The Global Village. Future of Risk Management. Ferma Risk Management Forum 2009 Prague, 4-7 October

Transcription

1 The Global Village Future of Risk Management

2 ISO 31000:2009, an incentive or a constraint for implementing Risk Management in an organization? Things to watch out for. Alex Dali Managing Partner ATLASCOPE ARM, EFARM, Master in Risk Management & Insurance Member of the AFNOR French Commission on RISKS Co-author of the article ISO : the Gold Standard published by StrategicRISK, September 2009

3 Internationally-recognised reference International consensus single global reference for stakeholders wide application umbrella for more than 60 standards should not be ignored

4 ISO Standard vs ISO Guideline? Risk Management Principles and Guidelines Voluntary application, not prescriptive, no legal requirement specifically not intended for certification ISO certifiable standard? NO!

5 Simple risk management architecture 3-pillar structure robust and simple to apply Opportunity to review existing RM practices Track similarities and differences

6 a) Creates value b) Integral part of organizational processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic, structured and timely f) Based on the best available information g) Tailored h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative and responsive to change k) Facilitates continual improvement and enhancement of the organization Principles (Clause 3) Continual improvement of the Framework (4.6) Mandate and Commitment (4.2) Design of framework (4.3) Monitoring and review of the Framework (4.5) Framework (Clause 4) Implementing risk Management (4.4) Ferma Risk Management Forum 2009 Establishing C o m u n i c a t i o n & c o n s u l t a t i o n 5.2 the context (5.3) Risk assessment (5.4) Risk identification (5.4.2) Risk analysis (5.4.3) Risk evaluation (5.4.4) Risk treatment (5.5) Process (Clause 5) M o n i t o r i n g & r e v i e w (5.6) ISO 31000:2009 Figure 1 Relationship between the principles, framework and process

7 not a parallel management system avoid the troubled implementation of ISO 9000 series Promote business performance No bureaucratic compliance reporting system

8 Text of the ISO standard The text is short and clear Not radically new Exaggeration and self-serving statements

9 Engineer Modéliste Manager Health Finance Public sector Ferma Risk Management Forum 2009 Vocabulary ISO Guide 73 risk = danger risk = event risk = uncertainty towards objectives risk = threat (purely negative) risk = return risk = disruption of service or job losses All activities of an organization involve risks All activities of an organization involve combinations of probabilities of events and their consequences!!! All activities of an organization involve effects of uncertainty on its objectives

10 Vocabulary ISO Guide 73 Review by the same committee 51 definitions related to RISK Many improvements use language meaningful to your organisation remove terms and definitions invented locally

11 Credit Rating Agency enquiries e x tr a c t s S&P - Development of ERM analysis in response Points of interest : Strategy, management vision, diagnostic, communications Exclusions : Treatment (risk-control measures) Existing ERM processes not very formalized A decentralized ERM organization Underfunded and underintegrated ERM Weak ERM culture and strategic risk management

12 Standards & Poors Ferma Risk Management Forum 2009 Rating and cost of capital

13 Quality OH&S Finance Supply chain Environment Food safety Information security Equipements safety

14 COSO - ERM «ERM is effective if management has reasonable assurance that they understand the following : Strategic objective are being achieved Operational objectives are being achieved Reporting is reliable Laws and regulations are being complied with» Is it risk management or compliance?

15 Reference by law remain AZ/NZS 4360 : 2009 AS/NZS Australia/NZ JIS Q 200x Japan? FERMA:2004 COSO ERM Europe USA Certification of RM Certification? BSI CAN/CSA- ONR 49000:2008 AIRMIC, ALARM, Q CAN/CSA- ONR IRM:2002 BSI Q850-20xx Austria Canada Great-Britain. (Germany/Switzerland )