Presentation on theme: "International Risk Management Standard AS/NZS ISO 31000"— Presentation transcript:
1 International Risk Management Standard AS/NZS ISO 31000 Peter BrassGeneral ManagerRisk Management & AuditPIRSA
2 Abstract of ISO 31000:2009 (Source: ISO Website on ISO 31000 – 16 June 2009) • Provides principles and guidelines on risk management. It is generic and not developed for any specific industry or sector but risk “per se”.• Can be applied throughout the life of an organisation, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.• Can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.• Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organisations. The design and implementation of risk management plans and frameworks will need to take into account an organisation’s particular objectives, context, structure and operations. Risk management should continue to develop organically.• ISO 31000:2009 is not intended for the purpose of certification.
3 RISK = effect of uncertainty on objectives NOTE 1 An effect may be positive, negative, or a deviation from the expected.NOTE 2 An objective may be financial, related to health and safety, or defined in other terms.NOTE 3 Risk is often described by an event, a change in circumstances, a consequence, or a combination of these and how they may affect the achievement of objectives.NOTE 4 Risk can be expressed in terms of a combination of the consequences of an event or a change in circumstances, and their likelihood.NOTE 5 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.
4 Risk Management & Managing Risks In the Standard, the expressions “risk management” and“managing risk” are both used.In general terms, “risk management” refers to thearchitecture (principles, framework and process) formanaging risks effectively, and “managing risk” refers toapplying that architecture to particular risks.
5 Three Main Clauses to note 6 – No change4 – Culture – now 11 broad principles, some overlap, too many No.1 Creates value – expands to include sustainable value.5 – Framework now more detailed.Annexure A – Comprehensive guide on how to use RM tools for identification etc.That’s it. Clearly, does not change much for users of It’s the rest of the world that has the most to do. The rest of the world has come to us.
6 Principles for managing risk (Clause 3) Creates valueIntegral part of organisational processesPart of decision makingExplicitly addresses uncertaintySystematic, structured & timelyBased on best available informationTailoredTakes human & cultural factors into accountTransparent & inclusiveDynamic, iterative & responsive to changeFacilitates continual improvement & enhancement of the organisationCommon Business Management principles that many of you will be familiar with from quality and other programsAS 4360 – Implicit tosome extent
7 AS 4360 – Covered partially in Section 4 “Establishing effective Framework for managing risk (Clause 4)Mandate &commitmentDesign of frameworkFor managing riskContinualimprovementof the frameworkImplementingriskmanagementMonitoring & reviewof the frameworkPlan Do Check ActAS 4360 – Covered partially inSection 4 “Establishing effectiverisk management”
8 Process for managing risk (Clause 5) Establishing the ContextRisk AssessmentIdentify RisksCommunication & ConsultationAnalysis of RisksMonitoring & ReviewEvaluation of RisksTreatment of RisksAS 4360 – Fully covered inSection 3 “Risk ManagementProcess”
9 Comparison AS/NZS 4360 & ISO 31000:2009 ElementsAS/NZS 4360:2004ISO 31000:2009ApplicationUniversal across all organisations - Australasia but also widely accepted internationallyUniversal across all organisations - InternationalContext for Risk ManagementAn organisation’s objectivesPrinciples for managing RiskIncluded as part of risk management culture although mainly implicit.Clause 3 and explicit – common business management principlesFramework for managing riskCovered in detailClause 4 of standard. Expands on 4360Risk Management ProcessCore of the standardClause 5 of standardAttributes of enhanced risk managementNot coveredAnnex in Informative only.Guide to establishing and implementing effective risk management program and application of risk management processCovered in detail in HB 436:2004
10 ISO 31000 Definitions (ISO/IEC Guide 73) AS/NZS 4360:2004 DefinitionsISO Definitions (ISO/IEC Guide 73)RiskChance of something happening that will impact on objectivesEffect of uncertainty on objectivesRisk ManagementCulture, processes and structures that are directed towards realizing potential opportunities whilst managing adverse effectsCoordinated activities to direct and control an organisation with regard to riskRisk Management FrameworkSet of elements of an organisation’s management system concerned with managing riskSet of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisationRisk Management PolicyNot definedStatement of the overall intentions and direction of an organisation related to risk managementRisk Management PlanScheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of riskRisk Management ProcessReplaces AS/NZS 4360 – withdrawnParamount Standard – ISO 9000, 14000
11 What this means to us.If you have followed 4360 – impact of is minimalIncreased status of as international paramount standard – referred explicitly in GOSA Risk Management PolicyIf no organisational Risk Management Policy, it is now required.Timeframe – No deadline. However, should update references and other requirements as part of next risk management program review.
12 SAICORP Benchmarking Program Self-assessment used to participate in this program will help to review existing risk management programSelf-assessment will also helped to identify any amendments required as the tool used has been aligned with andClause 3 PrinciplesClause 4 Framework &Clause 5 ProcessDocuments are available from Treasury website atFurther information from Darryl Bruhn at or
13 Information SessionsToday’s presentations are available from the Treasury website atA schedule of information sessions on the new GOSA Risk Management Policy & ISO has been developed.First session is scheduled for Thursday 11th March at the Hetzel Lecture Theatre at the State Library of SA. (9.30am to 11.00am)Also Wednesday 14th April at same time and venueRegistration for these sessions toFurther information Darryl Bruhn at or
14 QUESTIONS ??Thank you for your attention. I think we have a few minutes so can take some questions.