1.2 Framework of Risk Management.pdf

Full Transcript

Fundamentals of Risk
Management
Based on ISO 31000:2018 Risk Management
Guidelines

Ms. Kathrine Camille Nagal, MBA
Facilitator
Figure 1.
Principles, framework and
Process of Risk Management
 Framework
The purpose of the risk management
framework is to assist the organization in
integrating risk management into significant
activities and functions.

Its effectiveness will depend on its
integration into the governance of the
organization, including decision-making and
requires support from all stakeholders,
especially top management.
Figure 3 — Framework
 Framework
Leadership and customizing and implementing all components of
the framework;
commitment
Top management and oversight issuing a statement or policy that establishes a risk
bodies, where applicable, should management approach, plan or course of action;
ensure that risk management is
ensuring that the necessary resources are allocated
integrated into all organizational to managing risk;
activities and should demonstrate
leadership and commitment by: assigning authority, responsibility and accountability
at appropriate levels within the organization
 Framework
Through demonstrating leadership and commitment, the organization can…

establish the amount and type
align risk management recognize and address all of risk that may or may not be
taken to guide the development
with its objectives, obligations, as well as its of risk criteria, ensuring that
strategy and culture; voluntary commitments; they are communicated to the
organization and its stakeholders;

ensure that the risk
communicate the value
management framework
of risk management to promote systematic
remains appropriate to
the organization and its monitoring of risks;
the context of the
stakeholders;
organization.
 Framework
Top management is accountable for managing risk while oversight bodies are
accountable for overseeing risk management. Oversight bodies are often
expected or required to:
ensure that risks are
understand the risks ensure that systems to
adequately considered
facing the organization manage such risks are
when setting the
in pursuit of its implemented and
organization’s
objectives; operating effectively;
objectives;

ensure that such risks
ensure that information
are appropriate in the
about such risks and
context of the
their management is
organization’s
properly communicated.
objectives;
 Framework
Integration
Integrating risk management relies on an
understanding of organizational structures and
context.
Structures differ depending on the
organization’s purpose, goals and complexity.
Risk is managed in every part of the
organization’s structure. Everyone in an
organization has responsibility for managing
risk.
 Framework
Design
1. Understanding the organization
and its context
2. Articulating risk management
commitment
3. Assigning organizational roles,
authorities, responsibilities and When designing the framework
accountabilities for managing risk, the
4. Allocating resources organization should examine and
5. Establishing communication understand its external and
and consultation internal context
 Framework
Organization’s External Context
the social, cultural,
political, legal, factors, whether key drivers and trends
regulatory, financial, international, national, affecting the objectives
technological, economic regional or local; of the organization;
and environmental

external stakeholders’
the complexity of
relationships, contractual relationships
networks and
perceptions, values, and commitments;
dependencies.
needs and expectations;
 Framework
Organization’s Internal Context
governance,
vision, mission and organizational strategy, objectives and the organization’s
values; structure, roles and policies; culture;
accountabilities;

capabilities, understood
standards, guidelines in terms of resources property, processes, data, information
and models adopted by and knowledge (e.g. systems and systems and
the organization; capital, time, people, technologies); information flows;
intellectual

relationships with
internal stakeholders, contractual
interdependencies and
taking into account relationships and
interconnections.
their perceptions and commitments;
values;
 Framework
Design
1. Understanding the organization
and its context
2. Articulating risk management
Top management and oversight bodies,
commitment
where applicable, should demonstrate
3. Assigning organizational roles, and articulate their continual
authorities, responsibilities and commitment to risk management
accountabilities through a policy, a statement or other
4. Allocating resources forms that clearly convey an
5. Establishing communication organization’s objectives and
and consultation commitment to risk management.
 Framework
The commitment should include, but is not limited to:
the organization’s reinforcing the need to
leading the integration
purpose for managing integrate risk authorities,
of risk management into
risk and links to its management into the responsibilities and
core business activities
objectives and other overall culture of the accountabilities;
and decision-making;
policies; organization;

measurement and
the way in which
making the necessary reporting within the review and
conflicting objectives
resources available; organization’s improvement
are dealt with;
performance indicators;
 Framework Top managem
where applica
ent and overs
ight bodies,
b le , s h o u ld e n
Design a u th o r i ti e s , r sure that the
e s p o n s i b i l i ti e
accountabilit s and
1. Understanding the organization ies for relevan
respect to ris t roles with
and its context k managemen
and commun t are assigned
icated at all le
2. Articulating risk management organization, vels of the
commitment a n d sh o u ld :
3. Assigning organizational roles,
authorities, responsibilities and emphasize that risk management is a core
accountabilities responsibility;

4. Allocating resources
identify individuals who have the
5. Establishing communication accountability and authority to manage risk
and consultation (risk owners).
 Framework people, skills,
the organization’s
processes, methods
Design experience and
competence;
and tools to be used
1. Understanding the organization for managing risk;
and its context
2. Articulating risk management information and
documented
knowledge
commitment processes and
management
3. Assigning organizational roles, procedures;
systems;
authorities, responsibilities and
accountabilities
4. Allocating resources professional
development and
5. Establishing communication training needs
and consultation
 Framework
Design
1. Understanding the organization
and its context
2. Articulating risk management
commitment The organization should establish
3. Assigning organizational roles, an approved approach to
authorities, responsibilities and communication and consultation
accountabilities in order to support the framework
4. Allocating resources and facilitate the effective
5. Establishing communication application of risk management.
and consultation
 Framework
Implementation
The organization should implement the risk management framework by:

developing an appropriate plan including time and resources;

identifying where, when and how different types of decisions are made across the organization,
and by whom;

modifying the applicable decision-making processes where necessary;

ensuring that the organization’s arrangements for managing risk are clearly understood and
practised.
 Framework
Evaluation
In order to evaluate the effectiveness of the risk
management framework, the organization should:

periodically measure risk management framework
performance against its purpose, implementation plans,
indicators and expected behaviour;

determine whether it remains suitable to support achieving
the objectives of the organization.
 Framework
Improvement
1. Adapting
The organization should continually monitor and adapt the risk
management framework to address external and internal changes.
In doing so, the organization can improve its value.
2. Continually improving
The organization should continually improve the suitability,
adequacy and effectiveness of the risk management framework and
the way the risk management process is integrated.
 Framework of Risk
Management
Review
The effectiveness of risk management will depend on its
integration into the governance of the organization and
support from stakeholders, particularly top management.
Framework development encompasses the components
illustrated, which should be customized to the needs of the
organization.
The organization should evaluate its existing risk
management practices and processes, evaluate any gaps
and address those gaps within the framework.
Figure 3 — Framework
References
ISO 31000:2018 Risk management — Guidelines. International Organization for
Standardization, Switzerland. Retrieved from
https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en
https://www.microtool.de/en/knowledge-base/what-does-vuca-mean/
www.youtube.com