Security Management System

Size: px
Start display at page:

Download "Security Management System"

Transcription

1 International Association of Oil & Gas Producers Security Management System OGP Report No. 512 July 2014 Processes and concepts in security management

2 Disclaimer Whilst every effort has been made to ensure the accuracy of the information contained in this publication, neither OGP nor any of its members past present or future warrants its accuracy or will, regardless of its or their negligence, assume liability for any foreseeable or unforeseeable use made thereof, which liability is hereby excluded. Consequently, such use is at the recipient s own risk on the basis that any use by the recipient constitutes agreement to the terms of this disclaimer. The recipient is obliged to inform any subsequent recipient of such terms. Copyright notice The contents of these pages are The International Association of Oil and Gas Producers. Permission is given to reproduce this report in whole or in part provided (i) that the copyright of OGP and (ii) the source are acknowledged. All other rights are reserved. Any other use requires the prior written permission of OGP. These Terms and Conditions shall be governed by and construed in accordance with the laws of England and Wales. Disputes arising here from shall be exclusively subject to the jurisdiction of the courts of England and Wales. About OGP OGP represents the upstream oil and gas industry before international organizations including the International Maritime Organization, the United Nations Environment Programme (UNEP), Regional Seas Conventions and other groups under the UN umbrella. At the regional level, OGP is the industry representative to the European Commission and Parliament and the OSPAR Commission for the North East Atlantic. Equally important is OGP s role in promulgating best practices, particularly in the areas of health, safety, the environment and social responsibility.

3 International Association of Oil & Gas Producers Security Management System OGP Report No. 512 July 2014 Processes and concepts in security management Revision history Version Date Amendments 1 July 2014 First issued

4 ii

5 Contents FOREWORD 1 INTRODUCTION 2 STRUCTURE 2 PART 1: SECURITY MANAGEMENT SYSTEM - COMPONENTS 3 CHARACTERISTICS 4 BENEFITS OF A SECURITY MANAGEMENT SYSTEM 4 DESCRIPTION 5 PART 2: SECURITY MANAGEMENT SYSTEM - CONCEPTS Security & Quality Management Documentation and Management Systems Security Management Principles Security risk Management & Assessment Security Excellence 26 SECURITY MANAGEMENT SYSTEM - CHECKLIST 29 ACRONYMS 33 REFERENCES 34 iii

6 FOREWORD This document represents part of a suite of documents that together form the Operating Management System (OMS). It has been designed around the core processes described in OGP Report No. 510 so that it is aligned, and complimentary to, other discipline specific management systems. The Security Management System (SMS) consists of eleven components which are described in terms of: their rationale (why the element is an essential part of the SMS), and expectations (what advantages the organization may expect to gain if implementing those measures effectively) Appendix A represents a cut to the bone version which may be used as: A summary of the main components of the SMS, for education and training purposes A checklist of the main points for implementation and audit purposes, or An aide memoire for management purposes However this SMS document is used, the intention is that: PART A provides the detail PART B provides the background, and Appendix A provides the summary so that any manager should be able to take this document off the shelf and by following the step by step structure, and allocating appropriate resources, will be able to implement an effective Security Management System in line with their own organizations Vision, Strategy and Culture. 1

7 INTRODUCTION OGP Report No. 510, Operating Management System Framework for controlling risk and delivering high performance in the oil and gas industry, refers to a management system as a structured and documented set of interdependent practices, process and procedures used by the managers and the workforce at every level in a company to plan, direct and execute activities. A security management system may be considered as that part of the overall management system that provides the structure to enable identification of potential threats to an organization and which establishes, implements, operates, monitors, reviews and maintains all appropriate measures to provide assurance of the effective management of the associated security risks. This document provides a high level oversight of what the main components of a security management system could be, based upon the guidance in OGP Report No It is not intended to be prescriptive, and organizations are encouraged to develop their own systems based on the guidance set out in this document and OGP Report No Some of the concepts of management systems, such as PDCA cycle, Leadership, Culture etc., are dealt with in OGP Report No. 510, so the detail will not be repeated here, other than to adapt it to security where appropriate. STRUCTURE This document is composed of three sections: Part 1: Security Management System Components This section introduces the individual components of the security management system and shows the relationship between them as well as how they integrate into the overall OMS as described in OGP Report No Part 2: Security Management System Concepts The management system described in Part 1 was determined using the fundamental concepts described in a number of international standards, and the model of excellence described by the European Foundation for Quality Management. In each case, the processes described have been adapted in order to show specific relevance to security. Appendices There are three appendices Security Management System checklist. This provides a consolidated list of bullet points that describe the different components of the SMS. The intent is that it may be used as a compliance/assurance tool to allow organizations to assess the extent of their management systems, and to identify possible areas for improvement. Acronyms References 2

8 PART 1: SECURITY MANAGEMENT SYSTEM - COMPONENTS A Security Management System contributes to the overall management system as follows: On-going cycle of continuous improvement Learning Report to top management Credibility & integration Review Monitor & security reporting Monitoring, reporting and learning Assurance, review and improvement Implementation Commitment and accountability Policies, standards and objectives Policies, objectives & tasks Leadership Execution & control activities Execution of activities Continuous Improvement Risk Management Organization, resources and capability Threat, vulnerability & security risk asessment Plans and procedures Stakeholders and customers Asset design and integrity Risk assessment and control Controls Planning & resourcing Security risk register Relationship between SMS and OMS Security Management System OMS - Elements OMS - Fundamentals Figure 1.1: Security Management System 3

9 CHARACTERISTICS OGP Report No. 510 states that the four most important characteristics of any operational management system are: Leadership, Security risk Management, Implementation and Continuous Improvement. This is consistent with the fundamentals of security management, and so these characteristics also form the hub of the Security Management System (SMS) wheel. In OGP Report No. 510, the OMS elements are established on these characteristics. However, whereas each element is overlapping with its neighbours in OGP Report No. 510, the SMS components are simply shown in juxtaposition, based upon the prerequisite that one element builds on the previous element and forms the basis of the subsequent one. The sequence and description of the elements given in OGP Report No. 510 is both logical and comprehensive, and represents all the main components of a high level management system. These elements are represented by the middle ring in the SMS. The outer ring in the diagram above shows the sequence of components in the SMS, and how they relate to the OMS Structure and fundamental characteristics. BENEFITS OF A SECURITY MANAGEMENT SYSTEM Effective implementation of the security management system (SMS) will ensure: Confidence that security has the ability to prepare for and react to events that may otherwise present a threat to the organization s people, information and/or assets Optimization that the most efficient use of resources is made at optimum cost In contributing to the organization s overall Confidence levels and Optimization of resources, a SMS will: Improve the resilience of the organization Enhance the organization s credibility Introduce a core language and core processes for security risk management Enable an organization to be nimble and flexible in its response to security challenges Continually improve the capacity of an organization to manage security challenges 4

10 DESCRIPTION Component 1 Credibility & Integration Rationale All too often, security considerations become de-coupled from business operations and decisions are made without taking security risk assessments into account. Similarly, it is not uncommon that security is perceived to be unhelpful in the pursuit of business growth. The challenge is to embed security into business planning so that not only can it influence decision making, but that the security input is welcomed by management and project planners. Although not a prerequisite that corporate security personnel come from military, intelligence or law enforcement background, it is essential that those with responsibility for security are able to demonstrate competence not only in all aspects of the security discipline, but also have an awareness of the contribution security can make to other aspects of the business, such as Governance, Strategy, Compliance, Assurance, New Ventures, M&A activity, and other essential business-related issues. It is the responsibility of the person with overall responsibility for Security to ensure that training and development needs are recognized, addressed and records maintained. In this way, security may become an integrated and respected part of the organization; used in business planning, execution, and decision making. Expectations of security department Professionalism living the corporate values Expertise Demonstrating a thorough knowledge of the subject Vision Demonstrating an understanding of the wider business objectives Teamwork working closely with other disciplines to understand their contributions and aspirations Collaboration Conducting security risk assessments in support of specific operations, not in isolation Communication Security considerations to top management in a clear, concise manner, demonstrating due consideration to all factors 5

11 Component 2 Policies, Objectives & Tasks Rationale There should exist a single security policy which outlines the security architecture, strategy and protocols. Expectations The following sections are addressed: Security management objectives Statement of the attitude of the organization to security Description of the security environment Statement of the security risk appetite Security organization, roles and responsibilities Procedures for security risk assessment List of security Standing Operating Procedures (SOPs) Security priorities and calendar for coming year 6

12 Component 3 Threat, Vulnerability & Security Risk Assessment Rationale See Part 2, Section 4. Recognizing that different parts of the organization address risk in different ways, it is all the more important that a common language exists, and that core risk processes are agreed and established. Based upon the agreed model, the security function can subsequently address security risk through its own lens. The particular characteristic of security is that it deals with both risks (the effect of uncertainty on objectives) and threats (statements of intent to inflict harm). Security is concerned with managing security risks and threats that have generally external origins, and about which an organization has little direct influence. Expectations Security risk assessments should take into consideration a wide range of elements beyond physical security threats. Such elements should include: The operating environment and groups/events by which it is characterized The profile of the organization, the footprint and the social impact The strategic, long term objectives of the organization Voluntary Principles of Security and Human Rights Legislation and local expectations Capability and intent of local criminal/terrorist elements Vulnerability and attractiveness of assets to criminal/terrorist elements Availability of resources 7

13 Component 4 Controls Rationale Security controls should be assessed using cost/benefit analysis. There may come a point where security reaches a level such that any further investment will not actually change the profile. A more typical scenario may be that security is at such a level whereby unless more investment is made, it is unlikely to improve. Expectations Examples of security controls may include: Physical protection measures (lights, fences, CCTV, barriers, etc.) Introduction of security procedures (ID checking, access control, mail screening, etc.) Intelligence networking (local social/political leaders/intelligence providers, etc.) Electronic security (encryption, password protection, etc.) Resourcing (security personnel, equipment, etc.) Local integration (CSR programme, local content, etc.) 8

14 Component 5 Security Risk Register Rationale Having gone through the security risk assessment process, the findings of the security risk assessment should be recorded in a security risk register (see Page 22). The security risk register should be maintained as a live document which can be used to track the effects of security control measures, and give reassurance to top management that security risks are being managed effectively. Expectations A security risk register should: Facilitate ownership and management of security risks Provide an overview of the significant security risks that are faced by an organization Record the results of threat/vulnerability security risk assessment Form an agreed record of those security risks that have been identified Record additional proposed actions to improve the security profile Facilitate the prioritization of security risks 9

15 Component 6 Planning & Resourcing Rationale Security should be a priority for management. As long as the security risk assessment is sound, and the planning logical, then the plan should dictate the resources rather than the resources dictating the plan. The danger of this strategy is both that it is contrary to a strategy of investment in security, and that it under-values the security risk analysis. The planning and resourcing component of the SMS is the key to the success of the strategy. Expectations Effective planning will answer: What are we going to do? How are we going to do it? When are we going to do it? How long do we need to do it for? How are we going to coordinate and communicate? What do we do if something goes wrong? Effective resourcing will answer: What do we need to do it? How do we get it? How much does it cost? What is our back up if something doesn t work or isn t available? 10

16 Component 7 Execution & Control Activities Rationale Certain routine security tasks such as providing executive protection, may lend themselves to prior awareness and rehearsal exercises, and may be managed almost as an independent security operation. Others, such as long-term, integrated security projects such as provision of security covering all aspects of the construction of a processing plant in a high security risk environment, will involve management at a higher level in order to ensure that all security operations are executed in the context of the wider project objectives. Thus the execution of the security operation may impact significantly on project deadlines and stage gates. For example, delivery of large critical infrastructure may be dependent upon a route clearance and convoy support operation. If the delivery of the infrastructure is delayed due to poor security planning and execution, then there could be significant impact across many other aspects of the project. In this scenario, therefore the SMS should ensure that planning and execution of security operations is embedded into and coordinated with project planning and decision making. Expectations: The execution of a plan is predicated on all of the previous components in the management system: The plan has identified all the security risks to the operation All control mechanisms are established The plan has been accordingly and appropriately resourced Any bespoke procedures are documented, approved and validated The plan has been effectively communicated to those with responsibility for its execution Assurance that those with responsibility for carrying out the plan have the correct competencies All correct back up and reinforcement strategies are established and tested 11

17 Component 8 Monitor & Security Reporting Rationale To ensure that the security operation, no matter what the scale, remains within the scope of the plan, it is essential that management is able to monitor progress. Monitoring is based upon effective two-way communication. Where appropriate, traditional methods are often effective and should be considered: Inspections Review meetings Auditing Interviews Workshops However, the SMS should also address high security risk or difficult environments. When remote monitoring is required, current technological developments offer a broad spectrum of communication methods including: Land line VHF Radio Satellite telephony Social media SMS Internet solutions (e.g. Skype) It should be remembered though, that in times of crisis, communication networks are often cut in the early stages, and so new technologies and back up options should be considered. The purpose of these communications options is to enable reporting. This may take the form of: Informal, ad hoc updates Scheduled reports with an established format Status/situation reports Responding to requests for specific information Reporting when key milestones in an operation have been reached Reporting extra-ordinary developments Requests for assistance Information is the key, but not all information needs to be disseminated. Much of the information reported during an operation will only be relevant to the execution of the operation. This information, while vital for security management may be largely irrelevant for top/project management. Although it is imperative that management are kept informed of key developments that may impact the project or organization, they should be protected from needless information overload. Largely, security reporting should be kept within the security organization. 12

18 Expectations Effective monitoring facilitates: Management oversight of operations Compliance checking against the planned tactical and operational objectives Checking of performance and competency levels of those executing the plan Checking management effectiveness of those supervising the execution Flexibility so that the operation can adapt to unforeseen/evolving external developments Flexibility so that the operation can adjust to internal project developments Opportunities to learn from new scenarios/occasions where strategy needed review Opportunity for tactical and operational feedback and recommendations Keeping senior management/project teams appraised of progress/challenges 13

19 Component 9 Review Rationale Performance/management reviews can take place at any time during an operation, and may be formal or informal. However in particular, formal reviews should be taken: At the end of a particular task At the end of a security project/operation When there is any significant change to a project that impacts security At regular, defined intervals, e.g. biannually Expectations The purpose of the review may be any combination of the following: To critically debrief the plan in order to determine strengths weaknesses and areas that could be improved To obtain feedback from those involved in the execution of the plan/ project regarding the manageability of the plan To highlight any competency issues arising from exposure to new challenges To examine how much contribution the operation/task/project brings to the achievement of the organization s objectives Assurance to top management that security is being managed effectively Enables security management to assess whether established protocols are being effective, and to take action accordingly Highlight examples of good practice 14

20 Component 10 Learning Rationale Learning is the key to continual improvement and is a natural extension of the review process; the strengths, weaknesses, opportunities for improvement, feedback from operators and all the issues listed under Element 9, should be considered in the context of Lessons Learned. The lessons learned then need to be communicated, and appropriate action taken. In this way, the value of security is forever evolving and keeping parallel with and one step ahead of the project/organization that it is there to protect. Learning not only facilitates the evolution of the security support for the host organization, but it contributes to the wider security community, so that Standing Operating Procedures should be considered live and open to criticism. Expectation Effective processes for learning lessons will enable an organization to: Introduce improvements to procedures Introduce improvements in organizational structure Update documentation Implement of new training courses Increase awareness of new threats/update on existing threats Introduce new equipment/technology Better integrate to the wider organization Better understand the organization s objectives Heightened awareness of the contribution of security Improved relationship with/understanding of other business functions Improvements to the management system 15

21 Component 11 Reporting to Top Management Rationale Having conducted a review, and established any lessons learned, it is essential that a formal report is submitted to top management. The report should be brief, and focussed not on security per se (as in Elements 8 & 9), but on: How security added value to the operation/project How security has contributed to the achievement of the organization s objectives Any recommendations arising from the review sessions that may affect future project operations Any intelligence/threat updates Any updates in the security organization/infrastructure of which top management needs to be aware Any recommended changes to security procedure of which top management needs to be aware Any updates in the security organization/infrastructure which top management needs to approve Any recommended changes to security procedure which top management needs to approve By sharing such information with top management, the traditional silo perception by which a security organization had once characterized itself may be broken down. Security issues should be addressed with equal consideration as production and operational issues, and should be embedded in business planning at all levels so that it is able to influence decisions. Expectation Providing such feedback to top management: Offers reassurance that security is being effectively managed Offers reassurance that security understands its role in the achievement of the business objectives Gives confidence in decision-making that all security issues have been given appropriate consideration Reinforces the importance of security considerations in making decisions Reinforces the role of security in protecting the organization s people, assets and information Emphasizes that security operates in support of business operations, and not as a barrier to them All of which: Gives security credibility in the organization With credibility, security may be embedded into the culture, integrated into the business processes and become a core component of the Operating Management System of the organization. 16

22 PART 2 : SECURITY MANAGEMENT SYSTEM CONCEPTS 1. Security & Quality Management A security management system, as with other management systems is based upon the model defined in ISO 9001:2008, Quality Management Systems - Requirements, which may be adapted for security management as follows: Threat/security risk assessment Maintain Resource management Management responsibility Security planning Monitor & maintain Product Mitigation measures Figure 2.1: Security & Quality Management In a security risk-based, process-driven approach to security, the achievement of security objectives should start with a threat/security risk assessment (see Part 1, section 4). Having identified the security risks and planned mitigation measures, a security risk register may be established (see Page 22). The mitigation measures detailed in the security risk register are realized through resource management and security planning, thus arriving at a security solution (product), whether that be hard security measures, procedural requirements or a higher level security solution that supports strategic objectives, such as a crisis management strategy, or establishment of an intelligence gathering network. The product is established, thus converting an input (security risk assessment) to an output (protection/response measures). The output is maintained through testing and evaluating response in order to ensure it remains at an appropriate level to be effective. For mitigation measures to remain at an appropriate level the security risk register must be kept live and so there is a need for on-going, dynamic threat/security risk assessment. Thus management has responsibility for maintaining the effectiveness of the protection/response measures established as well as maintaining the security risk register through on-going security risk/threat assessment 17

23 2. Documentation and Management Systems A management system, as defined by ISO 9000:2005 is a system to establish policy and objectives and to achieve those objectives In order to help in the achievement of those objectives, the system needs to be supported; that support comes in the form of approved standards and procedures as follows: The Policy sits at the top of the hierarchy and describes the security culture, roles and responsibilities and objectives Policy Standards Guidelines The security Standards contain the mandatory security requirements, against which compliance may be tested Security guidelines provide the methodology of how compliance to the Standards may be achieved. They are not mandatory. Tools and templates represent a resource set which may be used in following the guidelines, as well as acting as stand alone products themselves (Standing Operating Procedures) Tools & Templates An effective management system should be such that it does not necessarily need a discipline expert to implement and manage it. Figure 2.2: Security documentation 18

24 3. Security Management Principles ISO 9000:2005 defines eight principles of quality management that are necessary for top management to lead the organization towards improved performance. These are fundamental principles which may be adapted for security as follows: (a) Customer focus The people or assets for which security is being provided should be viewed as the Customer. As with quality management, it is essential to understand the needs and expectations of the customer. Whereas security should never be compromized to an extent where lives are put at security risk, there are circumstances where security options should be made available and presented to the customer. A common example of where this may apply is in the VIP protection role where a high profile security solution is planned without speaking to the Client, who actually prefers more discreet, low profile solution. Similarly, a security manager may assess a particular security risk to be low, but for one reason or another, the CEO of an organization takes the opposite view and demands far more robust security measures. (b) Leadership Given the comments above on the importance of understanding the customer s expectations, it is necessary for the security management team to be role models in their leadership, and thus nurture a level of confidence and trust, so that the organization s top management comes to perceive security as a means to achieve the organization s objectives, not to hinder it, so that there is unity in purpose and direction. (c) Involvement of people People at all levels in security, and indeed the wider organization will all have an opinion on how security should be managed. Often the more radical and unconventional solutions are the best, and perhaps these are more likely to come from someone outside the security infrastructure. It should never be assumed that the person with overall responsibility for security management necessarily has all the best ideas. Humbleness and a willingness to learn from others is a key characteristic of an effective leader. (d) Process approach A process is a set of activities that transforms inputs into outputs. All security management tasks begin with an event, or series of events that trigger a response. In reactive security, for example a trigger event could be an attempted break in which could lead to a physical security risk assessment, supplier identification and tender process, implementation plan, etc., eventually leading to the output; a secure perimeter. Proactive security still follows a process, although the inputs need to be identified, often through other 19

25 processes. For example, a review of the crisis management arrangements (itself a process) may reveal a lack of any deputies, which will trigger a selection and training package so that the outcome, absence cover for the crisis management team, may be implemented. In both examples, having identified the input, defining what the output should be will help ensure that the activities undertaken to link the two are appropriate and effective. (e) Systems approach to management It is highly unlikely that the transformation of a single input into a single output will take place independently of any other process. Processes are linked, as in the examples above. The network of interlinked processes is the system. Understanding and managing the links between the processes will contribute to the efficiency in which security can achieve its objectives. (f) Continual improvement An essential component of the management system is: Testing, Debrief and Lessons Learned. Applying this to all security functions ensures that performance, efficiency and capability are continually improving, as well as fending off complacency. (g) Factual approach to decision making It is a function of security to provide intelligence, not information, to top management to enable effective decision making. Intelligence is relevant, qualified information which has been verified as much as is realistic and which has attached the analysis and recommendations of the security manager. In this way, top management can make assessments based upon security facts, not information. (h) Mutually beneficial supplier relationships It is unlikely that a large security organization will be entirely independent. More commonly, there will be interactions with suppliers (of guards, equipment, and vehicles for example) and other organizations (intelligence, travel security, medical, other security companies etc.). Nurturing these relationships and perceiving them to be interdependent and providing mutual benefit can enhance capability, efficiency and effectiveness of security. 20

Operating Management System Framework

Operating Management System Framework International Association of Oil & Gas Producers Operating Management System Framework OGP Report No. 510 June 2014 for controlling risk and delivering high performance in the oil and gas industry Disclaimer

More information

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager

Middlesbrough Manager Competency Framework. Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework + = Behaviours Business Skills Middlesbrough Manager Middlesbrough Manager Competency Framework Background Middlesbrough Council is going through significant

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

Checklist for an audit of safety management

Checklist for an audit of safety management Checklist for an audit of safety management Report No. 6.15/160 February 1990 P ublications Global experience The International Association of Oil & Gas Producers (formerly the E&P Forum) has access to

More information

Bedford Group of Drainage Boards

Bedford Group of Drainage Boards Bedford Group of Drainage Boards Risk Management Strategy Risk Management Policy January 2010 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010 Public Record Office Victoria PROS 10/10 Strategic Management Guideline 5 Records Management Strategy Version Number: 1.0 Issue Date: 19/07/2010 Expiry Date: 19/07/2015 State of Victoria 2010 Version 1.0

More information

A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000

A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000 Contents Executive summary Introduction Acknowledgements Part 1: Risk, risk management and ISO 31000 1 Nature

More information

A Risk Management Standard

A Risk Management Standard A Risk Management Standard Introduction This Risk Management Standard is the result of work by a team drawn from the major risk management organisations in the UK, including the Institute of Risk management

More information

IFAD Policy on Enterprise Risk Management

IFAD Policy on Enterprise Risk Management Document: EB 2008/94/R.4 Agenda: 5 Date: 6 August 2008 Distribution: Public Original: English E IFAD Policy on Enterprise Risk Management Executive Board Ninety-fourth Session Rome, 10-11 September 2008

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment

Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire. P3M3 Project Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Project Management Self-Assessment Contents Introduction 3 User Guidance 4 P3M3 Self-Assessment Questionnaire

More information

the Defence Leadership framework

the Defence Leadership framework the Defence Leadership framework Growing Leaders at all Levels Professionalism Loyalty Integrity Courage Innovation Teamwork Foreword One of the founding elements of Building Force 2030, as outlined in

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT POLICY TITLE OF POLICY POLICY OWNER POLICY CHAMPION DOCUMENT HISTORY: Policy Title Status Enterprise Risk Management Policy (current, revised, no change, redundant) Approving

More information

P3M3 Portfolio Management Self-Assessment

P3M3 Portfolio Management Self-Assessment Procurement Programmes & Projects P3M3 v2.1 Self-Assessment Instructions and Questionnaire P3M3 Portfolio Management Self-Assessment P3M3 is a registered trade mark of AXELOS Limited Contents Introduction

More information

Risk Management Policy

Risk Management Policy Risk Management Policy Responsible Officer Author Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date effective from December 2008 Date last amended December 2012

More information

Volunteer Managers National Occupational Standards

Volunteer Managers National Occupational Standards Volunteer Managers National Occupational Standards Contents 00 Forward 00 Section 1 Introduction 00 Who are these standards for? 00 Why should you use them? 00 How can you use them? 00 What s in a Standard?

More information

Avondale College Limited Enterprise Risk Management Framework 2014 2017

Avondale College Limited Enterprise Risk Management Framework 2014 2017 Avondale College Limited Enterprise Risk Management Framework 2014 2017 President s message Risk management is part of our daily life, something we do regularly; often without realising we are doing it.

More information

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy

River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise 4. Embedding

More information

MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0

MAJOR PROJECTS CONSTRUCTION SAFETY STANDARD HS-09 Revision 0 MAJOR PROJECTS CONSTRUCTION SAFETY SECURITY MANAGEMENT PROGRAM STANDARD HS-09 Document Owner(s) Tom Munro Project/Organization Role Supervisor, Major Projects Safety & Security (Canada) Version Control:

More information

PROJECT MANAGEMENT FRAMEWORK

PROJECT MANAGEMENT FRAMEWORK PROJECT MANAGEMENT FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Executive Assistant to

More information

VISION FOR LEARNING AND DEVELOPMENT

VISION FOR LEARNING AND DEVELOPMENT VISION FOR LEARNING AND DEVELOPMENT As a Council we will strive for excellence in our approach to developing our employees. We will: Value our employees and their impact on Cardiff Council s ability to

More information

Relationship Manager (Banking) Assessment Plan

Relationship Manager (Banking) Assessment Plan 1. Introduction and Overview Relationship Manager (Banking) Assessment Plan The Relationship Manager (Banking) is an apprenticeship that takes 3-4 years to complete and is at a Level 6. It forms a key

More information

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy

Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Waveney Lower Yare & Lothingland Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise

More information

Risk Management. Policy

Risk Management. Policy Policy Risk Management Endorsed: 26 February 2014 Brief description The GPC Risk Management Policy and its supporting standards and procedures provide a framework to ensure that risks arising from our

More information

Eight Leadership Principles for a Winning Organization. Principle 1 Customer Focus

Eight Leadership Principles for a Winning Organization. Principle 1 Customer Focus Eight Leadership Principles for a Winning Organization Leading and operating an organization successfully requires managing it in a systematic and visible manner. Success should result from implementing

More information

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework

UNITED NATIONS OFFICE FOR PROJECT SERVICES. ORGANIZATIONAL DIRECTIVE No. 33. UNOPS Strategic Risk Management Planning Framework UNOPS UNITED NATIONS OFFICE FOR PROJECT SERVICES Headquarters, Copenhagen O.D. No. 33 16 April 2010 ORGANIZATIONAL DIRECTIVE No. 33 UNOPS Strategic Risk Management Planning Framework 1. Introduction 1.1.

More information

Logan City Council. Strategic Planning and Performance Management Framework

Logan City Council. Strategic Planning and Performance Management Framework Logan City Council Strategic Planning and Performance Management Framework 1 Table of contents 1. Overview 3 a) Purpose 3 b) Key Features 3 2. Context 4 a) National Framework for Sustainability 4 b) Elements

More information

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS 1 Module 1: Principles of Risk and Risk Management Module aims The aim of this module is to provide an introduction to the principles and concepts of risk and

More information

MODULE 10 CHANGE MANAGEMENT AND COMMUNICATION

MODULE 10 CHANGE MANAGEMENT AND COMMUNICATION MODULE 10 CHANGE MANAGEMENT AND COMMUNICATION PART OF A MODULAR TRAINING RESOURCE Commonwealth of Australia 2015. With the exception of the Commonwealth Coat of Arms and where otherwise noted all material

More information

Quality Management Subcontractor QM Guide-Section Two

Quality Management Subcontractor QM Guide-Section Two SECTION TWO QUALITY MANAGEMENT SYSTEMS Version No 1. PREFACE This document has been developed to assist subcontractors to meet Monaco Hickeys (MHPL) Quality Management (QM) requirements whilst working

More information

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework Dorothy Gjerdrum, ARM-P, Chair of the ISO 31000 US TAG and Executive Director,

More information

OMS in practice. A supplement to Report No. 510, Operating Management System Framework. OGP Report No. 511 June 2014

OMS in practice. A supplement to Report No. 510, Operating Management System Framework. OGP Report No. 511 June 2014 International Association of Oil & Gas Producers OMS in practice OGP Report No. 511 June 2014 A supplement to Report No. 510, Operating Management System Framework Disclaimer Whilst every effort has been

More information

Confident in our Future, Risk Management Policy Statement and Strategy

Confident in our Future, Risk Management Policy Statement and Strategy Confident in our Future, Risk Management Policy Statement and Strategy Risk Management Policy Statement Introduction Risk management aims to maximise opportunities and minimise exposure to ensure the residents

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...

More information

Merthyr Tydfil County Borough Council

Merthyr Tydfil County Borough Council Merthyr Tydfil County Borough Council DRAFT Risk Management Policy & Strategy April 2014 Prepared by: Kerry O Donovan Page 1 of 47 Contents Page Numbers Foreword 3 Merthyr Tydfil County Borough Council

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

International Diploma in Risk Management Syllabus

International Diploma in Risk Management Syllabus International Diploma in Risk Management Syllabus Module 1: Principles of Risk and Risk Management The aim of this module is to provide an introduction to the principles and concepts of risk and risk management.

More information

December 2014. A Guide for General Counsel Structuring your legal team

December 2014. A Guide for General Counsel Structuring your legal team December 2014 A Guide for General Counsel Structuring your legal team contents: THE TEAM 03 THE STRUCTURE 04 RISK AND COMPLIANCE 07 LEVEL AND NATURE OF OUTSOURCING 08 FUNCTIONS 09 SUPPORT SERVICES 10 CONCLUSION

More information

OPERATIONAL RISK MANAGEMENT B130786 STUDENT HANDOUT

OPERATIONAL RISK MANAGEMENT B130786 STUDENT HANDOUT UNITED STATES MARINE CORPS THE BASIC SCHOOL MARINE CORPS TRAINING COMMAND CAMP BARRETT, VIRGINIA 22134-5019 OPERATIONAL RISK MANAGEMENT B130786 STUDENT HANDOUT Basic Officer Course (ORM) Introduction Importance

More information

How Good is Our Council?

How Good is Our Council? A guide to evaluating Council Services using quality indicators Securing the future... l Improving services l Enhancing quality of life l Making the best use of public resources Foreword Perth & Kinross

More information

Outsourcing. Knowledge Summary

Outsourcing. Knowledge Summary Knowledge Summary Outsourcing P&SM professionals should have the knowledge and skills required to manage the outsourcing process and to advise colleagues of the most appropriate solution to obtain best

More information

Feature. Developing an Information Security and Risk Management Strategy

Feature. Developing an Information Security and Risk Management Strategy Feature Developing an Information Security and Risk Management Strategy John P. Pironti, CISA, CISM, CGEIT, CISSP, ISSAP, ISSMP, is the president of IP Architects LLC. He has designed and implemented enterprisewide

More information

People Strategy 2013/17

People Strategy 2013/17 D a t a L a b e l : P U B L I C West Lothian Council People Strategy 2013/17 Contents 1 Overview 2 2 Council Priorities 8 3 Strategy Outcomes 10 1 Engaging and motivating our employees 13 2 Recognised

More information

Administration and General Order No. AD/1/TBC

Administration and General Order No. AD/1/TBC COUNTY DURHAM AND DARLINGTON FIRE AND RESCUE SERVICE Administration and General Order No. AD/1/TBC CORPORATE RISK MANGEMENT POLICY 1. INTRODUCTION 1.1 County Durham and Darlington Combined Fire Authority

More information

Introduction to the ITS Project Management Methodology

Introduction to the ITS Project Management Methodology Introduction to the ITS Project Management Methodology In September 1999 the Joint Legislative Committee on Performance Evaluation and Expenditure Review (PEER) produced a report entitled Major Computer

More information

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

Linking Risk Management to Business Strategy, Processes, Operations and Reporting Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles

More information

The Lowitja Institute Risk Management Plan

The Lowitja Institute Risk Management Plan The Lowitja Institute Risk Management Plan 1. PURPOSE This Plan provides instructions to management and staff for the implementation of consistent risk management practices throughout the Lowitja Institute

More information

PEOPLE INVOLVEMENT AND THEIR COMPETENCE IN QUALITY MANAGEMENT SYSTEMS * Jarmila ŠALGOVIČOVÁ, Matej BÍLÝ

PEOPLE INVOLVEMENT AND THEIR COMPETENCE IN QUALITY MANAGEMENT SYSTEMS * Jarmila ŠALGOVIČOVÁ, Matej BÍLÝ PEOPLE INVOLVEMENT AND THEIR COMPETENCE IN QUALITY MANAGEMENT SYSTEMS * Jarmila ŠALGOVIČOVÁ, Matej BÍLÝ Authors: Workplace: Assoc. Prof. Jarmila Šalgovičová, PhD., Prof. Matej Bílý, DrSC.* Institute of

More information

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK ACCOUNTABLE SIGNATURE AUTHORISED for implementation SIGNATURE On behalf of Chief Executive Officer SAHRA Council Date Date

More information

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer RISK MANAGEMENT FRAMEWORK 1 SUMMARY The Risk Management Framework consists of the following: Risk Management policy Risk Management strategy Risk Management accountability Risk Management framework structure.

More information

Crisis Prevention and Response Services. NYA International. Crisis Prevention and Response Services. Crisis Prevention and Response Services

Crisis Prevention and Response Services. NYA International. Crisis Prevention and Response Services. Crisis Prevention and Response Services NYA International B Effective risk management begins with a comprehensive understanding of the threat and an organisation s vulnerability, and the application of appropriate mitigation measures. Operating

More information

Outsourcing. Definitions. Outsourcing Strategy. Potential Advantages of an Outsourced Service. Procurement Process

Outsourcing. Definitions. Outsourcing Strategy. Potential Advantages of an Outsourced Service. Procurement Process CIPS takes the view that the outsourcing of services to specialist providers can often lead to better quality of services and increased value for money. Purchasing and supply management professionals should

More information

TDWI strives to provide course books that are content-rich and that serve as useful reference documents after a class has ended.

TDWI strives to provide course books that are content-rich and that serve as useful reference documents after a class has ended. Previews of TDWI course books offer an opportunity to see the quality of our material and help you to select the courses that best fit your needs. The previews cannot be printed. TDWI strives to provide

More information

Change Management Office Benefits and Structure

Change Management Office Benefits and Structure Change Management Office Benefits and Structure Author Melanie Franklin Director Agile Change Management Limited Contents Introduction 3 The Purpose of a Change Management Office 3 The Authority of a Change

More information

Government Communication Professional Competency Framework

Government Communication Professional Competency Framework Government Communication Professional Competency Framework April 2013 Introduction Every day, government communicators deliver great work which supports communities and helps citizens understand their

More information

Risk Management Policy and Framework

Risk Management Policy and Framework Risk Management Policy and Framework December 2014 phone 1300 360 605 08 89589500 email info@centraldesert.nt.gov.au location 1Bagot Street Alice Springs NT 0870 post PO Box 2257 Alice Springs NT 0871

More information

PMI Risk Management Professional (PMI-RMP) Exam Content Outline

PMI Risk Management Professional (PMI-RMP) Exam Content Outline PMI Risk Management Professional (PMI-RMP) Exam Content Outline Project Management Institute PMI Risk Management Professional (PMI-RMP) Exam Content Outline Published by: Project Management Institute,

More information

TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL

TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL DRAFT TEAM PRODUCTIVITY DEVELOPMENT PROPOSAL An initial draft proposal to determine the scale, scope and requirements of a team productivity development improvement program for a potential client Team

More information

Federal Bureau of Investigation s Integrity and Compliance Program

Federal Bureau of Investigation s Integrity and Compliance Program Evaluation and Inspection Division Federal Bureau of Investigation s Integrity and Compliance Program November 2011 I-2012-001 EXECUTIVE DIGEST In June 2007, the Federal Bureau of Investigation (FBI) established

More information

Module 4. Risk assessment for your AML/CTF program

Module 4. Risk assessment for your AML/CTF program Module 4 Risk assessment for your AML/CTF program AML/CTF Programs Risk assessment for your AML/CTF program Page 1 of 27 Module 4 Risk assessment for your AML/CTF program Risk assessment for your AML/CTF

More information

MANAGING LEGAL RISK IN AN INTEGRATED GRC FRAMEWORK A BRIEFING PAPER. www.claytonutz.com

MANAGING LEGAL RISK IN AN INTEGRATED GRC FRAMEWORK A BRIEFING PAPER. www.claytonutz.com MANAGING LEGAL RISK IN AN INTEGRATED GRC FRAMEWORK A BRIEFING PAPER www.claytonutz.com BACKGROUND Organisations are finding that their stakeholders (particularly Boards) are seeking greater assurance of

More information

Aon Risk Solutions Aon Crisis Management. Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies

Aon Risk Solutions Aon Crisis Management. Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies Aon Risk Solutions Crisis Management Consulting Terrorism Probable Maximum Loss (PML) Studies A terrorist incident at or near your operations, could result in human casualties, property damage, business

More information

PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3)

PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3) PORTFOLIO, PROGRAMME & PROJECT MANAGEMENT MATURITY MODEL (P3M3) 1st February 2006 Version 1.0 1 P3M3 Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value

More information

Implementation of a Quality Management System for Aeronautical Information Services -1-

Implementation of a Quality Management System for Aeronautical Information Services -1- Implementation of a Quality Management System for Aeronautical Information Services -1- Implementation of a Quality Management System for Aeronautical Information Services Chapter IV, Quality Management

More information

A GOOD PRACTICE GUIDE FOR EMPLOYERS

A GOOD PRACTICE GUIDE FOR EMPLOYERS MITIGATING SECURITY RISK IN THE NATIONAL INFRASTRUCTURE SUPPLY CHAIN A GOOD PRACTICE GUIDE FOR EMPLOYERS April 2015 Disclaimer: Reference to any specific commercial product, process or service by trade

More information

Railway Management Maturity Model (RM 3 )

Railway Management Maturity Model (RM 3 ) Railway Management Maturity Model (RM 3 ) (Version 1.02) March 2011 Published by the Office of Rail Regulation 1 Contents Introduction... 1 Excellence in safety management systems... 3 Governance, policy

More information

Network Rail Infrastructure Projects Joint Relationship Management Plan

Network Rail Infrastructure Projects Joint Relationship Management Plan Network Rail Infrastructure Projects Joint Relationship Management Plan Project Title Project Number [ ] [ ] Revision: Date: Description: Author [ ] Approved on behalf of Network Rail Approved on behalf

More information

Audit of the Test of Design of Entity-Level Controls

Audit of the Test of Design of Entity-Level Controls Audit of the Test of Design of Entity-Level Controls Canadian Grain Commission Audit & Evaluation Services Final Report March 2012 Canadian Grain Commission 0 Entity Level Controls 2011 Table of Contents

More information

Purpose: Content: Definition: Benefits: outputs outcomes benefits Business Case dis-benefit Key Responsibilities: Approach: Executive Developed

Purpose: Content: Definition: Benefits: outputs outcomes benefits Business Case dis-benefit Key Responsibilities: Approach: Executive Developed Key Learning Points The Swirl Logo is a trade mark of the AXELOS Limited. Is used by the Project Board throughout the project to verify its continued viability:- Is the investment in this project still

More information

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface.

Contents. viii. 4 Service Design processes 57. List of figures. List of tables. OGC s foreword. Chief Architect s foreword. Preface. iii Contents List of figures List of tables OGC s foreword Chief Architect s foreword Preface Acknowledgements v vii viii 1 Introduction 1 1.1 Overview 4 1.2 Context 4 1.3 Purpose 8 1.4 Usage 8 2 Management

More information

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.

Governance and Risk Management in the Public Sector. Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb. Governance and Risk Management in the Public Sector Fernando A. Fernandez Inter-American Development Bank (202) 623-1430 e-mail: fernandof@iadb.org 1 Agenda Governance, why is it important? Compliance

More information

Quality Manual Quality Management System Description

Quality Manual Quality Management System Description Australian Government Security Vetting Agency Quality Manual Quality Management System Description Commonwealth of Australia 2013 This work is copyright. Apart from any use as permitted under the Copyright

More information

Five steps to Enterprise Risk Management

Five steps to Enterprise Risk Management risk decisions 2011 Five steps to Enterprise Risk Management by Val Jonas CEO Risk Decisions Group www.riskdecisions.com management solutions Val Jonas: Five steps to Enterprise Risk Management Five steps

More information

Enterprise Risk Management in Colleges and Universities

Enterprise Risk Management in Colleges and Universities Enterprise Risk Management in Colleges and Universities Cherry Bekaert & Holland, L.L.P. Neal Beggan, CISA, CRISC Shane Hester, CPA, CISA Cherry, Bekaert & Holland, L.L.P. The Firm of Choice. 1 Cherry,

More information

ENTERPRISE RISK MANAGEMENT POLICY

ENTERPRISE RISK MANAGEMENT POLICY ENTERPRISE RISK MANAGEMENT Approved by the Audit Committee on 14 February 2003 and adopted by resolution of the Board on 28 March 2003 Revisions approved by the Audit and Risk Committee on 14 February

More information

Chapter I: Fundamentals of Business Continuity Management

Chapter I: Fundamentals of Business Continuity Management Chapter I: Fundamentals of Business Continuity Management Objectives Define Business Continuity Management (BCM) Define the relationship between BCM and risk management Review BCM responsibilities Identify

More information

1.0 Policy Statement / Intentions (FOIA - Open)

1.0 Policy Statement / Intentions (FOIA - Open) Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies

More information

Policy 10.105: Enterprise Risk Management Policy

Policy 10.105: Enterprise Risk Management Policy Name: Responsibility: Complements: Enterprise Risk Management Framework Coordinator, Enterprise Risk Management Policy 10.105: Enterprise Risk Management Policy Date: November 2006 Revision Date(s): January

More information

RSA ARCHER OPERATIONAL RISK MANAGEMENT

RSA ARCHER OPERATIONAL RISK MANAGEMENT RSA ARCHER OPERATIONAL RISK MANAGEMENT 87% of organizations surveyed have seen the volume and complexity of risks increase over the past five years. Another 20% of these organizations have seen the volume

More information

White paper. Secure Cloud Services: An Integrated Approach

White paper. Secure Cloud Services: An Integrated Approach White paper Secure Cloud Services: An Integrated Approach Edition October 2013 Whitepaper Information Management Secure Cloud Services: An Integrated Approach Edition October 2013 Copyright 2013 EXIN All

More information

Strategic Risk Management for School Board Trustees

Strategic Risk Management for School Board Trustees Strategic Management for School Board Trustees A Management Process Framework May, 2012 Table of Contents Introduction Page I. Purpose....................................... 3 II. Applicability and Scope............................

More information

Project Risk Management. Presented by Stephen Smith

Project Risk Management. Presented by Stephen Smith Project Risk Management Presented by Stephen Smith Introduction Risk Management Insurance Business Financial Project Risk Management Project A temporary endeavour undertaken to create a unique product

More information

National Occupational Standards. Compliance

National Occupational Standards. Compliance National Occupational Standards Compliance NOTES ABOUT NATIONAL OCCUPATIONAL STANDARDS What are National Occupational Standards, and why should you use them? National Occupational Standards (NOS) are statements

More information

MoP Glossary of Terms - English

MoP Glossary of Terms - English English Term aggregated risk English Definition The overall level of risk to the portfolio when all the risks are viewed as a totality rather than individually. This could include the outputs of particular

More information

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc

MARCH 2012. Strategic Risk Policy Update March 2012 v1.10.doc MARCH 2012 Version 1.10 Strategic Risk Policy Update March 2012 v1.10.doc Document History Current Version Document Name Risk Management Policy Statement and Strategic Framework Last Updated By Alan Till

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.

CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg. Introduction CSR / Sustainability Governance and Management Assessment By Coro Strandberg Principal, Strandberg Consulting www.corostrandberg.com June 2015 Companies which adopt CSR or sustainability 1

More information

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational Risk Management - The Next Frontier The Risk Management Association (RMA) Operational risk is not new. In fact, it is the first risk that banks must manage, even before they make their first

More information

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:

More information

Attribute 1: COMMUNICATION

Attribute 1: COMMUNICATION The positive are intended for use as a guide only and are not exhaustive. Not ALL will be applicable to ALL roles within a grade and in some cases may be appropriate to a Attribute 1: COMMUNICATION Level

More information

EXECUTIVE SUMMARY...5

EXECUTIVE SUMMARY...5 Table of Contents EXECUTIVE SUMMARY...5 CONTEXT...5 AUDIT OBJECTIVE...5 AUDIT SCOPE...5 AUDIT CONCLUSION...6 KEY OBSERVATIONS AND RECOMMENDATIONS...6 1. INTRODUCTION...9 1.1 BACKGROUND...9 1.2 OBJECTIVES...9

More information

Building and implementing an effective local workforce strategy

Building and implementing an effective local workforce strategy Inspiring leaders to improve children s lives Building and implementing an effective local workforce strategy Module 4: project managing the workforce strategy development process August 2010 Resource

More information

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management

Enterprise Risk Management Framework 2012 2016. Strengthening our commitment to risk management Enterprise Risk Management Framework 2012 2016 Strengthening our commitment to risk management Contents Director-General s message... 3 Introduction... 4 Purpose... 4 What is risk management?... 4 Benefits

More information

Call topics. September 2013. 2013 SAF RA joint call on Human and organizational factors including the value of industrial safety

Call topics. September 2013. 2013 SAF RA joint call on Human and organizational factors including the value of industrial safety Call topics 2013 SAF RA joint call on Human and organizational factors including the value of industrial safety September 2013 SAF RA is an ERA-NET on industrial safety funded by the European Commission

More information