1.2 Framework of Risk Management.pptx

Full Transcript

Fundamentals of
Risk Management
Based on ISO 31000:2018 Risk Management
Guidelines

Ms. Kathrine Camille Nagal,
MBA
Facilitator
 Framework
Integration
UNDERSTANDING = CUSTOMIZATION AND
ADAPTABILITY
Integrating risk management
relies on an understanding of
organizational structures and
context.
Structures differ depending on the
organization’s purpose, goals and
complexity.
Risk is managed in every part of the
organization’s structure. Everyone
 Framework
Design
1. Understanding the
organization and its
context
2. Articulating risk
management
commitment When designing the
3. Assigning organizational framework for managing
roles, authorities, risk, the organization
responsibilities and
should examine and
accountabilities
understand its external
4. Allocating resources
and internal context
 Framework
Organization’s External Context
the social, cultural,
political, legal,
factors, whether key drivers and
regulatory,
international, trends affecting the
financial,
national, regional or objectives of the
technological,
local; organization;
economic and
environmental
external
stakeholders’
contractual the complexity of
relationships,
relationships and networks and
perceptions, values,
commitments; dependencies.
needs and
expectations;
 Framework
Organization’s Internal Context
governance,
organizational strategy,
vision, mission and the organization’s
structure, roles objectives and
values; culture;
and policies;
accountabilities;

capabilities,
standards, understood in
property, data, information
guidelines and terms of resources
processes, systems systems and
models adopted by and knowledge
and technologies); information flows;
the organization; (e.g. capital, time,
people, intellectual
relationships with
internal
contractual interdependencies
stakeholders,
relationships and and
taking into account
commitments; interconnections.
their perceptions
and values;
 Framework
Design
1. Understanding the
organization and its
context
2. Articulating risk Top management and oversight
bodies, where applicable, should
management
demonstrate and articulate their
commitment
continual commitment to risk
3. Assigning organizational
management through a policy, a
roles, authorities,
statement or other forms that clearly
responsibilities and
convey an organization’s objectives
accountabilities
and commitment to risk management.
4. Allocating resources
 Framework
The commitment should include, but is not limited to:
the organization’s reinforcing the leading the
purpose for need to integrate integration of risk
authorities,
managing risk and risk management management into
responsibilities and
links to its into the overall core business
accountabilities;
objectives and culture of the activities and
other policies; organization; decision-making;

measurement and
making the the way in which
reporting within the
necessary conflicting review and
organization’s
resources objectives are dealt improvement
performance
available; with;
indicators;
 Framework Top manag
where appl
ement and
oversight b
odies,
icable, sho
uld ensure
Design the authori
ties, respon that
sibilities an
accountabi d
1. Understanding the lities for re
levant role
respect to s with
organization and its assigned a
risk manag
ement are
context levels of th
nd c o m m u
nicated at
all
e organizat
2. Articulating risk ion, and sh
ould:
management
commitment emphasize that risk management
3. Assigning organizational is a core responsibility;
roles, authorities,
responsibilities and identify individuals who have the
accountability and authority to
accountabilities manage risk (risk owners).
4. Allocating resources
 the
Framework people, skills,
organization’s
processes,
experience and methods and
Design competence; tools to be used
1. Understanding the for managing
organization and its risk;
context documented
information and
knowledge
2. Articulating risk processes and
management
management procedures;
systems;
commitment
3. Assigning organizational professional
roles, authorities, development
responsibilities and and training
accountabilities needs
4. Allocating resources
 Framework
Design
1. Understanding the
organization and its
context
2. Articulating risk The organization should
management establish an approved
commitment approach to
3. Assigning organizational communication and
roles, authorities, consultation in order to
responsibilities and support the framework and
accountabilities
facilitate the effective
4. Allocating resources
application of risk
 Framework
Implementation
The organization should implement the risk management framework
by:

developing an appropriate plan including time and resources;

identifying where, when and how different types of decisions are made across
the organization, and by whom;

modifying the applicable decision-making processes where necessary;

ensuring that the organization’s arrangements for managing risk are clearly
understood and practised.
 Framework
Evaluation
In order to evaluate the effectiveness of the risk
management framework, the organization should:

periodically measure risk management
framework performance against its purpose,
implementation plans, indicators and expected
behaviour;

determine whether it remains suitable to support
achieving the objectives of the organization.
 Framework
Improvement
1. Adapting
The organization should continually monitor and adapt
the risk management framework to address external and
internal changes. In doing so, the organization can improve
its value.
2. Continually improving
The organization should continually improve the
suitability, adequacy and effectiveness of the risk
management framework and the way the risk
management process is integrated.
 Framework of Risk
Management
Review
The effectiveness of risk management will
depend on its integration into the governance of the
organization and support from stakeholders,
particularly top management.
Framework development encompasses the
components illustrated, which should be customized
to the needs of the organization.
The organization should evaluate its existing risk
Figure 3 — Framework management practices and processes, evaluate any
gaps and address those gaps within the framework.
References
ISO 31000:2018 Risk management — Guidelines. International
Organization for Standardization, Switzerland. Retrieved from
https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en
https://www.microtool.de/en/knowledge-base/what-does-vuca-me
an/
www.youtube.com