Brief description of the standard, objectives, performance, scope and possible corrections. |
Risk Management (ISO 31000)
"Organizations, no matter what your activity and size, face a number of risks that may affect the achievement of its objectives." Kevin W. Knight , Chair of the ISO working group that developed thestandard.
All activities of an organization are subject permanently to a series of threats, making them highly vulnerable, compromising its stability. Operational accidents, disease, fire or other natural disasters are an example of this situation, not to mention the threats inherent in theirbusiness.
Traditionally, organizations have addressed these risks mediating response strategies and specific solutions. However, experience has shown that the elements of risk and the factors that determine the impact of its effects on a system, are the same for all risks involved in an organization. Therefore, the modern trend is to use a holistic approach to their management known as"Enterprise Risk Management" (ERM), to assess, manage and communicate these risks in a comprehensive manner, based on strategic objectives organization.
Comprehensive risk management has gained momentum in recent years, especially from the nineties, which has led to the emergence of "Risk Management Models", some more specific, such as: COSO, ISO 14000, ISO 22000, OHSAS, etc.. and other more global asthe standard AS / NZS 4630 or ISO 31000.
Basic Principles for Risk Management
For efficiency, risk management in an organization should take into account the following principles:
Creates value. Contributes to achieving objectives and improving aspects such as safety and health, legal and regulatory compliance, environmental protection, etc..
It is integrated into the processes of anorganization. It should be understood as an isolated activity but as part of the activities and key processes of an organization.
Part of the decision-making. Risk management helps decision-making information to evaluate alternatives.
Deals explicitly with uncertainty. Risk management concerns aspects of decision making that are uncertain, the nature of that uncertainty and may be treated.
It issystematic, structured and appropriate. Contributes to efficiency and, consequently, to obtain reliable results.
It is based on the best information available. The inputs of the risk management process are based upon sources of information and experience, observation, forecasts and expert opinion.
Is tailor-made. Risk management is aligned with the external and internal context of the organizationand its risk profile.
It takes into account human and cultural factors. Recognizes the ability, perception and intentions of people, both external and internal, which may facilitate or hinder the achievement of the objectives of the organization.
It is transparent and inclusive. Proper and timely participation of interest groups (stakeholders), and in particular, those responsible at all levelsensures that risk management remains relevant and current.
It is dynamic, iterative and responsive to change. The organization must ensure that risk management to detect and respond to business changes.
Facilitates continuous improvement of the organization. Organizations should develop and implement strategies for continuous improvement, both in the management of risk as any other aspect of theorganization.
ISO 31000. Structure of the standard.
The variety, complexity and nature of risks can be very diverse so this new international standard developed by the ISO (International Standarization of Organization) offers generic guidelines on managing risks in a systematic and transparent.
The design and implementation of risk management will depend on the different needs of each...