ISO 31000
-
Upload
kaszief-kaslan -
Category
Documents
-
view
159 -
download
6
Transcript of ISO 31000
ISO 31000: The challenges of implementing a new approach
Professor Martin Loosemore FRICS, FCIOB
WHY ARE WE HERE?
High risk (and opportunity) environment - large, high-value, innovative projects with long risk exposure.
Surge in risk-related legislation.
Pre-qualification requiring a demonstrable capability in risk management.
Corporate responsibility and citizenship evolving fast.
Rapid growth (skills shortages and capacity problems).
Customer base changing.
Penalties for non-compliance becoming increasingly severe.
Risk and opportunity management is our core business
Working overseas (culture, pressures, everything is new)
Protect and enhance our reputation
COMPETITIVE ADVANTAGE
57% Regularly declined tenders due to a lack of confidence in managing high risks OR added too largecontingency and lost the job as a result.
59% Companies did not review risks on a regular basis.
38% Directors were not confident in their risk management systems.
22 COMMON PROBLEMS
1. COMPLIANCE RATHER THAN BEST PRACTICE.
CSA 1997 BS6079-3 (2000) IRGC 2004 COSO (2004) AS/NZS4360 (2004) ISO 31000 (2008)
1. Initiation
2. Preliminary
analysis
3. Estimation
4. Evaluation
5. Control
6. Action/monitor
7. Communicate
1. Context
2. Identification
3. Analysis
4. Evaluation
5. Treatment
6. Communicate
7. Review/update
1. Pre-assessment
2. Appraisal
3. Tolerability and
acceptability
judgement
4. Risk management
5. Communicate
1. Environment
2. Objectives
3. Identification
4. Assessment
5. Response
6. Control
7. Communicate
8. Monitoring
1. Context
2. Identification
3. Analysis
4. Evaluation
5. Treatment
6. Communicate/
consult
7. Monitor/review
1. Mandate/
commitment
2. Context
3. Identification
4. Analysis
5. Evaluation
6. Treatment
7. Communicate/
8. consult
9. Monitor/review
Key: CSA – Canadian Standards Association; IRGC – International Risk Governance Council; COSO – Committee of Sponsoring Organizations; ISO – International Standards Organisation; AS/NZ – Standards Australia and Standards New Zealand; BS – British Standards
2. HUNGER FOR PROFIT WITHOUT A RISK APPETITE.
3. FROM THE BOTTOM RATHER THAN THE TOP.
4. CRISIS MANAGEMENT RATHER THAN RISK MANAGEMENT.
22 COMMON PROBLEMS
5. RISK TRANSFER RATHER THAN RISK MANAGEMENT.
6. SELFISH RATHER THAN COOPERATIVE.
7. INCESTUOUS RATHER THAN CONSULTATIVE.
8. NEGATIVE RATHER THAN POSITIVE.
22 COMMON PROBLEMS
Likelihood
Consequence
Insignificant Minor Moderate Major Catastrophic
Almost certain L M H H E
Very likely L M M H E
Likely L L M H E
Unlikely L L M H H
Rare L L M H H
E = Extreme, H = High, M = Medium, L = Low
22 COMMON PROBLEMS
10. UNSYSTEMATIC RATHER THAN CONSISTENT.
9. PROJECT-BASED RATHER THAN PORTFOLIO-BASED.
11. SILO MENTALITY.
12. BUCK-PASSING RATHER THAN TAKE RESPONSIBILITY.
22 COMMON PROBLEMS
13. COMPLEX RATHER THAN SIMPLE.
14. CENTRALISED RATHER THAN DECENTRALISED.
15. PERIODIC RATHER THAN CONTINUOUS.
16. COMMERCIAL RISKS RATHER THAN OPERATIONAL RISKS.
22 COMMON PROBLEMS
17. QUANTITATIVE RATHER THAN QUALITATIVE.
18. ANALYSIS RATHER THAN IDENTIFICATION.
19. PERIPHERAL RATHER THAN CORE ACTIVITY.
20. ONE DIMENSIONAL RATHER THAN 3 D.
22 COMMON PROBLEMS
21. PAPER-BASED RATHER THAN MULTIMEDIA.
22. TECHNOLOGY RATHER THAN PEOPLE.
22 COMMON PROBLEMS
Awareness
Confidence Image
Processes
Application Skills
CultureResources
RMMT - www.synergymcg.com
RISK MANAGEMENT MATURITY
Ris
k m
anag
emen
t mat
urity
Time
Hardwarephase
Systemsphase
Peoplephase
Ignorancephase
RISK MANAGEMENT MATURITY
Corporate socialresponsibility
STEP ONE
UNDERSTAND WHY YOU WANTA NEW APPROACH
FOR MULTIPLEX?
Very big risky projects – one problem can wipe out margins or company.
New legislation was requiring it
Pre-qualification requiring a demonstrable capability in risk management.
Rapid growth was stretching existing systems.
Customers becoming more risk averse.
Risk and opportunity was seen as essential to protect and enhance reputation.
End of supply chain and being passed a lot of risk.
STEP TWO
UNDERSTAND YOUR PHILOSOPHY AND MATURITY
Breaking down barriers
FOR MULTIPLEX: A NEW WAY TO MANAGE RISK
Risk portfolios
Benefits of risk/opportunity management
Cost of risk/opportunity management
Pro-activity
Project life cycle
Risk seen as an asset
Meaningful consultation
Taking responsibility
A NEW WAY TO MANAGE RISK
Simple
RISK MANAGEMENT MATURITY AUDIT
Awareness
Confidence Image
Processes
Application Skills
CultureResources 32 44 23 1
1
3
2
4
4
2
3
1
43
21
12
34
1
43
21
12
34
STEP THREE
DEVELOP THE SYSTEM
FOCUS GROUPS WITH KEY STAKEHOLDERS.
DOCUMENT THE SYSTEM
PILOT THE SYSTEM, COLLECT FEEDBACK AND REFINE IT.
Development and implementation process
THE END RESULT
www.risk-opportunity.com
Companies using multimedia to manage risks include
STEP FOUR
IMPLEMENT THE SYSTEM
Lessons
Easy to change behaviour but difficult to keep it changed!
Need to educate your employees, clients and business partners about their role in the process
Risk Manager
External specialist consultants.
Information manager
(Collection, storage,
maintenance and dissemination of
risk-related information.)
Intranet Manager(Maintain MFM’s
web site.)
Risk analysts.(Assistance in statistical risk
analysis –using MRI, Pinnacle,
@Risk, Cougar and RCM
Turbo)
Technical advisers.(Advice on contractual,
legal, insurance,
safety, environmental matters etc.)
Human Resources(Selection,
training, appraisal, rewards
etc)
Effective support is crucial
Lessons
People find the concept of risk difficult to understand – many need help
Be patient – its takes more time than you think (5% rule!)
Expect resistance – from strange places
Lessons
Manage the risks of risk management!
Lessons
Senior management leadership and commitment is crucial
Expect knock-on effects