当前位置:首页 >> >>

risk


? ISO Focus, www.iso.org/isofocus

Main Focus
Future ISO 31000 standard on risk management
by Kevin W. Knight AM*, Chair, ISO working group on Risk Management

S

Tackling hazards

ome would suggest that the global financial crisis was caused by a failure of risk management rather than the failure of boards and top management to effectively manage risk. The future ISO 31000, Risk management – Principles and guidelines, is expected to help industry and commerce, public and private, to confidently emerge from the crisis. This much-awaited International Standard is expected to be published in the third quarter of 2009. Without risk, there is no reward or progress. Unless risk is managed effectively, organizations cannot maximize opportunities and minimize threats. Risk is all about uncertainty, or more importantly, the effect of uncertainty on the achievement of objectives. This is where ISO 31000 is clearly different from existing guidelines in that the emphasis is shifted from something happening – the event – to the effect on objectives. Every organization has objectives to achieve, and in order to achieve them, any uncertainty that could interfere with their realization must be effectively managed.

Applicable and adaptable to all
ISO 31000 sets out principles, a framework, and a process for the management of all forms of risk, including safety and environment, in all organizations, regardless of size. It does not mandate a one-size-fits-all approach, but emphasizes tailoring the principles and guidelines to the specific needs and structure of the organization. Following a list of terms and definitions, the standard sets out 11 princi* Member of the General Division of the Order of Australia (AM). ISO Focus June 2009

7

? ISO Focus, www.iso.org/isofocus

Main Focus
not be an add-on, or a separate activity divorced from the mainstream management of the business.

A strategic process
The risk management process contained in ISO 31000 follows the well worn lead set by the Australian and New Zealand Standard AS/NZS 4360, which consists of :

?
ples to be addressed in order to effectively manage risks and achieve objectives. The principles need to be reviewed by the board and top management so they may reflect the organization’s policy. The next section looks at the framework needed to provide the foundations and arrangements that will embed the management of risk at all levels of the organization. It calls for risk management components to be adapted into the existing management system in order to ensure ownership of the policy and process by management and staff.

Communication and consultation Establishing the context Risk assessment consisting of the three steps of identification, analysis and evaluation Risk treatment Monitoring and review.

Commitment of top management
The overarching component of the framework is the mandate and commitment of the organization’s board and top management to the implementation, review and continual improvement of how risk is managed. The end goal : to ensure risk is fully focused on the achievement of objectives. This focus on objectives is imperative if enterprise risk management (ERM) is to be achieved by a common language and process throughout the organization.

? ?

? ?

The process set out needs to become an integral part of how business is managed at all levels. It must be tailored to the business processes and woven into the culture and practices of the organization that make it uniquely different from its competitors. All activities should be traceable by way of records that provide the foundation for improvement in methods and tools, as well as in the overall process. Finally, an informative annex sets out the attributes of enhanced risk management for those organizations that have been working on managing their risks for some time and may wish to strive for a higher level of achievement.

About the author
Kevin W. Knight AM* is Chair of the ISO working group developing the new ISO 31000 risk management standard and the revision of ISO/IEC Guide 73 (risk management vocabulary), and a founding member of the Standards Australia/ Standards New Zealand Joint Technical Committee OB/7– Risk management. He is well known through his very active work in the development of risk management standards and has been active in furthering the risk management profession and the professional development of its practitioners, both worldwide and throughout the Asia-Pacific Region in particular, over the past 25 years. E-mail : kknight@bigpond.net.au
* Member of the General Division of the Order of Australia (AM).

“ Risk needs to become an integral part of how things are managed. ”
The framework calls for a clear understanding of the context in which the organization operates. The risk management policy must clearly state the organization’s commitment to the management of risk. More importantly, the standard requires organizations to identify risk owners to ensure accountability and authority. For example, the standard seeks to differentiate between those who are “ accountable ” for managing risk (those persons with a liability, either corporate or legal, for their decisions or lack of decision) and those who are “ responsible ” for specific tasks (those persons with an obligation to carry out an instruction from a competent authority). The framework also sets out how the management of risk is to be woven into the organizational fabric. Risk needs to become an integral part of how things are managed; it should

Representing the very best
The working group that produced ISO 31000 contained experts from some 28 countries representing all continents (except Antarctica). All meetings of the working group had strong attendance, ranging from 40 to 60 delegates depending on the meeting location, with a significant core group who participated in all meetings. It is precisely because of this core group, ably supported by the other expert delegates and backed up by the national mirror committees, that ensures ISO 31000 represents the very best of contemporary risk management thought.

8

ISO Focus June 2009


相关文章:
Risk and Life
Risk and Life - Risk and Life 写在前面 今天自己读了王尔德的《To Risk》拿过来和大家分享 To Risk To laugh is to risk appea...
Risk-Management风险管理大学毕业论文英文文献翻译及原文
Risk-Management风险管理大学毕业论文英文文献翻译及原文 - 毕业设计(论文) 外文文献翻译 文献、资料中文题目:风险管理 文献、资料英文题目:Risk Manage...
风险管理3.29_Risk_Register
风险管理3.29_Risk_Register - RISK REGISTER Project Title: Date Prepared: Risk ID Risk Statement Pr...
Don't risk ___ the job which so many people want. _...
A 解析 [解析] 本题测试固定搭配。“risk doing sth”的意思是“冒险做某事”。本句的意思是:“不要冒险丢掉这份很多人觊觎的工作。”所以答案为A。最新...
Types of Risk风险类型_图文
Types of Risk风险类型_教育学/心理学_人文社科_专业资料。Types of Risk 风险 类型 Business 商业风险 Pure / Insurable 纯风险/可保险 Normal risks that offer...
Risk Classifications
Risk Classifications - IMPACT ANALYSIS Table A documents the ratings used to evaluate the impact ...
Modelsim仿真risk cpu
Modelsim仿真risk cpu_电子/电路_工程科技_专业资料。modelsim仿真riskcpu verilog语言实现 <集成电路原理与设计基础>实验报告分组信息: 组长 成员 一, 实验内容 CPU...
风险管理术语
风险管理术语 - 风险管理术语 1、风险 风险 risk 事件发生的不确定性。 纯粹风险 pure risk 只有损失机会没有获利可能的风险。 投机风险 speculative risk 既有损...
financial risk
financial risk_财务管理_经管营销_专业资料。Financial risk is the amount of chance that is present with any type of financial investment. Why pe ...
Quality Risk Management
WHO guideline – drug Quality Risk Management WHO 指南--药品质量风险管理(QRM) Assessment of dossiers- inspection state 档案评估—检查方案 It is a ...
更多相关标签: