ISO Flashcards
1
Q
What is the ISO risk management standard?
A
31000:2018 (updated from 2009)
2
Q
What does 31000:2018 distinguish between?
A
Framework, principles and process
3
Q
What is the ISO 31000:2018 perspective?
A
Conceptual
4
Q
What does 31000:2018 ensure? (6)
A
- supports achievement of strategic objectives
- consistent with risk preferences of stakeholders
- mitigate damaging risks
- take positive risks
- add value
- sees risk as a threat and opportunity
5
Q
List 31000:2018 framework (5)
A
- improvement
- integration
- design
- implementation
- evaluation
6
Q
List 31000:2018 principles
A
- continual improvement
- integrated
- structured and comprehensive
- customised
- inclusive
- dynamic
- best available information
- human and cultural factors
7
Q
Outline 31000:2018 process:
A
- Risk assessment (identification, analysis and evaluation)
- Risk treatment (control)
- scope, context and criteria
- monitoring and review
- communication and consultation
- recording and reporting
8
Q
What topics does 31000:2018 cover?
A
- definitions of key terms
- managing both opportunities and threats
- basic principles
- how to design, implement, review and improve
- key components of process
9
Q
What is the ERM Framework?
A
COSO 2017 Enterprise Risk Management Framework (original 2004)
10
Q
What are the five inter-related components of COSO ERM Framework (2017)?
A
- governance and culture
- strategy and objective setting
- performance
- review and revision
- information, communication and reporting
11
Q
What are the 3 objectives in COSO 2017 relating to the “review and revision” component
A
- identify and assess substantial internal and external changes that may affect strategy or achievement of objectives
- org should evaluate performance and achievement of objectives in light of chosen strategy and risk response
- org should evaluate continue appropriateness of risk management arrangements and revise them accordingly
