Christel Fouche

Inside ISO31000 – Risk Management Systems

  • February 16th, 2011

During the previous article we started to unpack  ISO31000: Risk Management – Principles and Guidelines standard. We looked at the framework encompassing the PDCA cycle; the user; terms and definitions; business principles; attributes of enhanced risk management and corporate governance.

In this article, I continue discussing ISO31000 and the Risk Management system.

Risk Management systems

A successful Risk Management system will be dependent upon setting the foundation correctly through the commitment of management and allocations of resources during designing, implementing, maintaining and monitoring the process at all levels.

Resources will include: competent manpower, accurate forecasting and spending, quality material, adequate and sufficient machines, following correct methods and marketing the management system effectively within and outside the organisation.

It is important to lay the correct foundation at all levels to ensure adequate reporting, effective communication, precise decision making and taking on accountability and responsibility at the relevant levels.

The necessary component of this process to manage risks in a responsible manner is illustrated below:

System components - Click for larger view

The illustration is a guiding tool only and is not intended to be prescriptive to management, but rather to assist the organization to integrate Risk Management into its overall management system. You should therefore use the above and adapt it to your own specific needs for success.

Should you have existing Risk Management processes in place then you need to assess it against this international standard to identify any shortcomings and to ensure continual improvement.

Ensuring success through sustained commitment

Management should sustain commitment to the risk management process through strategic planning and rigorous monitoring. Commitment at all levels should include management guidance on:

  • Defining and endorsing the risk management policy;
  • Ensuring that the organization’s culture and risk management policy are aligned;
  • Determining Risk Management performance indicators that align with performance indicators of the organization;
  • Aligning risk management objectives with the objectives and strategies of the organization;
  • Ensuring legal and regulatory compliance;
  • Assigning accountabilities and responsibilities at appropriate levels within the organization;
  • Ensuring that the necessary resources are allocated to risk management;
  • Communicating the benefits of risk management to all stakeholders; and;
  • Ensuring that the framework for managing risk continues to remain appropriate.

Designing the framework for managing risk

Before designing and implementing the risk management framework it is important to:

  • Understand the organization and its context;
  • Establishing a Risk Management policy;
  • Ensure accountability, responsibility, authority and competence;
  • Integration of the Risk Management process into all processes of the organization;
  • Making sure that there is adequate resources available;
  • Establishing effective internal communication and reporting mechanisms;
  • Establishing effective external communication and reporting mechanisms

The 3rd part of my look inside the ISO31000 standard will cover the foundational building blocks in detail as well as look at the implementation of the Risk Management process.

Leave a Reply

Recent Articles
Categories
External Links