ISO de internationale richtlijn voor risicomanagement
|
|
- Rosaline Merritt
- 8 years ago
- Views:
Transcription
1 ISO de internationale richtlijn voor risicomanagement Dick Hortensius NEN-Managementsystemen Agenda Achtergrond en ontwikkeling ISO Guide 73 en ISO De betekenis voor risicomanagers 1
2 overheid industrie consultancy wetenschap missie: normontwikkeling bevorderen toepassing normen kennis- en informatiecentrum normen 160 leden 30 leden Voor alle typen risico s. IT systems Clients Health, safety & environment Solvability Finance Natural events (external) safety Reputation Legal compliance 2
3 ISO 9000/INK/EFQM..zijn er wel normen ISO 14000/EMAS NTA 8620 VMS/BRZO OHSAS 18001/ VCA ISO Information security COSO HACCP/ISO SA 8000/ ISO 26000ISO Behoefte aan algemeen kader ISO 31000? Supply chain security Food safety Safety of machinery information OH&S security Finance quality environment 3
4 Terms of Reference Principles of and practical guidance to the risk management process Applicable to all types and sizes of organizations and all types of risk A guideline document and not to be used for certification Revision of ISO Guide 73 Risk management Vocabulary Cie. lid Creëren van draagvlak Delegatie/ stem Cielid Cie. lid nationale spiegel Normalisatie commissie proces ISO Technische Commissie Delegaties + stem andere landen Cie.lid documenten 4
5 ISO/IEC Guide 73 Risk management Vocabulary 49 termen en definities; belangrijkste: Risk External/Internal context Risk Management Risk Management Framework Risk Management Process Risk control Definition of Effect of uncertainty on objectives Uncertainty: deficiency of information related to or understanding or knowledge of an event, its consequences or likelihood event: occurance or change of a particular set of circumstances consequence: outcome of an event affecting objectives 5
6 Concept of + event consequence objectives - uncertainties Notes 1) An effect is a deviation from the expected - positive and/or negative. 2) Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product, and process). 3) Risk is often characterized by reference to potential events and consequences, or a combination of these.. 4) Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence. 6
7 ISO/IEC Guide 73 Risk management Vocabulary External/Internal context Risk Management Risk Management Framework Risk Management Process Risk control ISO scope Principles and generic guidelines on implementation of risk management Applicable to any organization and to a wide range of subjects Acknowledges the varying needs of specific situations Common approach to RM for standards Not intended for certification purposes 7
8 ISO Inhoud Terms and definitions Principles (for managing risk) Framework (for managing risk) Process (for managing risk) Annex: Attributes of enhanced RM a) Creates value b) Integral part of organizational processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic, structured and timely f) Based on best available information g) Tailored h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative and responsive to change k) Facilitates continual improvement and enhancement of the organization Principles for managing risk (Clause 3) 4.6 Continual improvement of the framework 4.2 Mandate and commitment 4.3 Design of framework for managing risk 4.5 Monitoring and review of the framework Framework for managing risk (Clause 4) 4.4 Implementing risk management Process for managing risk (Clause 5) 8
9 Principles of risk management (I) Risk management: Creates value Integral part of organizational processes Part of decision making Explicitly addresses uncertainty Systematic, structured and timely Based on best available information Principles of risk management (II) Risk management: Is tailored Takes human and cultural factors into account Is transparant and inclusive Is dynamic, iterative and responsive to change Facilitates continual improvement and enhancement 9
10 4.2 Mandate and commitment 4.3 Framework design for managing risk Understanding the organization and its context Risk management policy Integration into organizational processes Accountability Resources Establishing internal communication and reporting mechanisms Establishing external communication and reporting mechanisms 4.6 Continual improvement of the framework 4.4 Implementing risk management Implementing the framework for managing risk Implementing the risk management process 4.5 Monitoring and Review of the framework Figure 2 Elements of framework for managing risk 5.3 Establishing the context 5.4 Risk assessment Risk identification 5.2 Communication and consultation Risk analysis 5.6 Monitoring and review Risk evaluation 5.5 Risk treatment Figure 3 Risk management process 10
11 Ontwikkeling ISO New Work Item Proposal maart 2005 Instelling TMB/WG/RM juni 2005 Eerste WG vergadering sept 2005 Eerste Working Draft dec 2005 Draft International Standard apr 2008 Laatste WG vergadering nov 2008 Final Draft International Stndrd mei 2009 ISO Guide 73 nov 2009? Google test Juni 2008 Mei 2009 Risk Risk management Risk man standard ISO
12 Risk Risk management Risk man standard ISO Google test Juni Mei Risk Risk management Risk man standard ISO Quality Quality management Quality MS ISO 9001 Google test Juni Mei
13 Voordelen/kenmerken ISO Generiek: alle typen risico s Neutraal risicobegrip: bedreigingen en kansen in het licht van doelstellingen Samenhang tussen principes, managementraamwerk en proces Richtlijn, geen knellend keurslijf Compatibel met ISO managementsystemen 13
14 Voor wie en wat? Bestuurder: Kader voor integraal management Risicomanager Profilering eigen vakgebied KAM-manager Kader voor integratie deelsystemen Stakeholders Benchmark voor in control zijn Meer informatie? 14
ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk
Kevin W Knight AM CPRM; Hon FRMIA; FIRM (UK); LMRMIA: ANZIIF (Mem) ISO 31000:2009 - ISO/IEC 31010 & ISO Guide 73:2009 - New Standards for the Management of Risk History of the ISO and Risk Management Over
More informationThis is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines
AS/NZS ISO 31000:2009 Risk management Principles and guidelines AS/NZS ISO 31000:2009 This Joint Australian/New Zealand Standard was prepared by Joint Technical Committee OB-007, Risk Management. It was
More informationInformatiebeveiliging volgens ISO/IEC 27001:2013
Informatiebeveiliging volgens ISO/IEC 27001:2013 Dave Hagenaars, directeur BSI Group Nederland Copyright 2012 BSI. All rights reserved. Inhoud Wie zijn wij? Waarom informatiebeveiliging? Wat is de relevantie
More informationThis is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines
AS/NZS ISO 31000:2009 Risk management Principles and guidelines AS/NZS ISO 31000:2009 This Joint Australian/New Zealand Standard was prepared by Joint Technical Committee OB-007, Risk Management. It was
More informationRisk Management Basics - ISO 31000 Standard. Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company
Risk Management Basics - ISO 31000 Standard Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company Risk Management Basics - ISO 31000 Standard 1. Risk Management Basics 2. ISO 31000 Risk Management
More informationVoorbeeld. Preview ISO 10018 INTERNATIONAL STANDARD. Quality management Guidelines on people involvement and competence
INTERNATIONAL STANDARD ISO 10018 First edition 2012-09-01 Quality management Guidelines on people involvement and competence Dit document mag slechts op een stand-alone PC worden geinstalleerd. Gebruik
More informationWhen Recognition Matters WHITEPAPER ISO 31000 RISK MANAGEMENT PRINCIPLES AND GUIDELINES. www.pecb.com
When Recognition Matters WHITEPAPER ISO 31000 RISK MANAGEMENT PRINCIPLES AND GUIDELINES www.pecb.com CONTENT 3 4 4 5 7 7 7 7 8 Introduction An overview of ISO 31000:2009 Structure of ISO 31000:2009 Key
More informationIntegraal Risicomanagement De zin en onzin ervan... Harold Malaihollo Pelle van Vlijmen
Integraal Risicomanagement De zin en onzin ervan... Harold Malaihollo Pelle van Vlijmen Amsterdam, 20 september 2011 Uw Sprekers Harold Malaihollo Director Deloitte Financial Risk Management hmalaihollo@deloitte.nl
More informationRisk-Based Monitoring
Risk-Based Monitoring Evolutions in monitoring approaches Voorkomen is beter dan genezen! Roelf Zondag 1 wat is Risk-Based Monitoring? en waarom doen we het? en doen we het al? en wat is lastig hieraan?
More informationIt s all about relevance! De financiële professional als hoeder van waarde
www.pwc.nl De financiële professional als hoeder van waarde Robert van der Laan 31 oktober 2012 NBA-VRC Jaarcongres Headlines Integrated Reporting 2 Nothing in the world is so powerful as an idea whose
More informationFraud Risk Management
Fraud Risk Management Overview Discussion Questions 1) Does your organization follow a specific risk management model? If so, which one? Do you think this model adequately addresses the risks your organization
More informationPlatform voor Informatiebeveiliging IB Governance en management dashboards
Platform voor Informatiebeveiliging IB Governance en management dashboards Johan Bakker MSc CISSP ISSAP Principal Policy Advisor KPN Corporate Center Information Security Governance Agenda Drivers voor
More informationThe new ISO standard Standard Template
How Many Business Management Systems do we Need? Hunterston A, 26 September 2012 The new ISO standard Standard Template Graham Watson Integre Ltd. Outline Background to Annex SL ISO/IEC directives TMB
More informationInternal Audit Ambition Model
Internal Audit Ambition Model Agenda Achtergrond Aanpak Het IA AM Doelstelling De tool Self-assessment Toepassing Een voorbeeld Vervolgstappen Vragen Achtergrond Aanleiding Opdracht Commissie Professional
More informationVoorbeeld. Preview ISO 14518 INTERNATIONAL STANDARD. Cranes Requirements for test loads
INTERNATIONAL STANDARD ISO 14518 First edition 2005-02-01 Cranes Requirements for test loads Dit document mag slechts op een stand-alone PC worden geinstalleerd. Gebruik op een netwerk is alleen. toestaan
More informationISO/TC 176/SC 2 2014-07-10 2014-10-10. Quality management systems Requirements
DRAFT INTERNATIONAL STANDARD ISO/DIS 9001 ISO/TC 176/SC 2 Secretariat: BSI Voting begins on: Voting terminates on: 2014-07-10 2014-10-10 Quality management systems Requirements Systèmes de management de
More informationUnderstanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher
Understanding Enterprise Risk Management Presented by Dorothy Gjerdrum Arthur J Gallagher Learning Objectives Understand the components of a wellrun ERM program Review scope and process Explore the role
More informationISO 14001:2004 vs. ISO 14001:2015
ISO 14001:2004 vs. ISO 14001:2015 1. General Changes at the second Committee Draft Stage The new standard: Adopts high-level structure and terminology of Annex SL, a unified guideline used for the development
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...
More informationMarket Intelligence & Research Services. CRM Trends Overview. MarketCap International BV Januari 2011
Market Intelligence & Research Services CRM Trends Overview MarketCap International BV Januari 2011 Index 1. CRM Trends generiek 2. CRM & IT 3. CRM in Nederland 2011 2 Index 1. CRM Trends generiek 2. CRM
More informationInformation technology Security techniques Information security management systems Overview and vocabulary
INTERNATIONAL STANDARD ISO/IEC 27000 Third edition 2014-01-15 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de l information Techniques
More informationRisk Management The International Standard
Risk Management The International Standard John Crawley & Emer McAneny June 2014 Who I am Accountant Banker Businessman Trainer Turnaround Expert Risk Expert Agenda Strategy GRC Tolera nce Identifica tion
More informationVoorbeeld. Preview. praktijkrichtlijn Food safety management systems - Guidance on the application of ISO 22000:2005 (ISO/TS 22004:2005,IDT)
Nederlandse praktijkrichtlijn Food safety management systems - Guidance on the application of ISO 22000:2005 (ISO/TS 22004:2005,IDT) NPR-ISO/TS 22004 (en) november 2005 ICS 67.020 Dit document mag slechts
More informationAppendix 3 (normative) High level structure, identical core text, common terms and core definitions
Appendix 3 (normative) High level structure, identical core text, common terms and core definitions NOTE In the Identical text proposals, XXX = an MSS discipline specific qualifier (e.g. energy, road traffic
More informationDuurzaam Supply Management
Duurzaam Supply Management Risico s en kansen NEVI Inkoopdag 24 juni 2014 Programma FIRA: De 3 minuten van de sponsor Opwarmen, wat is MVO/MVI eigenlijk? ING: De uitdaging van transparantie Vragen en discussie
More informationHet Secure Datacenter
Het Secure Datacenter If trust and reliability matters Michiel Steltman CTO Siennax Drivers voor IT Security Financiële aansprakelijkheid Sox, Basel II Persoonlijke aansprakelijkheid van managers Operationele
More informationHuman Rights analyse in Shell. National Sustainability Congress, 17 maart 2005
Human Rights analyse in Shell National Sustainability Congress, 17 maart 2005 Inhoud Introductie en context van mensenrechten binnen Shell HRCA tool uitgelegd Case study Oman Shell General Business Principles
More informationInformation Security Governance
Information Security Governance Aart Bitter Aart.Bitter@information-security-governance.com Agenda Governance & Compliance Information Security Governance Aanpak om information security governance in organisaties
More informationIC Rating NPSP Composieten BV. 9 juni 2010 Variopool
IC Rating NPSP Composieten BV 9 juni 2010 Variopool AGENDA: The future of NPSP Future IC Rating TM NPSP Composieten BV 2 Bottom line 3 Bottom line 4 Definition of Intangibles The factors not shown in the
More informationISO 9001: 2008 Boosting quality to differentiate yourself from the competition. xxxx November 2008
ISO 9001: 2008 Boosting quality to differentiate yourself from the competition xxxx November 2008 ISO 9001 - Periodic Review ISO 9001:2008 Periodic Review ISO 9001, like all standards is subject to periodic
More informationSoftware quality management
Software quality management Jaak Tepandi Tallinn University of Technology Institute of Informatics Moodle: Software Quality (Tarkvara kvaliteet) Alternate download: tepandi.ee Part 3: Context and content
More informationWhat changes will ISO 9001:2015 bring?
What changes will ISO 9001:2015 bring? 1 Introduction This presentation will cover the following topics: The ISO 9001 Revision Process Key Inputs to ISO 9001:2015 The High Level Structure Key Changes in
More informationLinking Risk Management to Business Strategy, Processes, Operations and Reporting
Linking Risk Management to Business Strategy, Processes, Operations and Reporting Financial Management Institute of Canada February 17 th, 2010 KPMG LLP Agenda 1. Leading Practice Risk Management Principles
More informationISACA Roundtable. Cobit and Grab@Pizza 7 september 2015
1 ISACA Roundtable 7 september 2015 ISACA Roundtable Cobit and Grab@Pizza 7 september 2015 2015 KPN Corporate Market B.V. ISACA, is a registered trademark of the Information Systems Audit and Control Association
More informationVoorbeeld. Preview. Diagrams for the chemical and petrochemical industry. Part 1: Specification of diagrams
INTERNATIONAL STANDARD ISO 10628-1 First edition 2014-09-15 Dit document mag slechts op een stand-alone PC worden geinstalleerd. Gebruik op een netwerk is alleen. toestaan als een aanvullende licentieovereenkomst
More informationDistributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015
Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015 Today s Agenda What are we talking about today? What is Risk Evolution of risk management Understand the importance of Risk
More informationWELKOM! 7 DECEMBER 2015 Klankbordgroepbijeenkomst ISO 20400 Maatschappelijk Verantwoord Inkopen
WELKOM! 7 DECEMBER 2015 Agenda Update proces ISO-20400 Karin van IJsselmuide ISO-26000 als basis voor ISO-20400 Hans Kröder Opzet en inhoud ISO 20400 Karin van IJsselmuide/Karin Thomas Discussie en wrap-up
More informationVoorbeeld. Preview. NPR-ISO/IEC TR 18044 (en) IT security techniques - Information security incident management (ISO/IEC TR 18044:2004,IDT)
Nederlandse praktijkrichtlijn IT security techniques - Information security incident management (ISO/IEC TR 18044:2004,IDT) NPR-ISO/IEC TR 18044 (en) november 2004 ICS 35.040 Als Nederlandse praktijkrichtlijn
More informationDisclosure to Promote the Right To Information
इ टरन ट म नक Disclosure to Promote the Right To Information Whereas the Parliament of India has set out to provide a practical regime of right to information for citizens to secure access to information
More informationElectronic Circumstances - IEC Safety and Security
Dit document mag slechts op een stand-alone PC worden geinstalleerd. Gebruik op een netwerk is alleen. toestaan als een aanvullende licentieovereenkomst voor netwerkgebruik met NEN is afgesloten. This
More informationINTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT
INTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT AGENDA Introduction Annex SL Changes to ISO 9001 Future Development How SGS can support you 2 INTRODUCTION ISO 9001 Revision Committee Draft Issued 2013
More informationDuurzaam Supply Management
Duurzaam Supply Management Risico s en kansen NEVI Inkoopdag 24 juni 2014 Programma FIRA: De 3 minuten van de sponsor Opwarmen, wat is MVO/MVI eigenlijk? ING: De uitdaging van transparantie Vragen en discussie
More informationRethinking and reshaping Organizational systems in time of changes: The Process of Risk Management in Istat. Fabrizio Rotundi.
Rethinking and reshaping Organizational systems in time of changes: The Process of Risk Management in Istat Fabrizio Rotundi Directorate general Head of Coordination Office for the implementation and innovation
More informationVoorbeeld. Preview ISO 15031-6 INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO 15031-6 Second edition 2010-08-15 Dit document mag slechts op een stand-alone PC worden geinstalleerd. Gebruik op een netwerk is alleen. toestaan als een aanvullende licentieovereenkomst
More informationJeroen Walterus jeroen.walterus@vcv.be. The MICHAEL Project is funded under the European Commission eten Programme
Jeroen Walterus jeroen.walterus@vcv.be The MICHAEL Project is funded under the European Commission eten Programme Overzicht International framework The MICHAEL PLUS project http://www.michael-culture.eu
More informationPrivate Equity Survey 2011
Private Equity Survey 2011 Success of portfolio companies through quality of management and organization. Herman D. Koning Ron Jansen February 9, 2011 1 This afternoon 14.30 Reception 15.00 Welcome by
More informationISO 31000 and Risk Management
ISO 31000 and Risk Management August 19, 2010 What is risk? All management is risk management! Risk Management Boot camp Threat + Vulnerability = Risk Risk Controls = Residual Risk Residual Risk Probability
More informationVoorbeeld B C. Preview ISO/IEC 9834-3 INTERNATIONAL STANDARD
INTERNATIONAL STANDARD ISO/IEC 9834-3 Second edition 1998-10-01 Dit document mag slechts op een stand-alone PC worden geinstalleerd. Gebruik op een netwerk is alleen. toestaan als een aanvullende licentieovereenkomst
More informationISO/IEC/IEEE 29119 The New International Software Testing Standards
ISO/IEC/IEEE 29119 The New International Software Testing Standards Stuart Reid Testing Solutions Group 117 Houndsditch London EC3 UK Tel: 0207 469 1500 Fax: 0207 623 8459 www.testing-solutions.com 1 Stuart
More informationNederlandse norm NEN-ISO/IEC 27018. (en)
Nederlandse norm Dit document mag slechts op een stand-alone PC worden geinstalleerd. Gebruik op een netwerk is alleen. toestaan als een aanvullende licentieovereenkomst voor netwerkgebruik met NEN is
More informationUpdates on CD/ISO 9001:2015
Updates on CD/ISO 9001:2015 Presented by Zainab Ibrahim, Senior Auditor, TUV SUD PSB Pte Ltd 30 th January 2014 27/01/2014 Corporate Presentation Slide 1 Agenda 1 About ISO 9001 & the Revision Timeline
More informationIT-waardeketen management op basis van eeuwenoude supply chain kennis
IT-waardeketen management op basis van eeuwenoude supply chain kennis Hans van Aken / November 28, 2012 Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject
More informationXBRL? Status Crash software vendors workshop. Transforming Assurance. Paul Snijders
? Status Crash software vendors workshop Paul Snijders Update SBR Nederland Internationaal Standaards Projects Nederland inhaalslag met Banken Verkorte Winstaangifte (horizontaal toezicht) stands for
More informationUnderstanding, Knowledge, and Awareness of ISO 9001:2015. Dr Nigel H Croft Chair, ISO/TC176/SC2 (Quality Systems) June 23, 2014
Understanding, Knowledge, and Awareness of ISO 9001:2015 Dr Nigel H Croft Chair, ISO/TC176/SC2 (Quality Systems) June 23, 2014 TÜV SÜD Presenter Dr Nigel H Croft Chair, ISO/TC176/SC2 (Quality Systems)
More informationKansen in KP7 NMP. Aansluitend op de HTSM Roadmap Nanotechnologie. 11 juni 2012. Melvin A. Kasanrokijat
Kansen in KP7 NMP Aansluitend op de HTSM Roadmap Nanotechnologie 11 juni 2012 Melvin A. Kasanrokijat Mogelijkheden in KP7 - Cooperation Groot programma met 10 verschillende thema s NMP, ICT, Health, Energy,
More informationVoorbeeld. Preview ISO 22006 INTERNATIONAL STANDARD. Quality management systems Guidelines for the application of ISO 9001:2008 to crop production
INTERNATIONAL STANDARD ISO 22006 First edition 2009-12-15 Dit document mag slechts op een stand-alone PC worden geinstalleerd. Gebruik op een netwerk is alleen. toestaan als een aanvullende licentieovereenkomst
More informationRisk, Risk Assessments and Risk Management. Christopher Bowler CPA, CISA August 10, 2015
+ Risk, Risk Assessments and Risk Management Christopher Bowler CPA, CISA August 10, 2015 + Agenda A Few Thoughts Fundamentals of Risk Assessments Fundamentals of Risk Management Assessments vs. Management
More informationHoofdstuk 2 Samenwerking en afstemming in de zorgketen
Bijlage 3 Zoekstrategieën Hoofdstuk 2 Samenwerking en afstemming in de zorgketen Database Zoektermen 1 Premature Birth/ (2657) 2 exp infant, low birth weight/ or infant, premature/ (49701) 3 (((preterm
More informationApplying Integrated Risk Management Scenarios for Improving Enterprise Governance
Applying Integrated Risk Management Scenarios for Improving Enterprise Governance János Ivanyos Trusted Business Partners Ltd, Budapest, Hungary, ivanyos@trusted.hu Abstract: The term of scenario is used
More informationTECHNICAL REPORT. Solar Energy - Field Pyranometers - Recommended practice for use
TECHNICAL REPORT Is0 TR 9901 First edition 1990-08-O a Dit document mag slechts op een stand-alone PC worden geinstalleerd. Gebruik op een netwerk is alleen. toestaan als een aanvullende licentieovereenkomst
More informationIndustrial communication networks Network and system security Part 2-1: Establishing an industrial automation and control system security program
INTERNATIONAL STANDARD IEC 62443-2-1 Edition 1.0 2010-11 colour inside Dit document mag slechts op een stand-alone PC worden geinstalleerd. Gebruik op een netwerk is alleen. toestaan als een aanvullende
More information