1.1 Principles of Risk Management.pdf

Full Transcript

Fundamentals of Risk
Management
Based on ISO 31000:2018 Risk Management
Guidelines

Ms. Kathrine Camille Nagal, MBA
Facilitator
Intended Learning Outcomes
At the end of this session, the students are expected to:

Explain the Principles, framework and process of Risk
Management

Identify, analyze, evaluate, treat the organizational
functional, and/or process risks

Monitor, review, record, and report the actions to address
the risks and opportunities.
Risk-Based
Thinking
Risk-Based Thinking
Something we all do automatically and often sub-consciously
Part of the process approach that makes preventive action part of one’s routine
Risk is often negatively viewed – risk-based thinking helps identify opportunities
and is considered as the positive side of risk
Essential for achieving an effective quality management system which requires
an organization to plan and implement actions to address risks and opportunities
When addressing both risks and opportunities, a basis for increasing the
effectiveness of the quality management system, achieving improved results and
preventing negative effects is established.
ISO 9001:2015
The concept of risk has always been implicit in ISO 9001 – the 2015 revision
makes it more explicit and builds it into the whole management system
The main objective of ISO 9001 is to provide confidence in the
organization’s ability to consistently provide customers with conforming
goods and services and to enhance customer satisfaction.
The concept of risk in the context of ISO 9001:2015 relates to the
uncertainty of achieving such objectives.
The concept of opportunity in the context of ISO 9001 relates to exceeding
expectations and going beyond stated objectives.
How to implement Risk-Based Thinking into your
organization?
1. Identify what the risks and opportunities are in your organization - this
depends on the context or your organization.
2. Analyze and prioritize the risks and opportunities in your organization - identify
what is acceptable and what is not.
3. Plan actions to address the risks. Can the risks be avoided, mitigated or
eliminated?
4. Take action and implement the plan to address the risks.
5. Check the effectiveness of your plan
6. Continual Improvement
Introduction to Risk Management
Organizations of all types and sizes face external and
internal factors and influences that make it uncertain
whether they will achieve their objectives.

Managing risk is iterative and assists organizations in
setting strategy, achieving objectives and making
informed decisions.

Managing risk is part of governance and leadership and
is fundamental to how the organization is managed at all
levels. It contributes to the improvement of
management systems.
 Introduction to Risk Management
Managing risk is part of all activities
associated with an organization and
includes interaction with stakeholders.

Managing risk considers the external and
internal context of the organization,
including human behaviour and cultural
factors.
Terms and definitions
Risk - effect of uncertainty on objectives
Risk management - coordinated activities to direct and control an organization
with regard to risk.
Stakeholder (interested parties) - person or organization that can affect, be
affected by, or perceive themselves to be affected by a decision or activity.
Risk source - element which alone or in combination has the potential to give rise
to risk
Event - occurrence or change of a particular set of circumstances.
Likelihood- chance of something happening.
Control - measure that maintains and/or modifies risk
Figure 1.
Principles, framework and
Process of Risk Management
 Principles
The purpose of risk management is
the creation and protection of value.

It improves performance, encourages
innovation and supports the
achievement of objectives.

The principles are the foundation for
managing risk which should enable an
organization to manage the effects of
uncertainty on its objectives.
Figure 2 — Principles
 Principles
a. Integrated - integral part of all
organizational activities.
b. Structured and comprehensive
- contributes to consistent and
comparable results.
c. Customized - the framework and
process are customized and
proportionate to the organization’s
external and internal context related to
its objectives.
Principles
d. Inclusive - appropriate and timely
involvement of stakeholders enables their
knowledge, views and perceptions to be
considered, resulting to improved
awareness and informed risk
management.
e. Dynamic - anticipates, detects,
acknowledges and responds to changes
and events in an appropriate and timely
manner. Risks can emerge, change or
disappear as an organization’s external
and internal context changes.
 Principles
f. Best available information - The
inputs are based on historical and current
information, as well as future expectations.
Information should be timely, clear and
available to relevant stakeholders.
g. Human and cultural factors - Human
behavior and culture significantly influence
all aspects of risk management at each
level and stage.
h. Continual improvement - continually
improved through learning and experience.
 Risk Management
Principles
Review
The principles are the foundation for
managing risk and should be considered
when establishing the organization’s risk
management framework and processes.

These principles should enable an
organization to manage the effects of
uncertainty on its objectives.

Figure 2 — Principles
Reference
ISO 31000:2018 Risk management — Guidelines. International
Organization for Standardization, Switzerland. Retrieved from
https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en
www.youtube.com