We provide ISO 31000 consulting and implementation support. This includes understanding organization context, enterprise risk mapping, prioritizing risk, risk assessment, risk management options, risk dashboard, control enforcement, policy/documentation support, training, coaching chief risk officers, coaching teams/employees, internal audit and management review.
Establishing Context: This includes an understanding of the current conditions in which the organization operates on an internal, external and risk management context.
Identifying Risks: This includes the documentation of the material threats to the organization’s achievement of its objectives and the representation of areas that the organization may exploit for competitive advantage.
Analyzing/Quantifying Risks: This includes the calibration and, if possible, creation of probability distributions of outcomes for each material risk.
Integrating Risks: This includes the aggregation of all risk distributions, reflecting correlations and portfolio effects, and the formulation of the results in terms of impact on the organization’s key performance metrics.
Assessing/Prioritizing Risks: This includes the determination of the contribution of each risk to the aggregate risk profile, and appropriate prioritization.
Treating/Exploiting Risks: This includes the development of strategies for controlling and exploiting the various risks.
Monitoring and Reviewing: This includes the continual measurement and monitoring of the risk environment and the performance of the risk management strategies.
ISO 31000 is the formal recognition of ERM by the international standards organization.
ISO 31000 is a 'risk management – principle and guideline' provides a reference framework that organization can use to design, build, implement and audit their ERM.
Due to the scope of the subject and the holistic behavior management needs to drive this because only at that point the whole of the organization is visible.
Context refers to the kind of risk that you wish to address. Secondly, do you wish to start with the whole of the organization or wish to limit to critical teams or locations only?
This includes identifying the stakeholders, business teams, resources and asset infrastructure within the context, resulting in defining a risk register, and threats and opportunities.
Through definition of people, processes and technology, and program charter to drive the implementation and embedding them as part of the organization culture.
Is the process of verifying successful implementation, on one hand, and the inclusion of ERM principles in business life cycle on the other.
Helps in reporting and alignment with Phase I. Though management is involved in each phase, a formal reporting process will help in measuring the performance and whether it is providing business benefits it was designed to.