Fundamentals of Risk Management PDF
Document Details
Uploaded by MatchlessKindness
University of Santo Tomas
Ms. Kathrine Camille Nagal
Tags
Summary
This presentation covers the fundamentals of risk management, based on ISO 31000:2018 guidelines. It details the framework for understanding, designing, and implementing risk management within an organization, addressing external and internal factors. The presentation specifically highlights risk management considerations related to organizational structure & culture, providing a practical business approach.
Full Transcript
Fundamentals of Risk Management Based on ISO 31000:2018 Risk Management Guidelines Ms. Kathrine Camille Nagal, MBA Facilitator Framework Integration UNDERSTANDING = CUSTOMIZATION AND ADAPTABILITY Integrating risk mana...
Fundamentals of Risk Management Based on ISO 31000:2018 Risk Management Guidelines Ms. Kathrine Camille Nagal, MBA Facilitator Framework Integration UNDERSTANDING = CUSTOMIZATION AND ADAPTABILITY Integrating risk management relies on an understanding of organizational structures and context. Structures differ depending on the organization’s purpose, goals and complexity. Risk is managed in every part of the organization’s structure. Everyone Framework Design 1. Understanding the organization and its context 2. Articulating risk management commitment When designing the 3. Assigning organizational framework for managing roles, authorities, risk, the organization responsibilities and should examine and accountabilities understand its external 4. Allocating resources and internal context Framework Organization’s External Context the social, cultural, political, legal, factors, whether key drivers and regulatory, international, trends affecting the financial, national, regional or objectives of the technological, local; organization; economic and environmental external stakeholders’ contractual the complexity of relationships, relationships and networks and perceptions, values, commitments; dependencies. needs and expectations; Framework Organization’s Internal Context governance, organizational strategy, vision, mission and the organization’s structure, roles objectives and values; culture; and policies; accountabilities; capabilities, standards, understood in property, data, information guidelines and terms of resources processes, systems systems and models adopted by and knowledge and technologies); information flows; the organization; (e.g. capital, time, people, intellectual relationships with internal contractual interdependencies stakeholders, relationships and and taking into account commitments; interconnections. their perceptions and values; Framework Design 1. Understanding the organization and its context 2. Articulating risk Top management and oversight bodies, where applicable, should management demonstrate and articulate their commitment continual commitment to risk 3. Assigning organizational management through a policy, a roles, authorities, statement or other forms that clearly responsibilities and convey an organization’s objectives accountabilities and commitment to risk management. 4. Allocating resources Framework The commitment should include, but is not limited to: the organization’s reinforcing the leading the purpose for need to integrate integration of risk authorities, managing risk and risk management management into responsibilities and links to its into the overall core business accountabilities; objectives and culture of the activities and other policies; organization; decision-making; measurement and making the the way in which reporting within the necessary conflicting review and organization’s resources objectives are dealt improvement performance available; with; indicators; Framework Top manag where appl ement and oversight b odies, icable, sho uld ensure Design the authori ties, respon that sibilities an accountabi d 1. Understanding the lities for re levant role respect to s with organization and its assigned a risk manag ement are context levels of th nd c o m m u nicated at all e organizat 2. Articulating risk ion, and sh ould: management commitment emphasize that risk management 3. Assigning organizational is a core responsibility; roles, authorities, responsibilities and identify individuals who have the accountability and authority to accountabilities manage risk (risk owners). 4. Allocating resources the Framework people, skills, organization’s processes, experience and methods and Design competence; tools to be used 1. Understanding the for managing organization and its risk; context documented information and knowledge 2. Articulating risk processes and management management procedures; systems; commitment 3. Assigning organizational professional roles, authorities, development responsibilities and and training accountabilities needs 4. Allocating resources Framework Design 1. Understanding the organization and its context 2. Articulating risk The organization should management establish an approved commitment approach to 3. Assigning organizational communication and roles, authorities, consultation in order to responsibilities and support the framework and accountabilities facilitate the effective 4. Allocating resources application of risk Framework Implementation The organization should implement the risk management framework by: developing an appropriate plan including time and resources; identifying where, when and how different types of decisions are made across the organization, and by whom; modifying the applicable decision-making processes where necessary; ensuring that the organization’s arrangements for managing risk are clearly understood and practised. Framework Evaluation In order to evaluate the effectiveness of the risk management framework, the organization should: periodically measure risk management framework performance against its purpose, implementation plans, indicators and expected behaviour; determine whether it remains suitable to support achieving the objectives of the organization. Framework Improvement 1. Adapting The organization should continually monitor and adapt the risk management framework to address external and internal changes. In doing so, the organization can improve its value. 2. Continually improving The organization should continually improve the suitability, adequacy and effectiveness of the risk management framework and the way the risk management process is integrated. Framework of Risk Management Review The effectiveness of risk management will depend on its integration into the governance of the organization and support from stakeholders, particularly top management. Framework development encompasses the components illustrated, which should be customized to the needs of the organization. The organization should evaluate its existing risk Figure 3 — Framework management practices and processes, evaluate any gaps and address those gaps within the framework. References ISO 31000:2018 Risk management — Guidelines. International Organization for Standardization, Switzerland. Retrieved from https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en https://www.microtool.de/en/knowledge-base/what-does-vuca-me an/ www.youtube.com