ISO 31000 RISK MANAGEMENT - Gensuite: EHS Software
eBookInspired by Users.Created for Leaders Like You.ISO 31000 RISK MANAGEMENT:FRAMING A PROCESS FOR MANAGINGRISKS & GUIDING INTERNAL &EXTERNAL AUDIT PROCESSES
Table of Contents3Foreword Presented by Tjeerd Hendel-Blackford:Head of Thought Leadership, Enhesa4Introduction to ISO 31000 Risk Managementand the Gensuite Risk Management Process5Principles of ISO 310006Framework of ISO 310007Process of ISO 310008How to Get Started: ISO 31000 Guidelines Overview9ISO 31000 Guidelines10How Gensuite Can Help: Risk Management andAuditing Solutions11A Case Study: Proven Risk & Auditing ManagementSolutions for Following ISO Standards12Join the Gensuite Subscriber Community
Foreword from Gensuite PartnerBy: Tjeerd Hendel-Blackford, Head of Thought Leadership, EnhesaWe live in an increasingly risk adverse, and risk aware society. The role of corporate riskexecutives and managers has evolved over time to cover all the potential risks a companymay face. Financial, insurance, human rights, (cyber)security have been the ‘traditional’focus of the risk function in most organisations. However, environmental, health and safety(EHS) risks have gradually become incorporated into the wider holistic risk managementprograms.Similarly, over the years we have worked with multinationals around the world, we haveseen the language that is used by EHS professionals change over time. In the past, whenwe spoke to EHS executives their main concern was enforcement and specifically the finesthat they might have to pay for a non-compliance This is still a concern (a risk!), of course.Enhesa conducted a survey in 2017 around the costs of non-compliance and around 74%of the 50 EHS executives we surveyed had incurred an enforcement penalty of some kindin the previous 5 years. A quarter of those had had one just in the previous year.However, the terminology that we now increasingly hear from within organisations hasmoved beyond the costs of (non)compliance this and now focuses on: Business Continuity. Managing EHS to avoid operational shutdowns, lost-time injuriesor fatalities is a critical aspect of keeping business operations running smoothly.However, we see these concerns raised increasingly in an overall operational riskmanagement context. The risk of disruption to supply chains from the enforcedshutdown of a plant or process has many and varied business implications. Corporate Governance. EHS risks are increasingly a part of overall robust andresponsible corporate governance. How you company conducts itself and how it isperceived by the outside world are increasingly vital elements of risk management inour social-media driven world. We have seen studies that indicate that a third of theoverall costs associated with a non-compliance incident are related to lostopportunities – resulting from loss of market share or a damaged reputation Risk Management. Potential damage to the environment or people are inherent andhigh-profile risks that all companies face. Yet, surprisingly, when we talk to riskmanagement associations or professionals, the risks presented by EHS have only quiterecently started being considered as part of a company’s overall risk management –which has historically tended to focus on financial, insurance or cyber and securityrisks. In fact, as well as avoiding risks, proactive EHS risk management can alsoproactively help to make cost-savings, in terms of reduced insurance premiums.So managing EHS as part of an overall risk management system is an imperative tobusiness. It is no longer a silo and an overhead. This is also relevant as it is the intendedaim of ISO 31000 (and the more EHS focused ISO 14001 and ISO 45001) managementsystem to embed the management of risks into the very fabric of an organization’sbusiness strategy.
Introduction to ISO 31000 Risk Managementand the Gensuite Risk Management ProcessRisk management comprises of the processes and procedures designed to promotea healthier, safer, and more environmentally-sound workplace, and compliance withlaws and regulations enforced by agencies. It’s important for several reasons. Businessowners and executives want to run a responsible and safe operation, for the sake oftheir brand’s reputation, their employees’ safety and the operations of theircompanies.ISO 31000 helps accomplish just that. It is a set of standards relating to riskmanagement established by the International Organization of Standardization (ISO).ISO 31000 provides a universally recognized set of principles and guidelines on riskmanagement. Organizations employing risk management processes can use theseguidelines to replace their myriad of existing complex standards and methodologiesto reduce organizational risk.ISO 31000 has three main sections. It starts by listing a set of managementprinciples. Use these principles to guide your organization of your risk managementframework. Then use the framework to guide the management of your riskmanagement process. Together these three sections make up ISO 31000’s guideline,to ultimately help your organization form a risk management program.Risk management programs, like that provided by Gensuite, are critical foundationsin the continued management of risks for environment, health and safety (EHS).Gensuite provides effective and efficient risk management software solutions tomeet ISO 31000’s risk management guidelines and your organizational needs. Withcomprehensive auditing and compliance software application suites to incidentmanagement and training solutions, Gensuite is your one-stop shop for riskmanagement.
Principles of ISO 31000The purpose of risk management is the creation and protection of value. The ISO 31000principles can help organizations improve their risk management and auditing processes.Risk Management establishes and sustains value. To establish and sustain value, riskmanagement must be tied to organizational objectives and then be analyzed .Risk management is an integral part of all organizational processes. Risks impacteveryone within an organization. Make sure to get all levels involved in the riskmanagement process to prevent and manage them better. Doing so will maximizevalue for shareholders and stakeholders.Risk management is part of decision-making. Risk management decision-makinginvolves identifying risks and planning actions to manage, assess and prioritize them.This helps to set specific risk management goals.Risk management explicitly addresses uncertainty. Risk management technologymust be embedded in business processes where decisions are made with uncertainty.Such technology must be intuitive and easy to use to help users makeinformed decisions.Risk management is systematic, structured and timely. To remain consistent with riskmanagement to ensure a safe and sound workplace, you must have a process in placefor managing risks, such as weekly checks, mitigation plans and a plan of action thataddresses risksRisk management is based on the best available information. Industries are movingtowards the continuous monitoring of risks. Risk solutions need to be flexible andallow users to enter risk data in real-time, ensuring that information is always up-to-date.Risk management is tailored. Each company is unique and each risk managementsolution should be too. Every company has a unique set of risks so finding a solutionthat can be customized to meet your organizational needs is critical.Risk management takes human and cultural factors into account. The way riskmanagement works in an organization is highly dependent on a business’s structure,objectives, culture and risk maturity. Ensure you invest in risk management softwarethat doesn’t require on-going maintenance, has consistent customer support and cansupport a global team, while customizing to your business needs.Risk management is transparent and inclusive. Risk management software should bescalable and affordable. This includes a single-sign on license so that the solution iseasily accessible across the organization and an integrated solution with auditing,compliance and incident management to help make risk-based decisions even moreinformed.Risk management is dynamic, iterative, and responsive to change. Business changes,so the technology you use needs to change with it. Ensure your risk managementsolution is adaptable as needed by end users.Risk management facilitates continual improvement of the organization. To facilitatecontinuous improvement, risk management needs to get out of the risk function andinto the hands of end users where it can be used in decision-making across theorganization.
Framework of ISO 31000The purpose of the risk management framework is to assist with integrating riskmanagement into activities and functions – particularly those related to environment,health, and safety (EHS). The effectiveness of risk management will depend on integrationinto governance and all other activities of the organization, including decision-making.Leadership and CommitmentAligning risk management with strategy, objectives and culture of the organizationIssue a statement or policy that establishes a risk management approach, plan orcourse of actionMake necessary resources available for managing risksEstablish the amount and type of risk that may or may not be takenIntegrationDetermine management accountability and oversight roles and responsibilitiesEnsure risk management is part of, and not separate from, all aspects of theorganizationDesignUnderstand the organization and its internal and external contextArticulate risk management commitment and allocate resourcesEstablish communication and consultation arrangementsImplementationDevelop an appropriate implementation plan including deadlinesIdentify where, when and how different types of decisions are made, and by whomModify the applicable decision-making processes where necessaryEvaluationMeasure framework performance against its purpose, implementation and behaviorsDetermine whether it remains suitable to support achievement of objectivesImprovementContinually monitoring and adapting the framework to address external andinternal changesTake actions to improve the value of risk managementImprove the suitability, adequacy and effectiveness of the risk managementframework
Process of ISO 31000The risk management process involves the systematic application of policies,procedures and practices to the activities of communicating and consulting,establishing the context and assessing, treating, monitoring, reviewing,recording and reporting risk.1Communication and consultation, including:Bring different areas of expertise together for each step of the RM processEnsure different views are considered when defining risk criteria and evaluating risksProvide sufficient information to facilitate risk oversight and decision-makingBuild a sense of inclusiveness and ownership among those affected by risk2Scope, context and criteria, including:Define the purpose and scope of risk management activitiesIdentify the external and internal context for the organizationDefine risk criteria by specifying the acceptable amount and type of riskDefine criteria to evaluate the significance of risk and to support decision-mak-3Risk assessment, including:Risk identification to find, recognize and describe risks that might help or preventachievement of objectives and the variety of tangible or intangible consequencesRisk analysis of the nature and characteristics of risk, including the level of risk,risk sources, consequences, likelihood, events, scenarios, controls, and theireffectivenessRisk evaluation to support decisions by comparing the results of the risk analysiswith the established risk criteria to determine the significance of risk4 Risk treatment, including:Select the most appropriate risk treatment option(s)Design risk treatment plans specifying how the treatment options will beimplemented.5 Monitoring and review, including:Improve the quality and effectiveness of process design, implementation andoutcomesMonitor the RM process and
So managing EHS as part of an overall risk management system is an imperative to business. It is no longer a silo and an overhead. This is also relevant as it is the intended aim of ISO 31000 (and the more EHS focused ISO 14001 and ISO 45001) management system to embed the management of risks i
ISO Guide 73:2009 Risk Management – Vocabulary (Guide 73) sets out a generic glossary to help develop a common understanding of risk management concepts and terms. The ISO released this guide and ISO 31000 concurrently , so the definitions in ISO Guide 73 are used in ISO 31000. While you
During the course, we will present the ISO 31000 Risk Management Guidelines and its two companions, the ISO Guide 73:2009, and the IEC/ISO 31010:2019 Risk Assessment Techniques. To understand the vocabulary, principles, framework and risk management process in accordance with the versi
framework proposed by ISO 31000:2018 and techniques recommended by IEC/DIS 31010. The following International Standards require competent risk assessors: ISO 9001:2015 - Quality Management ISO 14001:2015 - Environmental Management ISO 45001:2018 - Occupati
Use this risk management checklist to guide you through the following stages of establishing your risk management framework, as per the ISO 31000 risk management standard. This checklist document includes the following sections on effective risk management:
ISO 10381-1:2002 da ISO 10381-2:2002 da ISO 10381-3:2001 da ISO 10381-4:2003 da ISO 10381-5:2001 da ISO 10381-6:1993 da ISO 10381-7:2005 ne ISO 10381-8:2006 ne ISO/DIS 18512:2006 ne ISO 5667-13 da ISO 5667-15 da Priprema uzoraka za laboratorijske analize u skladu s normama: HRN ISO 11464:2004 ne ISO 14507:2003 ne ISO/DIS 16720:2005 ne
ISO 10771-1 ISO 16860 ISO 16889 ISO 18413 ISO 23181 ISO 2941 ISO 2942 ISO 2943 ISO 3724 ISO 3968 ISO 4405 ISO 4406 ISO 4407 ISO 16232-7 DIN 51777 PASSION TO PERFORM PASSION TO PERFORM www.mp ltri.com HEADQUARTERS MP Filtri S.p.A. Via 1 Maggio, 3 20060 Pessano con Bornago (MI) Italy 39 02 957
Certified ISO 31000 Lead Auditor (2 days training) Advanced Course Become a Certified ISO 31000 Lead Auditor (CTA31000) An advanced course for Certified ISO31000 Risk Professionals only Updated to the ISO 31000:2018 version Contact : Alex Dali, ARM, MBA,CTA31000 Managing Director G31000 Europe GIE Mobile : 32 474 400 141 Email : Alex.Dali .
This dissertation is about the Loyalist Regiments of the American Revolution, 1775-1783. These were the formal regiments formed by the British, consisting of Americans who stayed Loyal to the British crown during the American Revolutionary War. They fought in most of the main campaigns of this war and in 1783 left with the British Army for Canada, where many of them settled. The Loyalist .
