how to apply and benefit from the new risk management guide iso/tr 31004:2013 for implementing iso...
DESCRIPTION
Jeff Jones, Director, JJ Project Consulting Pty LtdTRANSCRIPT
ww
w.jj
pro
ject
con
sult
ing.
com
.au
1CPRM/CRMT Masterclass 2014
The aim of the conference is to…
• Promote learning at the cutting edge of risk management practice
• Foster creative thinking
• Network
• Have fun!
2
Jeff Jones CPRM, AFRMIA, RPEQ, MIEAust, Lead Auditor (QMS)
“How to apply and benefit from the new risk management guide ISO/TR 31004:2013
for implementing ISO 31000.”
3
Introductions & Demographic
ww
w.jj
pro
ject
con
sult
ing.
com
.au
4
Introductions & Demographic
ww
w.jj
pro
ject
con
sult
ing.
com
.au
5
Introductions & Demographic
ww
w.jj
pro
ject
con
sult
ing.
com
.au
6
ww
w.jj
pro
ject
con
sult
ing.
com
.au
7
* Subject to Copyright
ww
w.jj
pro
ject
con
sult
ing.
com
.au
8* Subject to Copyright
ww
w.jj
pro
ject
con
sult
ing.
com
.au
9
ww
w.jj
pro
ject
con
sult
ing.
com
.au
10
ww
w.jj
pro
ject
con
sult
ing.
com
.au
11
ISO/TR 31004
ww
w.jj
pro
ject
con
sult
ing.
com
.au
12
Implementing 31000 – 3.1
General Methodology
A. Comparing current practise with that described in ISO 31000
B. Identifying what needs to change and preparing and implementing a plan for doing so
C. Maintaining ongoing monitoring and review to ensure currency and continuous improvement
ww
w.jj
pro
ject
con
sult
ing.
com
.au
13
Implementing 31000 – 3.3Integration of ISO 31000 into the Organisations management processes
• 3.3.1 General• Choice and order of elements should be tailored to the needs of the
organisation and stakeholders• Integration supports the overall business strategy• Meet the organisations objectives and protect/create value• Consider culture and change management methodologies
• 3.3.2 Mandate & Commitment• Any business management activity begins with an analysis of the
rationale…and cost / benefit analysis• Implementation process typically involves the following;
• Acquiring mandate & commitment• A gap analysis• Tailoring & scale based on org needs, culture and creating value• Evaluating risks associated with transition• Developing a business plan – objectives, scope, accountabilities, timeframe &
resources• Identifying the context of implementation, inc. communication with stakeholders
ww
w.jj
pro
ject
con
sult
ing.
com
.au
14
Implementing 31000 – 3.3
• 3.3.3 Designing the Framework• Existing approaches to RM should be evaluated (in context)• Consider legal / regulatory / customer obligations and certification
requirements• Careful tailoring of the design and implementation plan• Permit alignment with the structure, culture and general systems• Establish risk criteria – consistent with the objectives & risk attitude
• 3.3.3.2 – decide which aspects of the current RM approach…• Could continue to be used in the future and extended to other areas• Need amendment or enhancement• No longer add value and should be discontinued
• 3.3.4 Implementing the Framework• A detailed implementation plan is needed = ref PM 101
(including its own implementation R/A)
ww
w.jj
pro
ject
con
sult
ing.
com
.au
15
Implementing 31000 – 3.4
• 3.4 Continual Improvement
• As part of Monitoring & Review
• Assess whether design of framework & processes remains appropriate
• Assess whether implementation is adding value as intended
• Constant awareness and uptake of the opportunity for improvement
ww
w.jj
pro
ject
con
sult
ing.
com
.au
16
ISO/TR 31004
ww
w.jj
pro
ject
con
sult
ing.
com
.au
17
Annex B – Application of ISO 31000 Principles
Principles (Clause 3)
a) Creates value
b) Integral part of organisational processes
c) Part of decision making
d) Explicitly address uncertainty
e) Systematic, structured and timely
f) Based on the best available information
g) Tailored
h) Takes human and cultural factors into account
i) Transparent and inclusive
j) Dynamic, iterative and responsive to change
k) Facilitates continual improvement and enhancement of the organisation
ww
w.jj
pro
ject
con
sult
ing.
com
.au
18
Annex B – Application of ISO 31000 Principles
c) Part of decision making
Risk Management helps decision makers make informed choices, prioritise actions and distinguish among
alternative courses of action.How to apply the principle
• States that RM provides the foundation for informed decision making
• Should be integrated into activities supporting the achievement of objectives and the decision-making process
• Decision-making should assess and treat risk, proactively
Practical Help
Following questions should be carefully considered…
• How…Who….What….
ww
w.jj
pro
ject
con
sult
ing.
com
.au
19
Annex B – Application of ISO 31000 Principles
Masterclass Exercise
• Aim Working as a table cohort, examine the designated Principle and content provided in 31004, to conclude on its usefulness as a guide to application by practitioners.
• Method Team discussionFlip-chart
• Deliverable Appointed speaker to provide 1 min summary of table discussion and findings;- How to Apply overall scope out of 10- Practical Help useful Y/N- biggest challenge?- what’s missing?
• Time 15 minutes (5 read + 5 discuss + 5 prep)
ww
w.jj
pro
ject
con
sult
ing.
com
.au
20
ISO/TR 31004
ww
w.jj
pro
ject
con
sult
ing.
com
.au
21
Annex E – Integrating risk management within a management systemE2 What is a management system?
ww
w.jj
pro
ject
con
sult
ing.
com
.au
22
Annex E – Integrating risk management within a management system
E1 General
• Integrate RM into organisations system of management (inc.governance & strategy)
• If purpose is to add value, logically signifies adopting ways to influence what already takes place, to enhance & improve it, as a natural function of decision making
• Requires the adaption and alteration of tools and processes to suit the needs of the decision makers and their existing processes for decision making
E3 approach
• Integration with core business processes AND create interaction between all management systems
• The RM framework should extent to and incorporate all management systems
• Utilising risk assessment techniques within other systems
ww
w.jj
pro
ject
con
sult
ing.
com
.au
23
Annex E – Integrating risk management within a management system
E4 Implementing RM into a Quality Management System framework
ww
w.jj
pro
ject
con
sult
ing.
com
.au
24
In conclusion….
“For organisations that have transitioned to ISO 31000, there should be a constant awareness and uptake of the opportunity for improvement”. ISO/TR 31004:2013
25
ww
w.jj
pro
ject
con
sult
ing.
com
.au