risks that would affect performance and enable them to put in place the actions needed to minimize disruption and maximize opportunity. 5. Improving resource deployment: Every risk could be considered a request for resources. Obtaining robust information on risk allows management, in the face of finite resources, to assess overall resource needs, prioritize resource deployment and enhance resource allocation. 6. Enhancing enterprise resilience: An entity’s medium- and long-term viability depends on its ability to anticipate and respond to change, not only to survive but also to evolve and thrive. This is, in part, enabled by effective enterprise risk management. It becomes increasingly important as the pace of change accelerates and business complexity increases. 12
The Risk Architecture
17 Risk Architecture comprises three elements: ISO 31000:2009
18 Risk Architecture: ISO 31000:2018 (Revised version) In 2018, the ISO standard was revised. Students may quote either slide 18 or 17. Changes are: ● 11 RM Principles simplified to 8 ● RM Framework now specifically mentions integration(to show more strongly that integration depends closely on the framework) ● RM Process remains unchanged
Functions of the Risk Architecture elements The principles provide the foundation and describe the qualities of effective risk management in an organisation The framework provides the organisational arrangements to support risk management effectively. It demonstrates management’s intent. The process describes the steps that are performed to identify, analyse, evaluate and treat risks. 19 1 2 3
Risk Principles give guidance on how the risk framework and the risk process should be structured and operate. They are a set of concepts that: • describe the rationale for managing risk effectively (i.e. guide the “why”) • describe the necessary characteristics of effective risk management that can be used to diagnose and assess the quality of risk management in an organisation (i.e. guide the “what”) 21 The role of Risk Principles in the Risk Architecture Reading: SA/SNZ HB 436:2013 (Handbook to ISO 31000:2009) Section 3, pages 18-23
22 • creates and protects value* • is an integral part of all organisational processes • is part of decision making • explicitly addresses uncertainty • is systematic, structured and timely • is based on the best available information • is tailored to the organisation • takes human and cultural factors into account • is transparent and inclusive • is dynamic, iterative and responsive to change • facilitates continual improvement of the organisation The risk management principles as per AS/NZS ISO 31000:2009 Risk management: *Remember value is for all stakeholders and not just shareholders
Risk Management Framework
Causes of ineffective risk management Ineffective risk management inevitably can be linked to the following deficiencies: • Unclear or contradictory expectations from ‘the top’.
You've reached the end of your free preview.
Want to read all 49 pages?
- Three '16
- risk principles