s risk management should adhere
to the following principles.
Risk Management:
a) creates value.
b) is an integral part of organizational processes.
c) is part of decision making.
d) explicitly addresses uncertainty.
e) is systematic, structured and timely.
f) is based on the best available information.
g) is tailored.
h) takes human and cultural factors into account.
i) is transparent and inclusive.
j) is dynamic, iterative and responsive to change.
k) facilitates continual improvement and enhancement of the
organization.
14
Chapter 5 Framework for Managing Risk
5.1 General
5.2 Mandate and commitment
5.3 Design of framework for managing risk
5.3.1 Understanding the organization and its context
5.3.2 Risk management policy
5.3.3 Integration into organizational processes
5.3.4 Accountability
5.3.5 Resources
5.3.6 Establishing internal communication and reporting mechanisms
5.3.7 Establishing external communication and reporting mechanisms
5.4 Implementing risk management
5.4.1 Implementing the framework for managing risk
5.4.2 Implementing the risk management process.
5.5 Monitoring and review of the framework
5.6 Continual improvement of the framework
15
Chapter 6 Process for Managing Risk
6.1 General
6.2 Communication and consultation
6.3 Establishing the context
6.3.1 General
6.3.2 Establishing the external context
6.3.3 Establishing the internal context
6.3.4 Establishing the context of the risk management process
6.3.5 Developing risk criteria
6.4 Risk assessment
6.4.1 General
6.4.2 Risk identification
6.4.3 Risk analysis
6.4.4 Risk evaluation
6.5 Risk treatment
6.5.1 General
6.5.2 Selection of risk treatment options
6.5.3 Preparing and implementing risk treatment plans
6.6 Monitoring and review
6.7 Recording the risk management process
16
How Can ISO 31000 Help ?
17
Working With Clients
Adaptive Management
Assess
Design
Adjust
Implement
Evaluate
Monitor
18
Where Integrated Risk Management Fits In
Assess
Design
Adjust
IRM Occurs Here
Evaluate Implement
Monitor
19
The Assessment Phase
20
Integrated Risk Management in the Assessment Phase
24
Large Appetite Plan for All
for Risk Extreme Risks
CEO
Increasing Impact
Increasing Impact
Director
Manager
Chief
Increasing Likelihood Increasing Likelihood
Very High
Likely
Likelihood
26
Risk Assessment by Strategic Objective
27
The Next Step is Design
Assess
Design
Adjust
IRM Occurs Here
Evaluate Implement
Monitor
28
Risk Treatment should be “Designed In”
Risk Event
Tolerance
Acceptable ? YES Assume
Escalate
NO For information
Likelihood Likely
30
Then Implement
Assess
Design
Adjust
IRM Occurs Here
Evaluate Implement
Monitor
31
Then Monitor
Assess
Design
Adjust
IRM Occurs Here
Evaluate Implement
Monitor
32
And, after one cycle, Evaluate
Assess
Design
Adjust
IRM Occurs Here
Evaluate Implement
Monitor
33
Adjust after Evaluation
Adjust
34
Enterprise Wide Evaluation of Treatment
Table showing the effect of risk treatment
35
Questions?
36