Risk management. Guidance for the implementation of ISO 31000

All management standards have requirements for different aspects of improvements on the personal level, family level, company level, in business and life. What is about national level and country level? Is it possible for today’s generations to learn history of nations and of civilizations? If it is — ok, let’s apply it on actual time and people to have less problems and difficulties — especially if is actual in field of risk management. Majority of people are occupied by today’s problems. They don’t consider past and future challenges. People from each country strive for better quality, better and cleaner environment, higher safety etc. historically and today. But could we remember: How did Genghis Khan conquer many regions and how was he defeated? How did Mayas and Aztecs die out? How were Native Americans in North America drastically reduced in numbers? How did the Roman Imperium vanish? How was the Ottoman Imperium established and how it vanished? How many people were killed in the wars in XX century, etc? In all these catastrophic changes risks were not considered in an adequate way. Requirements of risk management — Principles and guidelines — ISO 31000:2009 are very consultative. They could be used on country level, national level, regional level, continental and intercontinental level.

Download Full-text

Risk management � Guidelines on using ISO 31000 in management systems

10.3403/30416550 ◽

2020 ◽

Cited By ~ 1

Keyword(s):

Risk Management ◽

Management Systems ◽

Management Guidelines ◽

Iso 31000

Download Full-text

Does the hiring of chief risk officers align with the COSO/ISO enterprise risk management frameworks?

International Journal of Accounting and Information Management ◽

10.1108/ijaim-04-2016-0037 ◽

2017 ◽

Vol 25 (3) ◽

pp. 274-295 ◽

Cited By ~ 2

Author(s):

Erastus Karanja

Keyword(s):

Risk Management ◽

Enterprise Risk Management ◽

Clear Understanding ◽

Press Releases ◽

Apparent Lack ◽

Content Type ◽

Business Operations ◽

Enterprise Risk ◽

The Press ◽

Iso 31000

Purpose There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation. Design/methodology/approach The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic. Findings The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives. Originality/value There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

Download Full-text

Risk management in the healthcare safety management system

Journal of Digital Science ◽

10.33847/2686-8296.3.1_4 ◽

2021 ◽

Vol 3 (1) ◽

pp. 41-53

Author(s):

Yuriy Voskanyan ◽

Irina Shikina ◽

Fedor Kidalov ◽

David Davidov ◽

Tatiana Abrosimova

Keyword(s):

Risk Management ◽

Management System ◽

Safety Management ◽

Medical Organization ◽

Safety Management System ◽

Risk Management Process ◽

Iso 31000 ◽

Main Components ◽

Processing Subsystem ◽

To Receive

The paper discusses the main components of the modern system of risk management in medicine. Using the ISO 31000 standard of risk management and the ARIS integrated modeling environment, the authors have built a model of the risk management process in a medical organization, including the accounting subsystem, the risk analysis subsystem, and the risk processing subsystem. The concept of risk management proposed in the article is formulated on the basis of a system safety model, which assumes that adverse events related to the provision of medical care are based on systemic causes that under certain conditions turn into a hazard, and the latter is used to receive active threats and incidents. The risk management system is an executive block of the safety management system in a medical organization, which includes (in addition to risk management) an ideological block (a new safety culture) and an educational block (an organizational learning subsystem).

Download Full-text

RISK MANAGEMENT SYSTEM ON RAILWAY TRANSPORT

Market Infrastructure ◽

10.32843/infrastruct58-13 ◽

2021 ◽

Author(s):

Olena Tsvirko ◽

Denys Krylov

Keyword(s):

Risk Management ◽

Management System ◽

Large Scale ◽

Structural Reform ◽

Railway Transport ◽

Short Term ◽

Risk Assessment Models ◽

Risk Management System ◽

Risk Management Process ◽

Iso 31000

The article considers the concept of "risk in railway transport", identifies the types of risks that exist in the railway transport of Ukraine; determined that the processes of transformation of economic relations in Ukraine require the deepening of theoretical and practical developments in risk management in the field of railway transport; the risk management process according to the ISO 31000: 2018 standard is given; according to the implemented Strategy and Policy of JSC "Ukrzaliznytsia" the main tasks of the risk management system are defined and the risk map of JSC "Ukrzaliznytsia" is developed; The results of the structural reform of railway transport were insufficient to create effective sources of development in the short term, which will ensure large-scale attraction of funds for the development of the industry and its modernization. The results of the structural reform of railway transport were insufficient to create effective sources of development in the short term, which will ensure large-scale attraction of funds for the development of the industry and its modernization. Many types of risks that need to be assessed, as well as different purposes of assessing the same type of risk (for the purposes of state supervision and company purposes) provide JSC "Ukrzaliznytsia" a real challenge in terms of building risk assessment models. The task of applying the method of assessing a specific type of risk is significantly different from the task of building a methodology for assessing the risks of a large company. In solving this problem, it is important to keep in mind that a method successfully applied in one area may be completely ineffective in another. Risk classification of JSC "Ukrzaliznytsia" should be carried out taking into account the existing management structure, as well as the tasks to be solved at each level of management; the effect of the risk management system should be synergistic, each element of each level of management should be effective: from the structural unit at the linear level to the department of the corporate level of management. Currently, for the company's internal purposes, several dozen risks have been formulated related to various areas of life of JSC UZ: from financial activities to locomotive maintenance and innovative development.

Download Full-text

An Ontological and Semantic Foundation for Safety and Security Science

10.20944/preprints201910.0366.v1 ◽

2019 ◽

Author(s):

Peter Blokland ◽

Genserik Reniers

Keyword(s):

Security Risk ◽

Industrial Parks ◽

Precise Understanding ◽

Management Guidance ◽

Iso 31000 ◽

Etiological Study ◽

To Come ◽

Risk Managers ◽

Common Understanding ◽

Security Science

When discussing the concepts of risk, safety, and security, people have an intuitive understanding of what these concepts mean, and, to a certain level, this understanding is universal. However, when delving into the real meaning of these concepts, one is likely to fall into semantic debates and ontological discussions. In industrial parks, it is important that (risk) managers from dierent companies, belonging to one and the same park, have the same understanding of the concepts of risk, safety, and security. It is even important that all companies in all industrial parks share a common understanding regarding these issues. As such, this paper explores the similarities and dierences behind the perceptions of these concepts, to come to a fundamental understanding of risk, safety, and security, proposing a semantic and ontological ground for safety and security science, based on an etymological and etiological study of the concepts of risk and safety. The foundation has been induced by the semantics used in the ISO 31000 risk management guidance standard. Hence, this article proposes a coherent, standardized set of concepts and definitions with a focus on the notion “objectives” that can be used as an ontological foundation for safety and security science, linking “objectives” with the concepts of safety, security, risk, performance and also failure and success, theoretically allowing for an increasingly more precise understanding and measurement of (un)safety across the whole range of individuals, sectors and organizations, or even society as a whole.

Download Full-text

EVALUATION OF INFORMATION SECURITY RISK MANAGEMENT USING COBIT 5 SUBDOMAIN EDM03 (ENSURE RISK OPTIMIZATION)

Jurnal Terapan Teknologi Informasi ◽

10.21460/jutei.2018.21.53 ◽

2018 ◽

Vol 2 (1) ◽

pp. 12-21

Author(s):

Fransisca Tiarawati Riadi ◽

Augie David Manuputty ◽

Alhadi Saputra

Keyword(s):

Risk Management ◽

Information Security ◽

Security Risk ◽

Risk Optimization ◽

Iso 31000 ◽

Information Security Risk ◽

Level 1 ◽

Security Risk Management

Pentingnya penggunaan Teknologi Informasi (TI) tidak bisa dipisahkan dari risiko-risiko yang akan mungkin terjadi. Satuan organisasi XYZ sendiri telah menerapkan manajemen risiko keamanan informasi menggunakan standar ISO 31000:2009 untuk meminimalisir risiko-risiko tersebut. Penerapan manajemen risiko keamanan informasi dilakukan agar satuan organisasi XYZ dapat mengetahui optimasi risiko yang dikelola satuan organisasi XYZ sudah berjalan dengan baik dan memberikan dampak yang signifikan. Sehingga satuan organsasi XYZ perlu melakukan evaluasi untuk mengetahui tingkat kapabilitas dalam memastikan optimasi risiko yang telah dilaksanakan satuan organisasi terhadap layanan TI. Framework COBIT 5 digunakan untuk melakukan evaluasi manajemen risiko keamanan informasi dengan melakukan pengukuran tingkat kapabilitas yang memfokuskan pada subdomain EDM03 (Ensure Risk Optimisation). Hasil penelitian ini pada subdomain EDM03 memiliki tingkat kapabilitas pada level 1 performed process kategori largely achieved dengan nilai 78,29%. Pada level ini proses yang diimplementasikan organisasi mencapai tujuan prosesnya. Manfaat penelitian ini bagi satuan organisasi XYZ dapat membantu manajemen risiko keamanan informasi dan pengimplementasi framework ISO 31000 mencapai nilai optimal dalam mendukung layanan TIK di Lembaga ABC.

Download Full-text