ISO 31000 de internationale richtlijn voor risicomanagement



Similar documents
ISO 31000: ISO/IEC & ISO Guide 73: New Standards for the Management of Risk

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines

Informatiebeveiliging volgens ISO/IEC 27001:2013

This is a free 9 page sample. Access the full version online. AS/NZS ISO 31000:2009 Risk management Principles and guidelines

Risk Management Basics - ISO Standard. Louis Kunimatsu, CRISC IT Security & Strategy, Ford Motor Company

Voorbeeld. Preview ISO INTERNATIONAL STANDARD. Quality management Guidelines on people involvement and competence

When Recognition Matters WHITEPAPER ISO RISK MANAGEMENT PRINCIPLES AND GUIDELINES.

Integraal Risicomanagement De zin en onzin ervan... Harold Malaihollo Pelle van Vlijmen

Risk-Based Monitoring

It s all about relevance! De financiële professional als hoeder van waarde

Fraud Risk Management

Platform voor Informatiebeveiliging IB Governance en management dashboards

The new ISO standard Standard Template

Internal Audit Ambition Model

Voorbeeld. Preview ISO INTERNATIONAL STANDARD. Cranes Requirements for test loads

ISO/TC 176/SC Quality management systems Requirements

Understanding Enterprise Risk Management. Presented by Dorothy Gjerdrum Arthur J Gallagher

ISO 14001:2004 vs. ISO 14001:2015

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Market Intelligence & Research Services. CRM Trends Overview. MarketCap International BV Januari 2011

Information technology Security techniques Information security management systems Overview and vocabulary

Risk Management The International Standard

Voorbeeld. Preview. praktijkrichtlijn Food safety management systems - Guidance on the application of ISO 22000:2005 (ISO/TS 22004:2005,IDT)

Appendix 3 (normative) High level structure, identical core text, common terms and core definitions

Duurzaam Supply Management

Het Secure Datacenter

Human Rights analyse in Shell. National Sustainability Congress, 17 maart 2005

Information Security Governance

IC Rating NPSP Composieten BV. 9 juni 2010 Variopool

ISO 9001: 2008 Boosting quality to differentiate yourself from the competition. xxxx November 2008

Software quality management

What changes will ISO 9001:2015 bring?

Linking Risk Management to Business Strategy, Processes, Operations and Reporting

ISACA Roundtable. Cobit and 7 september 2015

Voorbeeld. Preview. Diagrams for the chemical and petrochemical industry. Part 1: Specification of diagrams

Distributor Liability Contract Risk Management THOMAS DOUGLASS APRIL 15, 2015

WELKOM! 7 DECEMBER 2015 Klankbordgroepbijeenkomst ISO Maatschappelijk Verantwoord Inkopen

Voorbeeld. Preview. NPR-ISO/IEC TR (en) IT security techniques - Information security incident management (ISO/IEC TR 18044:2004,IDT)

Disclosure to Promote the Right To Information

Electronic Circumstances - IEC Safety and Security

INTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT

Duurzaam Supply Management

Rethinking and reshaping Organizational systems in time of changes: The Process of Risk Management in Istat. Fabrizio Rotundi.

Voorbeeld. Preview ISO INTERNATIONAL STANDARD

Jeroen Walterus The MICHAEL Project is funded under the European Commission eten Programme

Private Equity Survey 2011

ISO and Risk Management

Voorbeeld B C. Preview ISO/IEC INTERNATIONAL STANDARD

ISO/IEC/IEEE The New International Software Testing Standards

Nederlandse norm NEN-ISO/IEC (en)

Updates on CD/ISO 9001:2015

IT-waardeketen management op basis van eeuwenoude supply chain kennis

XBRL? Status Crash software vendors workshop. Transforming Assurance. Paul Snijders

Understanding, Knowledge, and Awareness of ISO 9001:2015. Dr Nigel H Croft Chair, ISO/TC176/SC2 (Quality Systems) June 23, 2014

Kansen in KP7 NMP. Aansluitend op de HTSM Roadmap Nanotechnologie. 11 juni Melvin A. Kasanrokijat

Voorbeeld. Preview ISO INTERNATIONAL STANDARD. Quality management systems Guidelines for the application of ISO 9001:2008 to crop production

Risk, Risk Assessments and Risk Management. Christopher Bowler CPA, CISA August 10, 2015

Hoofdstuk 2 Samenwerking en afstemming in de zorgketen

Applying Integrated Risk Management Scenarios for Improving Enterprise Governance

TECHNICAL REPORT. Solar Energy - Field Pyranometers - Recommended practice for use

Industrial communication networks Network and system security Part 2-1: Establishing an industrial automation and control system security program

Transcription:

ISO 31000 de internationale richtlijn voor risicomanagement Dick Hortensius NEN-Managementsystemen Agenda Achtergrond en ontwikkeling ISO Guide 73 en ISO 31000 De betekenis voor risicomanagers 1

overheid industrie consultancy wetenschap missie: normontwikkeling bevorderen toepassing normen kennis- en informatiecentrum normen 160 leden 30 leden Voor alle typen risico s. IT systems Clients Health, safety & environment Solvability Finance Natural events (external) safety Reputation Legal compliance 2

ISO 9000/INK/EFQM..zijn er wel normen ISO 14000/EMAS NTA 8620 VMS/BRZO OHSAS 18001/ VCA ISO 27001 Information security COSO HACCP/ISO 22000 SA 8000/ ISO 26000ISO 28000 Behoefte aan algemeen kader ISO 31000? Supply chain security Food safety Safety of machinery information OH&S security Finance quality environment 3

Terms of Reference Principles of and practical guidance to the risk management process Applicable to all types and sizes of organizations and all types of risk A guideline document and not to be used for certification Revision of ISO Guide 73 Risk management Vocabulary Cie. lid Creëren van draagvlak Delegatie/ stem Cielid Cie. lid nationale spiegel Normalisatie commissie proces ISO Technische Commissie Delegaties + stem andere landen Cie.lid documenten 4

ISO/IEC Guide 73 Risk management Vocabulary 49 termen en definities; belangrijkste: Risk External/Internal context Risk Management Risk Management Framework Risk Management Process Risk control Definition of Effect of uncertainty on objectives Uncertainty: deficiency of information related to or understanding or knowledge of an event, its consequences or likelihood event: occurance or change of a particular set of circumstances consequence: outcome of an event affecting objectives 5

Concept of + event consequence objectives - uncertainties Notes 1) An effect is a deviation from the expected - positive and/or negative. 2) Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product, and process). 3) Risk is often characterized by reference to potential events and consequences, or a combination of these.. 4) Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence. 6

ISO/IEC Guide 73 Risk management Vocabulary External/Internal context Risk Management Risk Management Framework Risk Management Process Risk control ISO 31000 scope Principles and generic guidelines on implementation of risk management Applicable to any organization and to a wide range of subjects Acknowledges the varying needs of specific situations Common approach to RM for standards Not intended for certification purposes 7

ISO 31000 Inhoud Terms and definitions Principles (for managing risk) Framework (for managing risk) Process (for managing risk) Annex: Attributes of enhanced RM a) Creates value b) Integral part of organizational processes c) Part of decision making d) Explicitly addresses uncertainty e) Systematic, structured and timely f) Based on best available information g) Tailored h) Takes human and cultural factors into account i) Transparent and inclusive j) Dynamic, iterative and responsive to change k) Facilitates continual improvement and enhancement of the organization Principles for managing risk (Clause 3) 4.6 Continual improvement of the framework 4.2 Mandate and commitment 4.3 Design of framework for managing risk 4.5 Monitoring and review of the framework Framework for managing risk (Clause 4) 4.4 Implementing risk management Process for managing risk (Clause 5) 8

Principles of risk management (I) Risk management: Creates value Integral part of organizational processes Part of decision making Explicitly addresses uncertainty Systematic, structured and timely Based on best available information Principles of risk management (II) Risk management: Is tailored Takes human and cultural factors into account Is transparant and inclusive Is dynamic, iterative and responsive to change Facilitates continual improvement and enhancement 9

4.2 Mandate and commitment 4.3 Framework design for managing risk 4.3.1 Understanding the organization and its context 4.3.2 Risk management policy 4.3.3 Integration into organizational processes 4.3.4 Accountability 4.3.5 Resources 4.3.6 Establishing internal communication and reporting mechanisms 4.3.7 Establishing external communication and reporting mechanisms 4.6 Continual improvement of the framework 4.4 Implementing risk management 4.4.1 Implementing the framework for managing risk 4.4.2 Implementing the risk management process 4.5 Monitoring and Review of the framework Figure 2 Elements of framework for managing risk 5.3 Establishing the context 5.4 Risk assessment 5.4.2 Risk identification 5.2 Communication and consultation 5.4.3 Risk analysis 5.6 Monitoring and review 5.4.4 Risk evaluation 5.5 Risk treatment Figure 3 Risk management process 10

Ontwikkeling ISO 31000 New Work Item Proposal maart 2005 Instelling TMB/WG/RM juni 2005 Eerste WG vergadering sept 2005 Eerste Working Draft dec 2005 Draft International Standard apr 2008 Laatste WG vergadering nov 2008 Final Draft International Stndrd mei 2009 ISO 31000 + Guide 73 nov 2009? Google test Juni 2008 Mei 2009 Risk Risk management Risk man standard ISO 31000 378.000.000 36.200.000 21.200 2.840 11

Risk Risk management Risk man standard ISO 31000 Google test Juni 2008 378.000.000 36.200.000 21.200 2.840 Mei 2009 291.000.000 23.400.000 28.000 21.400 Risk Risk management Risk man standard ISO 31000 Quality Quality management Quality MS ISO 9001 Google test Juni 2008 378.000.000 36.200.000 21.200 2.840 Mei 2009 291.000.000 23.400.000 28.000 21.400 868.000.000 9.710.000 77.500 24.000.000 12

Voordelen/kenmerken ISO 31000 Generiek: alle typen risico s Neutraal risicobegrip: bedreigingen en kansen in het licht van doelstellingen Samenhang tussen principes, managementraamwerk en proces Richtlijn, geen knellend keurslijf Compatibel met ISO managementsystemen 13

Voor wie en wat? Bestuurder: Kader voor integraal management Risicomanager Profilering eigen vakgebied KAM-manager Kader voor integratie deelsystemen Stakeholders Benchmark voor in control zijn Meer informatie? www.nen.nl dick.hortensius@nen.nl 14

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information