Unit 2 - ISO 31000: 2018 Flashcards
What does ISO stand for?
International Standards Organisation
What does Annex SL describe?
Seven substantive components of a mgmt system standard
What does ISO 31000 provide detailed guidelines on?
PIML - Plan, Implement, Measure and Learn
What does ISO 31000 provide less explicit info on?
The context, leadership and support features required of a mgmt system standard
What is a mgmt system?
Framework of policies, processes and procedures employed by an org to ensure it can fulfil tasks required to achieve its purpose and objectives
What are the Scope and Design components of mgmt systems?
- Context
- Support
- Leadership
What are the Control and Develop components of mgmt systems?
PIML:-
- Plan
- Implement
- Measure
- Learn
(Also known as Plan, Do, Check, Act)
What do we mean by “Context” within mgmt systems?
Organisation, stakeholder expectations and scope of the mgmt system.
More specifically for risk management…
- To define internal and external parameters that organisations must consider when managing risk.
The purpose is to customise the risk mgmt process, enabling effective risk assessment and appropriate risk treatment.
What do we mean by “Support” within mgmt systems?
Resources, competence, awareness, communication and documentation
What do we mean by “Leadership” within mgmt systems?
Commitment, policy and organisational roles and responsibilities
What do we mean by “Plan” within mgmt systems?
Mgmt system objectives and planning to achieve them
What do we mean by “Implement” within mgmt systems?
Operational planning, implementation and control
What do we mean by “Measure” within mgmt systems?
Monitoring, measurement, analysis, evaluation, audit and review
What do we mean by “Learn” within mgmt systems?
Non-conformity, corrective action and continual improvement
What do formal mgmt systems have?
Defined, documented procedures intended to implicitly manage processes.
Auditable stds developed for each activity or process
What do informal mgmt systems have?
Implicit and may incl roles and responsibilities, audits and mgmt of change
Due to ‘disruption’, what does the World Economic Forum (WEF) say doesn’t work any more?
Ideas of incremental progress, continuous improvement and process optimisation
What is meant by ‘disruption ‘?
The current competitive landscape
What 4 areas for improvement come from proactive approach to risk
- Strategy - risks fully analysed, better strategic decisions
- Tactics - consideration of risk in the selection of tactics
- Operations - ID of events that can cause disruption, taking action to reduce
- Compliance - enhanced due to recognition of risks associated with failure to comply
What six areas of risk do most organisations need to manage?
- Variable cost or availability of raw materials
- Cost of retirement / pension / social benefits
- Increasing importance of intellectual Property (IP)
- Greater supply chain and joint venture dependency and complexity
- Reputation becoming more important and more vulnerable
- Regulatory pressures and legislative requirements increasing
What info on risk mgmt do Boards expect to see?
- Governance and Culture
- Strategy and Objective setting
- Performance
- Information
- Communications and Reporting
- Review and Revision of practices to enhance org performance
What is a danger of implementing ISO 31000?
That output forms a stream of mgmt info separate from other info reqd to successfully run the org
What is the definition of ‘Risk’?
The effect of uncertainty on objectives.
Usually expressed in terms of risk sources, potential events, their consequences and their likelihood
What does ISO 31000 consist of?
- Risk Mgmt Principles
- Risk Mgmt Framework
- Risk Mgmt Process