Presentation is loading. Please wait.

Presentation is loading. Please wait.

International Risk Management Standard AS/NZS ISO 31000

Published byShayna Tisdel Modified over 10 years ago

Similar presentations

Presentation on theme: "International Risk Management Standard AS/NZS ISO 31000"— Presentation transcript:

1 International Risk Management Standard AS/NZS ISO 31000
Peter Brass General Manager Risk Management & Audit PIRSA

2 Abstract of ISO 31000:2009 (Source: ISO Website on ISO 31000 – 16 June 2009)
• Provides principles and guidelines on risk management. It is generic and not developed for any specific industry or sector but risk “per se”. • Can be applied throughout the life of an organisation, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets. • Can be applied to any type of risk, whatever its nature, whether having positive or negative consequences. • Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organisations. The design and implementation of risk management plans and frameworks will need to take into account an organisation’s particular objectives, context, structure and operations. Risk management should continue to develop organically. • ISO 31000:2009 is not intended for the purpose of certification.

3 RISK = effect of uncertainty on objectives
NOTE 1 An effect may be positive, negative, or a deviation from the expected. NOTE 2 An objective may be financial, related to health and safety, or defined in other terms. NOTE 3 Risk is often described by an event, a change in circumstances, a consequence, or a combination of these and how they may affect the achievement of objectives. NOTE 4 Risk can be expressed in terms of a combination of the consequences of an event or a change in circumstances, and their likelihood. NOTE 5 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.

4 Risk Management & Managing Risks
In the Standard, the expressions “risk management” and “managing risk” are both used. In general terms, “risk management” refers to the architecture (principles, framework and process) for managing risks effectively, and “managing risk” refers to applying that architecture to particular risks.

5 Three Main Clauses to note
6 – No change 4 – Culture – now 11 broad principles, some overlap, too many No.1 Creates value – expands to include sustainable value. 5 – Framework now more detailed. Annexure A – Comprehensive guide on how to use RM tools for identification etc. That’s it. Clearly, does not change much for users of It’s the rest of the world that has the most to do. The rest of the world has come to us.

6 Principles for managing risk (Clause 3)
Creates value Integral part of organisational processes Part of decision making Explicitly addresses uncertainty Systematic, structured & timely Based on best available information Tailored Takes human & cultural factors into account Transparent & inclusive Dynamic, iterative & responsive to change Facilitates continual improvement & enhancement of the organisation Common Business Management principles that many of you will be familiar with from quality and other programs AS 4360 – Implicit to some extent

7 AS 4360 – Covered partially in Section 4 “Establishing effective
Framework for managing risk (Clause 4) Mandate & commitment Design of framework For managing risk Continual improvement of the framework Implementing risk management Monitoring & review of the framework Plan Do Check Act AS 4360 – Covered partially in Section 4 “Establishing effective risk management”

8 Process for managing risk (Clause 5)
Establishing the Context Risk Assessment Identify Risks Communication & Consultation Analysis of Risks Monitoring & Review Evaluation of Risks Treatment of Risks AS 4360 – Fully covered in Section 3 “Risk Management Process”

9 Comparison AS/NZS 4360 & ISO 31000:2009
Elements AS/NZS 4360:2004 ISO 31000:2009 Application Universal across all organisations - Australasia but also widely accepted internationally Universal across all organisations - International Context for Risk Management An organisation’s objectives Principles for managing Risk Included as part of risk management culture although mainly implicit. Clause 3 and explicit – common business management principles Framework for managing risk Covered in detail Clause 4 of standard. Expands on 4360 Risk Management Process Core of the standard Clause 5 of standard Attributes of enhanced risk management Not covered Annex in Informative only. Guide to establishing and implementing effective risk management program and application of risk management process Covered in detail in HB 436:2004

10 ISO 31000 Definitions (ISO/IEC Guide 73)
AS/NZS 4360:2004 Definitions ISO Definitions (ISO/IEC Guide 73) Risk Chance of something happening that will impact on objectives Effect of uncertainty on objectives Risk Management Culture, processes and structures that are directed towards realizing potential opportunities whilst managing adverse effects Coordinated activities to direct and control an organisation with regard to risk Risk Management Framework Set of elements of an organisation’s management system concerned with managing risk Set of components that provide the foundations and organizational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organisation Risk Management Policy Not defined Statement of the overall intentions and direction of an organisation related to risk management Risk Management Plan Scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk Risk Management Process Replaces AS/NZS 4360 – withdrawn Paramount Standard – ISO 9000, 14000

11 What this means to us. If you have followed 4360 – impact of is minimal Increased status of as international paramount standard – referred explicitly in GOSA Risk Management Policy If no organisational Risk Management Policy, it is now required. Timeframe – No deadline. However, should update references and other requirements as part of next risk management program review.

12 SAICORP Benchmarking Program
Self-assessment used to participate in this program will help to review existing risk management program Self-assessment will also helped to identify any amendments required as the tool used has been aligned with and Clause 3 Principles Clause 4 Framework & Clause 5 Process Documents are available from Treasury website at Further information from Darryl Bruhn at or

13 Information Sessions Today’s presentations are available from the Treasury website at A schedule of information sessions on the new GOSA Risk Management Policy & ISO has been developed. First session is scheduled for Thursday 11th March at the Hetzel Lecture Theatre at the State Library of SA. (9.30am to 11.00am) Also Wednesday 14th April at same time and venue Registration for these sessions to Further information Darryl Bruhn at or

14 QUESTIONS ?? Thank you for your attention. I think we have a few minutes so can take some questions.

Download ppt "International Risk Management Standard AS/NZS ISO 31000"

Similar presentations

1 Introduction to Safety Management April 2006. 2 Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.

1 Introduction to Safety Management April Objective The objective of this presentation is to highlight some of the basic elements of Safety Management.
Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
1 Welcome Safety Regulatory Function Handbook April 2006.

1 Welcome Safety Regulatory Function Handbook April 2006.
Project Appraisal Module 5 Session 6.

Project Appraisal Module 5 Session 6.
Risk Management Awareness Presentation

Risk Management Awareness Presentation
Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.

Audit Committee Risk Management Training September 2010 John Allsop Marcus Richards.
AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.

AASHTO Internal Audit Conference 2012 – Phoenix Daniel Fodera, CMQ/OE Program Management Improvement Team Federal Highway Administration.
Comparative Emergency Management

Comparative Emergency Management
Department of Education, Employment and Workplace Relations

Department of Education, Employment and Workplace Relations
Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.

Risk The chance of something happening that will have an impact on objectives. A risk is often specified in terms of an event or circumstance and the consequences.
Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.

Appendix H: Risk training slides (sample). What is Risk? “ Risk is the effect of uncertainty on objectives ” AS/NZS ISO31000:2009.
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
New Government of South Australia Risk Management Policy Statement Darryl Bruhn Risk Management Coordinator SAICORP.

New Government of South Australia Risk Management Policy Statement Darryl Bruhn Risk Management Coordinator SAICORP.
NATIONAL TREASURY TECHNICAL ASSISTANCE UNIT (TAU) Enabling Change for Development Programme and Project Management (PPM) Update Project Management Interest.

NATIONAL TREASURY TECHNICAL ASSISTANCE UNIT (TAU) Enabling Change for Development Programme and Project Management (PPM) Update Project Management Interest.
©2006 OLC 1 Process Management: The Foundation for Achieving Organizational Excellence Process Management Implementation Worldwide.

©2006 OLC 1 Process Management: The Foundation for Achieving Organizational Excellence Process Management Implementation Worldwide.
COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.

COMP8130 and COMP4130 Adrian Marshall Verification and Validation Risk Management Adrian Marshall.
ENVIRONMENTAL MANAGEMENT PLAN

ENVIRONMENTAL MANAGEMENT PLAN
TEMPUS ME-TEMPUS-JPHES

TEMPUS ME-TEMPUS-JPHES
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Similar presentations

Ads by Google