Ioannis Tsiouras - The risk management according to the standard ISO 31000
eBook - ePub

Ioannis Tsiouras - The risk management according to the standard ISO 31000

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Ioannis Tsiouras - The risk management according to the standard ISO 31000

Book details
Book preview
Table of contents
Citations

About This Book

The organizations, of any type and size, conducting their activities are faced to uncertainties, due, mainly, to the factors and influences that reside in the external as well as in the internal context. The uncertainties, therefore, are sources of risks, which have an effect on the achievement of the objectives and the impact could be significant to the business.
The organizations to deal with this situation try in any case to manage the risks by implementing approaches more or less known, sometimes in effective manner and sometimes not and often they rely on the technological solutions.
To address risks in systematic, effective and efficient manner, the International Organization for Standardization (ISO) has issued a set of standards for the risk. Among them, the main standard for the risk management is the ISO 31000.
The ISO 31000 Risk Management - Principles and guidelines is applicable to all types of organizations and to any size and type of goods. The ISO 31000 as a guideline provides a framework for risk management giving quick instructions without examining in detail the concepts and without providing operational support for the effective implementation of methodology proposed.
With a wide and significant lived experience in this field, the author proposes to managers, security managers and all those who want or are forced to make decisions in the presence of uncertainty, a practical method for risk management, also through practical case study. The author does not limit to generic interpretations, but develops approaches in detail through matrices and calculations of real risks and refers to case studies bringing examples in order to guide those involved in managing any form of risk in a systematic, transparent and credible and in any scope and context.
The book provides an introduction to risk management, to risk governance and to the risk management process; provides an introduction on the concept of risk, risk factors, the level of risk and correlation between the elements involved in risk analysis. It illustrates also the importance of risk management in decision-making, the awareness to the risk management and the benefits that may obtained from risk management.
The author has paid special attention to the process of developing risk management flow and detailing all activities: establishing the context and the scope, risk assessment (identification, analysis and risk assessment), treatment plan with countermeasures to implement in order to reduce the risks, calculation of the residual risks, acceptance of the residual risks proposed, implementation of the countermeasures and monitoring and review.
The risk management process here developed is supported by a practical case study example useful to learn and to apply the methodology in all the contexts of the life of the organizations, but also in the activities of life.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Ioannis Tsiouras - The risk management according to the standard ISO 31000 by Ioannis Tsiouras in PDF and/or ePUB format, as well as other popular books in Business & Assicurazioni. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Youcanprint
Year
2015
ISBN
9788893066891
Topic
Business
Subtopic
Assicurazioni
Index
Business
1. INTRODUCTION
A human being, by nature, is brought to manage risks, either in a conscious way, establishing structured approaches and use them as often as he has to decide, or unconsciously. This occurs because risk management is vital for survival.
When a person takes a decision, he performs a risk assessment instinctively; generally this assessment is rarely systematic. However, he follows an approach which is to establish one or more objectives, estimates the results of the action, compares them with the objectives and, consequently, he takes the decision. He performs, however, an evaluation during which any deviation of the estimated results against the objectives becomes evident, then he may need to make changes to the actions that have to be taken. The evaluation may assume several scenarios and therefore he should decide to follow the scenario that contains less uncertainty and lower risk.
The need to manage risks is due to the fact that the organization, while carrying out overall business activities, faces uncertainties, due, mainly, to the issues that lie in the internal as well as in the external context. The risk, therefore, has an effect on the achievement of the objectives and the impact could be significant for the business activities of the organization.
Uncertainty is therefore innate in human activities and it is due to the lack of "absolute knowledge" of the current situation to which it refers. Absolute knowledge is an insurmountable limit of the human being, because he will never possess all knowledge. Although a situation or context may deepen, there will always be something that escapes, with the consequence of having a residual uncertainty that leads us to have the related risk.
To address the risk systematically, effectively and efficiently, the International Organization for Standardization (ISO) has issued a set of standards for the risk and risk management, such as ISO/IEC Guide 73, ISO 31000 and others.
The ISO/IEC Guide 73 provides the basic vocabulary and the terms related to risk management in order to develop a common harmonized framework to help the organizations to understand and increase awareness of the risk assessment.
The standard ISO 31000 Risk management – Principles and guidelines is applicable to all types of organizations (manufacturing, service, commercial, government organizations, as well as non-profit organizations) and of any size and type of goods, but it could also be applied to any entity that has the need to manage risk.
The standard ISO 31000, being a guideline, provides only indications without elaborating in detail the concepts. The standard could be used to set the framework for risk management and to design the process of risk management in a high level. As a guideline cannot be used for auditing, neither can it be used to issue certifications, because its prescriptions are not requirements.
Risk management could be applied throughout the organization, but also in a single process, in one area, in one activity or project, at any time during the life of the organization, but also at any time of an individuals' life. It could be applied on many levels, such as strategic, tactical and operational level.
The success of risk management depends on the effective management of the risk management framework. The framework provides the structure and clarifies the resources needed to integrate with the organization's processes.
The effective implementation of the risk management process also depends on several key factors, such as the "definition of the context" in which should be applied the risk management and the “scope,” understood as the extension of the boundaries of the process, from the identity of the "interested parties" and their needs, expectations and requirements, from the objectives to be met and from the risk acceptance criteria.
The benefits that could be obtained from the effective application of risk management are listed in the standard ISO 31000 to which reference is made for a complete list. Here we will mention some key benefits, such as:
  • increase the likelihood of achieving objectives;
  • encourage proactive management;
  • be aware of the need to identify and treat risk throughout the organization;
  • improve the identification of threats;
  • comply with relevant legal and regulatory requirements and international as well as the requirements of the management systems standards (e.g., ISO 9001, ISO 14001, ISO 22301, ISO/IEC 27001 and others);
  • improve mandatory and voluntary reporting;
  • improve governance;
  • improve stakeholders confidence and trust;
  • improve organizational resilience;

The Volume aims to provide:
  • an introduction to the risk management;
  • the principles that should guide risk management;
  • the framework for an effective risk management;
  • the risk management process.
2. Risk governance
Risk governance is the way in which the organization manages the risks that are encountered during its activities. Risk governance is, therefore, the strategic approach of the processes: risk management and decision making.
The control of risk issues makes the organization resilient and reliable.
Governance generally refers to actions, processes, practices and approaches by which management operates, controls, makes decisions and implements the decisions. The risk governance is the structure of government to:
  • establish the principles for the risk management,
  • create and manage the necessary framework for deploying the principles through the processes of the organization, and
  • make applicable and manage effectively the process of risk management.

The risk governance establishes the relationship between the principles for risk management, the framework of the risk management and the development and implementation of the risk management process. These relationships are shown in the following diagram (fig. 1).
Image
Figure 1 – Risk Governance (inspired by the ISO 31000: 2009)
3. RISK
3.1 The risk concept
As proved by the daily experiences of each of us, the risk is innate in all human activities. Despite the continued exposure to which we are put through, a definition of the concept of risk, which is accepted by all, is almost impossible. Risk assumes a variety of meanings depending on the social and cultural environments in which each of us works and according to different perspectives, through which each of us observe events and expose themselves to the events.
The definition that we take into account here is that given by the standard ISO Guide 73:2009, which defines the Risk as the effect of uncertainty on objectives..
The definition consists of the three key terms: objectives, impact e uncertainty.
The objectives could:
  • have different aspects, such as economic/financial, health, safety, environmental protection, information security, etc.;
  • be applied at different levels: strategic, organization-wide, project, product and process);
  • be expressed as the desired results, as a goal or as a criterion; They can be express...

Table of contents

  1. Cover
  2. Title and rights
  3. The author
  4. Dedication
  5. Foreword
  6. Index
  7. 1. Introduction
  8. 2. Risk governance
  9. 3. Risk
  10. 4. Risk management and decision-making
  11. 5. Risk management principles
  12. 6. Risk management framework
  13. 7. Risk management process
  14. 8. Risk management process - Case Study
  15. 9. Bibliography
  16. 10. Appendix A - Tools and techniques for risk management