Академический Документы
Профессиональный Документы
Культура Документы
Germany Bill on The Control and Transparency of organizations Kon TraG Bill
US Business Round Table NYSE listing Requirements Blue Ribbon Commission Sarbanes Oxley Act COSO ERM Framework Canada Toronto Stock Exchange Committee Canadian Securities Committee Allen committee Report COCO South Africa Code of Best Practice King Report I, II, III Stakeholder Communication Public Finance Mgmt Act
Japan Corporate Governance Forum of Japan J-SOX Australia/New Zeal AS/NZS 4360:2004 Stock Exchange Listing New Accounting Standards Best Practice Stmt Mgmt
ISO (International Organization for Standardization) is the world's largest developer and publisher of International Standards. Established in 1947, ISO is a network of the national standards institutes of 159 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system.
Combined ISO 31000 and Implementation Guidance for Canadian organizations: Q31001-11 Canada
Placed a stronger emphasis on
senior management support of risk management Linking risk management to organizational performance
Clarified
Sensitivities in managing risks to the public Maturity model for risk management in organizations Risk management process examples Correct links between risk appetite, risk tolerance and risk rating concepts
After Adoption
BSI 31100 updated Code of Practice CSA Canadian implementation guide NSAI Irelands implementation guide Austria three guidelines: embedding risk management, risk assessment & linking to business continuity processes Australia & New Zealand issued handbooks Japan created guidance (in Japanese)
Primary Audience
Those accountable for the governance of organizations Those accountable for managing organizations Practitioners providing advice and services to assist decision-makers Those who provide assurance regarding the effectiveness of risk management
What is risk??
Risk is present in everything we do. ISO 31000, the international standard on risk management, defines it this way: Risk = the affect of uncertainty on your objectives. Risk can be a threat or an opportunity Anything that could harm, prevent, delay or enhance your ability to achieve your objectives = risk
Principles
Creates value Integral part of organizational processes Part of decision making Explicitly addresses uncertainty Systematic, structured & timely Based on best available info Tailored Takes human & cultural factors into account Transparent & inclusive Dynamic, iterative & responsive to change Facilitates continual improvement & enhancement of the org
Framework
Mandate & Commitment
RM Process
Risk analysis
Risk evaluation
Risk treatment
Internal Context Governance, organizational structure, roles & accountabilities Policies, objectives & strategy Capabilities & resources Info systems Organizational culture Contractual relationships Relationships with, perceptions & values of internal stakeholders
Comply with relevant legal and regulatory requirements and international norms Improve mandatory and voluntary reporting Improve operational effectivness & efficiency Improve stakeholder confidence and trust Establish a reliable basis for decision making & planning Improve controls Improve governance
Survey Participants
Select Results
65% - familiar with or knowledgeable about ISO 31000
93% of Australian respondents 67% of UK respondents 47% of US respondents
35% - no knowledge
7% of Australian respondents 33% of UK respondents 53% of US respondents