TQMC has acquired wide Domain Knowledge and Experience. You can FREELY access it here and here

DISCLAIMER: This matter here is a guide only. For authentic and up-to-date information, please contact TQMC.

The DIRECTIVES and STANDARDS listed here may have been subsequently REVISED . You must refer to the CURRENT REVISION and AMENDMENTS if any.

Monday, May 3, 2010

AS/NZS ISO 31000

New Risk Management Standard AS/NZS ISO 31000
google_protectAndRun("render_ads.js::google_render_ad", google_handleError, google_render_ad);
The new international Risk Management Standard ISO 31000:2009 was released by the International Organisation for Standardisation (ISO) on 15 November 2009. It has been four years since the ISO established a working party to develop the first international risk management standard using AS/NZS 4360:2004 as its working draft.
The joint Australian/New Zealand Standards Committee OB-007, which had reviewed and updated the earlier version of AS4360:1999, decided that instead of conducting a similar revision of the AS/NZS4360:2004, it should focus its support on an international version of a risk management standard. This resulted in Standards Australia adopting the ISO 31000 as an Australian/New Standard and therefore now making AS/NZS4360:2004 redundant.
What are the main differences between the old and new standards?
The main differences between the previous AS/NZS 4360 and the ISO31000 standard are summarised below:
1. Risk is now defined in terms of the effect of uncertainties on objectives whilst previously the standard focused on risk as being the chance of something happening that will have an impact on objectives;
2. The new standard highlights a set of principles that organisations must follow to achieve effective risk management. For risk management to be effective, organisations at all levels need to ensure that their risk management program:
Creates and protects value;
Is an integral part of all of the organisation’s processes;
Forms part of decision making;
Explicitly expresses uncertainty;
Is systematic, structured and timely;
Is based on the best available information;
Is tailored to the organisation;
Takes human and cultural factors into account;
Is transparent and inclusive;
Is dynamic, iterative and responsive to change; and
Facilitates continual improvement of the organisation.
Has the risk management process changed?
The process of managing risk in the new standard remains the same as in the old standard. The process of implementing risk management within the organisation remains the same in that communication and consultation is required through the processes of:
Establishing the risk context, i.e. defining the environment in which the organisation’s processes take place, describing external / internal influences and identifying risks;
Undertaking a risk assessment which incorporates risk identification, analysis and evaluation;
Treating the risk i.e. either avoidance (by discontinuing a specific activity), taking or increasing the risk in order to pursue an opportunity, removing the risk source, changing either the likelihood or consequence, sharing or transferring the risk (either partly or fully outsourcing the activity), or retaining the risk by informed decision;
Monitoring and reviewing risk treatment plans to ensure they remain relevant and achieve expected outcomes.
Risk Management Framework
There is now greater emphasis on how risk management should be implemented and integrated throughout an organisation through the establishment and continuous improvement of a risk management framework. The framework ensures that information about risk derived from the risk management process (as described above) is adequately reported and used as a basis for decision making and accountability at all relevant levels within the organisation(see diagram above).
Without a strong mandate and commitment, the risk management framework will not be maintained. The framework design must take into account:
Understanding of the organisation’s activities and its context;
Establishing a risk management policy;
Defining accountabilities;
Integration into organisational processes;
Provision of adequate resources to maintain the framework; and
Establishing internal and external communication and reporting mechanisms.
Following the establishment of the framework and the implementation of risk management process within a organisation, monitoring and review of risk controls is required to provide adequate data in the continual improvement of the risk management system.

Enhanced Risk Management
The new standard provides guidance on the attributes of enhanced risk management. These attributes represent a high level of performance in managing risk and can be used to compare an organisation’s own risk management performance. The key attributes are:
Continual Improvement: through the setting of performance goals against which the organisation or its manager’s are measured;
Full Accountability of Tasks: designated individuals fully accept accountability, are appropriately skilled and have adequate resources to check controls, monitor risks, improve controls and communicate effectively about risks;
Risk Management Application in all Decision Making: no matter the level of importance or significance, explicit consideration of risks and risk management needs to take place;
Continual Communications: contact with internal and


No comments:

Post a Comment