ISO 31000 - 2018Enterprise Risk Management (ERM)
ISO 31000 Consulting Overview
We provide ISO 31000 consulting and implementation support. This includes understanding organization context, enterprise risk mapping, prioritizing risk, risk assessment, risk management options, risk dashboard, control enforcement, policy/documentation support, training, coaching chief risk officers, coaching teams/employees, internal audit and management review.
What are the processes involved in ERM implementation?
Establishing Context: This includes an understanding of the current conditions in which the organization operates on an internal, external and risk management context. Identifying Risks: This includes the documentation of the material threats to the organization’s achievement of its objectives and the representation of areas that the organization may exploit for competitive advantage. Analyzing/Quantifying Risks: This includes the calibration and, if possible, creation of probability distributions of outcomes for each material risk. Integrating Risks: This includes the aggregation of all risk distributions, reflecting correlations and portfolio effects, and the formulation of the results in terms of impact on the organization’s key performance metrics. Assessing/Prioritizing Risks: This includes the determination of the contribution of each risk to the aggregate risk profile, and appropriate prioritization. Treating/Exploiting Risks: This includes the development of strategies for controlling and exploiting the various risks. Monitoring and Reviewing: This includes the continual measurement and monitoring of the risk environment and the performance of the risk management strategies.
What is ISO 31000?
ISO 31000 is the formal recognition of ERM by the international standards organization.
ISO 31000 is a ‘risk management – principle and guideline’ provides a reference framework that organization can use to design, build, implement and audit their ERM.
What is the approach for successful implementation
PHASE IManagement drive
Due to the scope of the subject and the holistic behavior management needs to drive this because only at that point the whole of the organization is visible.
PHASE IIEstablishing context
Context refers to the kind of risk that you wish to address. Secondly, do you wish to start with the whole of the organization or wish to limit to critical teams or locations only?
PHASE III Perform risk assessment with the chosen context
This includes identifying the stakeholders, business teams, resources and asset infrastructure within the context, resulting in defining a risk register, and threats and opportunities.
PHASE IVImplementation/measurement journey
Through definition of people, processes and technology, and program charter to drive the implementation and embedding them as part of the organization culture.
PHASE VInternal Audit
Is the process of verifying successful implementation, on one hand, and the inclusion of ERM principles in business life cycle on the other.
PHASE VIManagement reporting
Helps in reporting and alignment with Phase I. Though management is involved in each phase, a formal reporting process will help in measuring the performance and whether it is providing business benefits it was designed to.
