ISO 31000

ISO 31000 Monitoring and Review – Final

Guest Post by Peter Holtmann (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

This article is the final of fourteen parts to our risk management series. The series will be taking a look at the risk management guidelines under the ISO 31000 Standard to help you better understand them and how they relate to your own risk management activities. In doing so, we’ll be walking through the core aspects of the Standard and giving you practical guidance on how to implement it.

In previous articles we’ve looked at the core elements of the risk management framework and the role of leadership and commitment, integration, design, implementation, evaluation and improvement more specifically. We’ve also briefly looked at the risk management process in a general sense, the importance of communication and consultation, how to set your scope, context and criteria, identifying, analysing and evaluating risks, and monitoring and reviewing risks. In this article, we’ll be looking at recording and reporting risks.

[Read more…]

by Greg Hutchins Leave a Comment

Baldrige Criteria Poses Challenges to the Quality Profession

Guest Post by James Kline (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

The title may sound strange given the Baldrige’s origin as the U.S. National Quality Award. Yet, its migration to a Performance Excellence Criteria and the addition of Cyber Security, Innovation, and Enterprise Risk Management (ERM) does pose challenges to the quality profession. This is particularly true since the many of the Baldrige examiners are quality professionals. [Read more…]

by Greg Hutchins Leave a Comment

Future of Conformity Assessment

We are seeing more global certification bodies create their own assurance and branded certification schemes.

Like ISO 31000 letter of conformance for airports.

Dubai Airports this week received a letter of conformance for ISO 31000 – 2009 Enterprise Risk Management from Lloyds’ Register Quality Assurance (LRQA). [Read more…]

by Fred Schenkelberg Leave a Comment

The Check Step of a Risk Management Framework

Planning and Implementing a risk management framework is an admirable accomplishment. Now make sure it is running well and will do so into the future.

As with any process, there will be opportunities to make improvements. By monitoring and reviewing your program you will find what is working well and what is not. [Read more…]

by Fred Schenkelberg Leave a Comment

Reliability and Implementing a Risk Management Plan

With the advent of ISO 31000 and other ISO standards suggesting organizational risk management practices, your organization may have or soon will implement a risk management plan. Reliability of your products, systems, or assets is an element of the organization’s risk profile.

As reliability professionals, your knowledge and skills are a natural fit within any risk management plan. You may focus exclusively on the reliability performance-related risks You may find the skills and tools to identify and mitigate risks play an important role beyond just reliability performance.

Large and small organizations face risks. The lines of communication differ as do the context, culture, and management practices between any two organization. The implementation of a risk management plan has to fit your organization.

Here are few general guidelines and practical considerations when implementing your organization’s risk management plan. [Read more…]

by Fred Schenkelberg 2 Comments

4 Considerations When Designing A Risk Management Program

The risk management framework in ISO 31000 provides a flexible approach to create the right program for your organization. The document doesn’t provide advice or wisdom, so you have to supply that yourself.

The details of the risk management program or specific framework in your organization includes policies, procedures, analysis, and reporting, yet it also has to work within the context of your organization.

Based on the work of Greg Hutchins in ISO 31000: Enterprise Risk Management here are four considerations to supplement your wisdom as you design and implement your program. [Read more…]

by Greg Hutchins Leave a Comment

ISO 31000 as an Enterprise Risk Management Standard

ISO 31000 is 23 pages long, but these pages provide an entry level Enterprise Risk Management (ERM) guideline.

Why is this important?

An organization develops ISO 31000 ERM capabilities to provide a structured, consistent, disciplined, and achievable approach to risk management that facilitates Risk Based Thinking throughout the organization. Risk Based Thinking is composed of 1. Risk based, problem solving (RB – PS) and 2. Risk based, decision making (RB –DM). Both RB – PS and RB – DM are the basis for all management and supervision. We discuss this in our new book: ISO 31000: Enterprise Risk Management.

Interestingly, we wrote a 230 page book packed with loads of information for a 23 page standard. And oh by the way, we could have written another 200 pages. [Read more…]

by Greg Hutchins Leave a Comment

Risk Assessment Benefits

Risk assessment is a critical element of ISO 31000 risk management framework. Risk assessment provides the requisite evidence based data and information for Risk Based Thinking, specifically risk based problem solving and risk based decision making. Using the appropriate risk assessment for the organization can determine how to treat and manage specific risks. [Read more…]

by Fred Schenkelberg 1 Comment

A Framework for Risk Management

Making or supporting decisions involving product or system reliability is fraught with uncertainty. Is it reliable enough? Will failures occur prematurely? Are failures dangerous?

Uncertainty is risk.

In recent years more organizations and international standard bodies have focused on risk management. Identifying, analyzing, and mitigating uncertainty in a systematic manner.

There is not a set way for every organization to organize a risk management process. The ISO 31000 standard does describe a framework for the implementation of risk management within your organization. [Read more…]

by Greg Hutchins Leave a Comment

ISO 31000 Challenges

ISO 31000 is going to be used more often as more ISO certified companies adopt Risk Based Thinking. However, ISO 31000 can be challenging. Why?

Interestingly, the descriptive nature of the ISO 31000 standard may well be its strength, but may also be its weakness. The standard without the proper guidance of a risk practitioner maybe come discretionary and even arbitrary.

ISO 9001:2015 has Risk Based Thinking requirements. Note ISO 31000 was developed in 2009 and is not harmonized with the new annex SL standards and ISO 9001:2015. [Read more…]

by Fred Schenkelberg 2 Comments

Definition of Risk Related to Reliability

Creating a reliable product that meets customer expectations is risky.

What is risk and how does one go about managing risk? The recent set of ISO standard updates elevates risk management.

A starting place is a definition. [Read more…]

by Greg Hutchins 6 Comments

ISO 31000 Principles of Risk Management

Guest Post by Greg Hutchins (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

ISO 31000 is organized around 11 risk management principles. A management principle refers to a fundamental idea, rule, or truth about a subject. ISO 31000 risk principles serve as the guideline, method, logic, design, and implementation for the risk management framework and its process. [Read more…]