prev
next
out of 8

ISO 31000 Summary

Embed Size (px)

Citation preview

  • 8/2/2019 ISO 31000 Summary

    1/8

    RISK MANAGEMENT PRINCIPLES

    3(A) RISK MANAGEMENT SHOULD CREATE AND PROTECT VALUE

    Use risk management to create and protect value.

    Create and protect value by using risk management to help achieveyour organizations objectives and improve its performance.

    3(B) RISK MANAGEMENT SHOULD BE AN INTEGRAL PART OF ALL PROCESSES

    Make risk management part of every process within your organization at every level.

    Make risk management a responsibility of every manager within your organization.

    3(C) RISK MANAGEMENT SHOULD BE PART OF YOUR DECISION MAKING

    Make risk management part of your decision making process at every level.

    Use risk management to make informed choices.

    Use risk management to prioritize actions.

    3(D) RISK MANAGEMENT SHOULD BE USED TO DEAL WITH UNCERTAINTY

    Use risk management to address the uncertainty that your organization faces.

    Use risk management to identify and define the nature andtype of uncertainties that your organization must deal with.

    Use risk management to figure out what you can doto address your organizations uncertainties.

    3(E) RISK MANAGEMENT SHOULD BE STRUCTURED, SYSTEMATIC, AND TIMELY

    Make sure that your risk management approach is structured, systematic, and timely.

    Make sure that your approach contributes to organizational efficiency.

    Make sure that your approach generates consistent and reliable results.

    3(F) RISK MANAGEMENT SHOULD BE BASED ON THE BEST INFORMATION

    Make sure that the inputs you use to manage risk arebased on the best available information sources.

    Make sure that decision makers understand and consider thelimitations and shortcomings of the data they use to manage risk.

    3(G) RISK MANAGEMENT SHOULD BE TAILORED TO YOUR ENVIRONMENT

    Make sure that your organizations approach to risk management

  • 8/2/2019 ISO 31000 Summary

    2/8

    is aligned with its unique internal and external context.

    Make sure that your organizations approach torisk management is aligned with its risk profile.

    3(H) RISK MANAGEMENT SHOULD CONSIDER BOTH HUMAN AND CULTURAL FACTORS

    Make sure that your approach to risk management recognizesand considers the human and cultural factors that can influencethe achievement of your organizations objectives.

    Consider how human capabilities can facilitateor hinder the achievement of your objectives.

    Consider how human perceptions can facilitateor hinder the achievement of your objectives.

    Consider how human intentions can facilitateor hinder the achievement of your objectives.

    3(I) RISK MANAGEMENT SHOULD BE TRANSPARENT, INCLUSIVE, AND RELEVANTMake sure that your approach to risk management is transparent.

    Make sure that your organizations approach torisk management is open, visible, and accessible.

    Make sure that your approach to risk management is inclusive.

    Involve your organizations stakeholders.

    Involve decision makers from all parts of your organization.

    3(J) RISK MANAGEMENT SHOULD BE DYNAMIC, RESPONSIVE, AND ITERATIVE

    Make sure that your organizations approach torisk management is dynamic and responsive.

    Make sure that your approach to risk managementcontinually senses change and responds to it.

    Make sure that your organizations approach to riskmanagement is iterative (a process that repeats itself).

    Repeat your risk management process wheneverand wherever objectives need to be achieved.

    3(K) RISK MANAGEMENT SHOULD FACILITATE CONTINUAL IMPROVEMENT

    Use risk management to continually improve all aspects of your organization.

    Develop strategies to continually improve your approach to risk management.

    4. RISK MANAGEMENT FRAMEWORK

    4.1 ESTABLISH A RISK MANAGEMENT FRAMEWORK

  • 8/2/2019 ISO 31000 Summary

    3/8

    Make risk management part of your organizations management system.

    Establish an effective risk management framework for your organization.

    Use your framework to support your organizations risk management process.

    4.2 MAKE A COMMITMENT TO RISK MANAGEMENT

    Define your organizations risk management policy.

    Establish risk management performance indicators.

    Formulate risk management objectives.

    Assign risk management responsibilities.

    Allocate risk management resources.

    Communicate risk management benefits.

    Support your risk management framework.

    4.3 DESIGN YOUR RISK MANAGEMENT FRAMEWORK

    4.3.1 Understand your organization's contextEvaluate and understand your organizations external context and thenuse this knowledge to help design your risk management framework.

    Evaluate and understand your organizations external environment.

    Evaluate and understand your organizations external stakeholders.

    Evaluate and understand your organizations external influences.

    Evaluate and understand your organizations internal context and thenuse this knowledge to help design your risk management framework.

    Understand your organizations internal stakeholders.

    Understand your organizations governance.

    Understand your organizations capabilities.

    Understand your organizations culture.

    Understand your organizations standards.

    Understand your organizations contracts.

    4.3.2 Formulate your risk management policyEstablish a risk management policy for your organization.

    Make a clear commitment to risk management.

    Define your risk management objectives.

  • 8/2/2019 ISO 31000 Summary

    4/8

  • 8/2/2019 ISO 31000 Summary

    5/8

    Develop a plan that explains how you intend to applyyour organizations risk management process (Part 5).

    Use your risk management plan to implement yourorganizations risk management process (Part 5).

    4.5 MONITOR YOUR RISK MANAGEMENT FRAMEWORK

    Evaluate the ongoing effectiveness of your s risk management framework.

    Prepare reports on the effectiveness of your s risk management framework.

    4.6 IMPROVE YOUR RISK MANAGEMENT FRAMEWORK

    Study the results of your risk management monitoring and review activities (Part 4.5).

    Figure out how youre going to improve your s risk management framework.

    5. RISK MANAGEMENT PROCESS

    5.1 APPLY YOUR RISK MANAGEMENT PROCESSApply your risk management process (see Part 5.2 to 5.6 for details).

    Make your risk management process part of your management approach.

    Make your risk management process part of your unique culture.

    5.2 COMMUNICATE AND CONSULT WITH YOUR STAKEHOLDERSCommunicate and consult with stakeholdersduring all stages of the risk management process.

    Use a consultative team approach to communicateand consult with your organizations stakeholders.

    5.3 ESTABLISH YOUR UNIQUE RISK MANAGEMENT CONTEXT5.3.1 Establish your risk management parametersIdentify and understand the parameters and variables thatinfluence and control how your organization manages risk.

    Define your organizations external context (see Part 5.3.2 for details).

    Define your organizations internal context (see Part 5.3.3 for details).

    5.3.2 Establish your organization's external contextIdentify and understand your organizations external contextand consider the influence it could have on its ability to manage

    risk and achieve its objectives.

    Identify and understand environmental conditions andconsider the influence they could have on your organizationsability to achieve its objectives.

    Identify and understand key external factors and consider the influencethey could have on your organizations ability to achieve its objectives.

    Identify and understand the relationships you have with external

  • 8/2/2019 ISO 31000 Summary

    6/8

    stakeholders and consider the influence they could have on yourorganizations ability to achieve its objectives.

    Consider your external context when you develop yourorganizations risk criteria (see Part 5.3.5 for details).

    Consider the concerns, objectives, and perceptions ofexternal stakeholders when you formulate your risk criteria.

    5.3.3 Establish your organization's internal contextIdentify and understand your organizations internal context and consider theinfluence it could have on its ability to manage risk and achieve objectives.

    Understand your organizations internal stakeholders.

    Understand your organizations governance structure.

    Understand your organizations capabilities.

    Understand your organizations culture.

    Understand your organizations standards.

    Understand your organizations contracts.

    5.3.4 Establish the context of your risk management processEstablish the unique context of your risk management process.

    Adopt a risk management approach that is appropriateto your circumstances and consistent with your context.

    Identify the organizational areas or parts that willparticipate in your risk management process and make

    sure you understand what they do and how they do it.

    Clarify how each specific risk management processor activity should be organized and managed.

    Define the goals and objectives of the risk managementactivities and projects you intend to carry out.

    Define the resources that your risk managementactivities and projects will need.

    Define the risk management responsibilitiesand authorities of all process participants.

    Define the focus of each risk management projectincluding where and when it will be carried out.

    Define the decisions that will need to be madeas you carry out each risk management process.

    Define the risk assessment methodologies that you intendto use for each risk management process or project.

  • 8/2/2019 ISO 31000 Summary

    7/8

    Define how your risk management process isrelated to your organizations other processes.

    Define the studies that you intend to carry outto support each risk management process.

    Define how risk management process performanceand effectiveness will be evaluated.

    Define the records that each risk managementprocess or activity should maintain.

    5.3.5 Establish your organization's risk criteriaDefine your organizations risk criteria.

    Consider your organization and how itfunctions when you define your risk criteria.

    Consider the views of your organizationsstakeholders when you define your risk criteria.

    Consider the nature and type of causeswhen you define your risk criteria.

    Consider the consequences and impacts thatcould occur when you define your risk criteria.

    Consider how likelihood or probability will bedetermined when you define your risk criteria.

    Consider how the level of risk will be determinedwhen you define your risk criteria.

    Consider whether combinations of multiple risks shouldbe taken into account when you define your risk criteria.

    Review and periodically update your risk criteria.

    5.4 CARRY OUT YOUR ORGANIZATIONS RISK ASSESSMENT PROCESS5.4.1 Identify, analyze, and evaluate risksCarry out your risk assessment process.

    Identify your organizations risks (see Part 5.4.2 for details).

    Analyze your organizations risks (see Part 5.4.3 for details).

    Evaluate your organizations risks (see Part 5.4.4 for details).

    5.4.2 Identify your organization's risksChoose suitable risk identification tools and techniques.

    Select suitable people to identify your organizations risks.

    Use your tools and techniques to identify the risks that couldaffect the achievement of your organizations objectives.

  • 8/2/2019 ISO 31000 Summary

    8/8

    Generate a comprehensive list of risks that could affectthe achievement of your organizations objectives.

    5.4.3 Analyze your organization's risksAnalyze the risks that your organization faces.

    Estimate your organizations level of risk.

    Specify how much confidence you have in your analysis.

    Use your risk analysis to understand your organizations risks.

    Communicate the results of your risk analysis.

    5.4.4 Evaluate your organization's risksUse the results of your risk analysis to evaluate your organizations risks.

    Use the results of your risk analysis to consider your risk treatment options.

    5.5 FORMULATE AND IMPLEMENT YOUR RISK TREATMENT PLANS

    5.5.1 Explore your organization's risk treatment optionsEstablish a cyclical risk treatment process.

    Consider your organizations risk treatment options.

    5.5.2 Select your organization's risk treatment optionsSelect the most appropriate risk treatment options.

    Plan the implementation of your risk treatments.

    5.5.3 Prepare risk treatment implementation plansDocument your organizations risk treatment plans.

    Discuss risk treatment plans with all participants.

    Carry out your risk treatment implementation plans.

    5.6 MONITOR AND REVIEW YOUR RISK MANAGEMENT PROCESS

    Plan your risk management monitoring and review processes.

    Monitor and review all aspects of your risk management process.

    Record your organizations monitoring and review results.

    Report your risk management monitoring and review results.

    5.7 MAINTAIN A RECORD OF RISK MANAGEMENT ACTIVITIES

    Create and maintain records to support your risk management process.

    Use your records to support your organizations risk management process.


ISO 31000 .pdf

ISO 31000 .pdf

Documents
Norma ISO 31000

Norma ISO 31000

Documents
Iso 31000 para 2017)

Iso 31000 para 2017)

Leadership & Management
Iso 31000 for_smes

Iso 31000 for_smes

Leadership & Management
Executive Teams and the Use of ISO 31000 in Decision Making Teams and the Use... · ISO 31000 The International Risk Management Standard ISO 31000 Provides the Architecture. ISO 31000

Executive Teams and the Use of ISO 31000 in Decision Making Teams and the Use... · ISO 31000 The International Risk Management Standard ISO 31000 Provides the Architecture. ISO 31000

Documents
Edicao Iso 31000

Edicao Iso 31000

Documents
Presentación ISO 31000

Presentación ISO 31000

Documents
ISO 31000 Gestion

ISO 31000 Gestion

Documents
Gestion Riesgo ISO 31000

Gestion Riesgo ISO 31000

Documents
Resumen Iso 31000

Resumen Iso 31000

Documents
ISO 31000 - Risk management · koji podržavaju ISO 31000, uključu-jući tehnički izvještaj ISO/TR 31004, Menadžment rizikom-uputstvo za im-plementaciju ISO 31000 i međunaro-dni

ISO 31000 - Risk management · koji podržavaju ISO 31000, uključu-jući tehnički izvještaj ISO/TR 31004, Menadžment rizikom-uputstvo za im-plementaciju ISO 31000 i međunaro-dni

Documents
! 31000 2009 31000-2009.pdf · Стандарт ISO 31000 был подготовлен ISO Technical Management Board Working Group (Группой Технического Руководства

! 31000 2009 31000-2009.pdf · Стандарт ISO 31000 был подготовлен ISO Technical Management Board Working Group (Группой Технического Руководства

Documents
ISO 31000 - bayanbox.irbayanbox.ir/view/2935769691367134343/ISO-31000-modiriat-bohran.pdfISO 31000 • Conducted mid-October to mid-December, 2011 • LinkedIn website on ISO 31000,

ISO 31000 - bayanbox.irbayanbox.ir/view/2935769691367134343/ISO-31000-modiriat-bohran.pdfISO 31000 • Conducted mid-October to mid-December, 2011 • LinkedIn website on ISO 31000,

Documents
NTC - ISO -31000 MEJORADO

NTC - ISO -31000 MEJORADO

Documents
PECB CERTIFIED ISO 31000 RISK · PDF fileMASTERING RISK ASSESSMENT AND OPTIMAL RISK MANAGEMENT BASED ON ISO 31000 AND IEC/ISO 31010 SUMMARY In this three

PECB CERTIFIED ISO 31000 RISK · PDF fileMASTERING RISK ASSESSMENT AND OPTIMAL RISK MANAGEMENT BASED ON ISO 31000 AND IEC/ISO 31010 SUMMARY In this three

Documents
ISO 31000 Risk Management

ISO 31000 Risk Management

Technology
NTC ISO 31000

NTC ISO 31000

Documents
PECB Certified ISO 31000 Transition · ISO 31000 Transition Course enables you to gain a thorough understanding of the differences between ISO 31000:2009 and ISO 31000:2018. Additionally

PECB Certified ISO 31000 Transition · ISO 31000 Transition Course enables you to gain a thorough understanding of the differences between ISO 31000:2009 and ISO 31000:2018. Additionally

Documents
iso 31000.pdf

iso 31000.pdf

Documents
ISO 31000 - Management du risque · ISO 31000 : retrouvez toute cette sélection et bien d’autres documents sur ISO 31000:2018 - NF X50-254, NF ISO 31000 Management du risque -

ISO 31000 - Management du risque · ISO 31000 : retrouvez toute cette sélection et bien d’autres documents sur ISO 31000:2018 - NF X50-254, NF ISO 31000 Management du risque -

Documents
ISO 31000 & ISO 22301 BSI

ISO 31000 & ISO 22301 BSI

Documents
NTC ISO-31000

NTC ISO-31000

Documents
Iso 31000 español

Iso 31000 español

Education
Norma iso 31000

Norma iso 31000

Business
Advanced Course - g31000.orgg31000.org/media/ISO-31000-Lead-Auditor-Certification-Belgium... · CTA31000 CERTIFICATION-COURSE+EXAM SUMMARY This course enables certified ISO 31000

Advanced Course - g31000.orgg31000.org/media/ISO-31000-Lead-Auditor-Certification-Belgium... · CTA31000 CERTIFICATION-COURSE+EXAM SUMMARY This course enables certified ISO 31000

Documents
Become a Certified ISO 31000 Risk Management Professional...22-24 November 2020 Dubai, U.A.E. ISO 31000 Examination and results 25 November 2020 SUMMARY This course enables participants

Become a Certified ISO 31000 Risk Management Professional...22-24 November 2020 Dubai, U.A.E. ISO 31000 Examination and results 25 November 2020 SUMMARY This course enables participants

Documents
Nbr iso 31000

Nbr iso 31000

Documents
PECB CERTIFIED ISO 31000 RISK MANAGERenterprisesustainability.co.za/PECB/iso-31000-risk-manager_4p.pdf · The “PECB Certified ISO 31000 Risk Manager” exam fully meets the requirements

PECB CERTIFIED ISO 31000 RISK MANAGERenterprisesustainability.co.za/PECB/iso-31000-risk-manager_4p.pdf · The “PECB Certified ISO 31000 Risk Manager” exam fully meets the requirements

Documents
Riskpro Iso 31000 Services

Riskpro Iso 31000 Services

Documents
ISO 31000.docx

ISO 31000.docx

Documents