Fundamentals of Risk Management PDF
Document Details
Uploaded by MatchlessKindness
University of Santo Tomas
Ms. Kathrine Camille Nagal, MBA
Tags
Summary
This presentation outlines the fundamentals of risk management, based on ISO 31000:2018 Guidelines. It covers various aspects, including principles, framework, and processes. The document also discusses the importance of risk management integration within organizational structure and decision-making.
Full Transcript
Fundamentals of Risk Management Based on ISO 31000:2018 Risk Management Guidelines Ms. Kathrine Camille Nagal, MBA Facilitator Figure 1. Principles, framework and Process of Risk Management Framework The purpose of...
Fundamentals of Risk Management Based on ISO 31000:2018 Risk Management Guidelines Ms. Kathrine Camille Nagal, MBA Facilitator Figure 1. Principles, framework and Process of Risk Management Framework The purpose of the risk management framework is to assist the organization in integrating risk management into significant activities and functions. Its effectiveness will depend on its integration into the governance of the organization, including decision-making and requires support from all stakeholders, especially top management. Figure 3 — Framework Framework Leadership and customizing and implementing all components of the framework; commitment Top management and oversight issuing a statement or policy that establishes a risk bodies, where applicable, should management approach, plan or course of action; ensure that risk management is ensuring that the necessary resources are allocated integrated into all organizational to managing risk; activities and should demonstrate leadership and commitment by: assigning authority, responsibility and accountability at appropriate levels within the organization Framework Through demonstrating leadership and commitment, the organization can… establish the amount and type align risk management recognize and address all of risk that may or may not be taken to guide the development with its objectives, obligations, as well as its of risk criteria, ensuring that strategy and culture; voluntary commitments; they are communicated to the organization and its stakeholders; ensure that the risk communicate the value management framework of risk management to promote systematic remains appropriate to the organization and its monitoring of risks; the context of the stakeholders; organization. Framework Top management is accountable for managing risk while oversight bodies are accountable for overseeing risk management. Oversight bodies are often expected or required to: ensure that risks are understand the risks ensure that systems to adequately considered facing the organization manage such risks are when setting the in pursuit of its implemented and organization’s objectives; operating effectively; objectives; ensure that such risks ensure that information are appropriate in the about such risks and context of the their management is organization’s properly communicated. objectives; Framework Integration Integrating risk management relies on an understanding of organizational structures and context. Structures differ depending on the organization’s purpose, goals and complexity. Risk is managed in every part of the organization’s structure. Everyone in an organization has responsibility for managing risk. Framework Design 1. Understanding the organization and its context 2. Articulating risk management commitment 3. Assigning organizational roles, authorities, responsibilities and When designing the framework accountabilities for managing risk, the 4. Allocating resources organization should examine and 5. Establishing communication understand its external and and consultation internal context Framework Organization’s External Context the social, cultural, political, legal, factors, whether key drivers and trends regulatory, financial, international, national, affecting the objectives technological, economic regional or local; of the organization; and environmental external stakeholders’ the complexity of relationships, contractual relationships networks and perceptions, values, and commitments; dependencies. needs and expectations; Framework Organization’s Internal Context governance, vision, mission and organizational strategy, objectives and the organization’s values; structure, roles and policies; culture; accountabilities; capabilities, understood standards, guidelines in terms of resources property, processes, data, information and models adopted by and knowledge (e.g. systems and systems and the organization; capital, time, people, technologies); information flows; intellectual relationships with internal stakeholders, contractual interdependencies and taking into account relationships and interconnections. their perceptions and commitments; values; Framework Design 1. Understanding the organization and its context 2. Articulating risk management Top management and oversight bodies, commitment where applicable, should demonstrate 3. Assigning organizational roles, and articulate their continual authorities, responsibilities and commitment to risk management accountabilities through a policy, a statement or other 4. Allocating resources forms that clearly convey an 5. Establishing communication organization’s objectives and and consultation commitment to risk management. Framework The commitment should include, but is not limited to: the organization’s reinforcing the need to leading the integration purpose for managing integrate risk authorities, of risk management into risk and links to its management into the responsibilities and core business activities objectives and other overall culture of the accountabilities; and decision-making; policies; organization; measurement and the way in which making the necessary reporting within the review and conflicting objectives resources available; organization’s improvement are dealt with; performance indicators; Framework Top managem where applica ent and overs ight bodies, b le , s h o u ld e n Design a u th o r i ti e s , r sure that the e s p o n s i b i l i ti e accountabilit s and 1. Understanding the organization ies for relevan respect to ris t roles with and its context k managemen and commun t are assigned icated at all le 2. Articulating risk management organization, vels of the commitment a n d sh o u ld : 3. Assigning organizational roles, authorities, responsibilities and emphasize that risk management is a core accountabilities responsibility; 4. Allocating resources identify individuals who have the 5. Establishing communication accountability and authority to manage risk and consultation (risk owners). Framework people, skills, the organization’s processes, methods Design experience and competence; and tools to be used 1. Understanding the organization for managing risk; and its context 2. Articulating risk management information and documented knowledge commitment processes and management 3. Assigning organizational roles, procedures; systems; authorities, responsibilities and accountabilities 4. Allocating resources professional development and 5. Establishing communication training needs and consultation Framework Design 1. Understanding the organization and its context 2. Articulating risk management commitment The organization should establish 3. Assigning organizational roles, an approved approach to authorities, responsibilities and communication and consultation accountabilities in order to support the framework 4. Allocating resources and facilitate the effective 5. Establishing communication application of risk management. and consultation Framework Implementation The organization should implement the risk management framework by: developing an appropriate plan including time and resources; identifying where, when and how different types of decisions are made across the organization, and by whom; modifying the applicable decision-making processes where necessary; ensuring that the organization’s arrangements for managing risk are clearly understood and practised. Framework Evaluation In order to evaluate the effectiveness of the risk management framework, the organization should: periodically measure risk management framework performance against its purpose, implementation plans, indicators and expected behaviour; determine whether it remains suitable to support achieving the objectives of the organization. Framework Improvement 1. Adapting The organization should continually monitor and adapt the risk management framework to address external and internal changes. In doing so, the organization can improve its value. 2. Continually improving The organization should continually improve the suitability, adequacy and effectiveness of the risk management framework and the way the risk management process is integrated. Framework of Risk Management Review The effectiveness of risk management will depend on its integration into the governance of the organization and support from stakeholders, particularly top management. Framework development encompasses the components illustrated, which should be customized to the needs of the organization. The organization should evaluate its existing risk management practices and processes, evaluate any gaps and address those gaps within the framework. Figure 3 — Framework References ISO 31000:2018 Risk management — Guidelines. International Organization for Standardization, Switzerland. Retrieved from https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en https://www.microtool.de/en/knowledge-base/what-does-vuca-mean/ www.youtube.com