05050-FO5-Change Log Form Approver: Training Development ... 31000RM Change Log-… · • ISO/TR...

05050-FO5-Change Log Form Approver: Training Development Supervisor

Owner: Course Development Manager Version: 1.1

Classification: Internal | ACL: Training Development of 30

Change Log Form

GENERAL INFORMATION

Course Developer Manager** Donika Mucolli

Department* Training Department

Date* 2017-10-31

Course details*

Course name: Language: Current Version: Previous Version:

ISO 31000 Risk Manager English 4.7 4.6.1

Day 1:

Slide Number

Slide Description:

Modifications: Comments Current version

Previous version




No. 1 No. 1 First slide

The sections for the Day 1 have changed

From:

Section 1: Course objective and structure

Section 2: Concept and definitions related to risk management

Section 3: Risk management standards, frameworks and methodologies

Section 4: Implementation of a risk management framework

Section 5: Understanding the organization and its context

To:

Section 01: Course objectives and structure

Section 02: Standards and regulatory frameworks

Section 03: Introduction to ISO 31000 concepts and principles

Section 04: Risk management framework

Section 05: Initiating the risk management process implementation

The course version has been updated from 4.6.1 to 4.7




No. 2 No. 18 Schedule of the Training

The slide containing the schedule of the training has been repositioned from slide 18 in the old version, to slide 2 in the new version.

The titles for each day of the training have been modified as in the following:

Day 1:

From: Introduction to ISO 31000 and initiation of risk management programme

To: Introduction to the principles and framework of ISO 31000

Day 2:

From: Risk identification and assessment, risk evaluation, treatment, acceptance, monitoring and communication

To: Risk management process based on ISO 31000

Day 3:

From: Risk assessment methodologies according to IEC/ISO 31010 and Exam

To: Risk Assessment techniques based on IEC/ISO 31010




No. 3 No. 3 Normative references used in this training

The following standard has been added to the list of

main standards cited:

• ISO/TR 31004:2013, Guidance for the

implementation of ISO 31000

The following have been removed from Other

standard references:

• ISO 14001:2015, Environmental

management systems – Requirements with

guidance for use

• OHSAS 18001:2007, Occupational Health

and Safety Management Systems –

Requirements

• ISO/IEC 20000-1:2011, Information

Technology — Service Management.

Information technology — Part 1: Service

management system requirements.

• ISO/IEC 20000-2:2012, Information

technology — Service management —

Part 2: Guidance on the application of

service management systems.

• ISO 22301:2012, Societal security —

Business continuity management systems

— Requirements.

• ISO 28000:2007, Specification for security

management systems for the supply chain.

Standards that haven’t been referenced in the training have been removed




No. 4 No. 4 List of acronyms and abbreviations used in this training

The following acronyms and abbreviations used in the training have been listed

AS/NZS: Australia Standard/New Zealand Standard

CMS: Content Management System

COSO: Committee of Sponsoring Organizations of the Treadway Commission

CPD: Continuing Professional Development

DMS: Document Management System

EDM: Electronic Document Management System

ERM: Enterprise Risk Management

IAS: International Accreditation Service

ISO: International Standards Organization

NIST: National Institute of Standards and Technology

PDCA: Plan-Do-Check-Act

PECB: Professional Evaluation and Certification Board

ROI: Return on Investment

ROSI: Return on Security Investment

RM: Risk Management

The acronyms and abbreviations that were not used in the are removed




No.8 No.8 Training Objectives

The training objectives of this course have been changed from:

• Understand the basic concepts of risk related to risk management

• Explain the goal, content and correlation between ISO 31000 and ISO 31010 and other standards and regulatory frameworks

• Explain the function of a risk management system according to ISO 31000 and its key processes

To:

• Understand the fundamental concepts and processes of Risk Management

• Acknowledge the correlation between ISO 31000, IEC/ISO 31010 and other standards and regulatory frameworks

• Comprehend the approaches, methods and techniques used to manage risk within an organization

• Learn how to interpret the principles and guidelines of ISO 31000

No. 9 No. 10 Educational Approach

Slide tittle has been changed from “Course Structure” to “Educational Approach”

Both the content in the slide and in the notes has been updated




No. 10 No. 11 Examination

The competency domains have been updated from:

1. Fundamental principles and concepts in

risk management

2. Management of a risk programme

3. Risk assessment

4. Risk treatment options

5. Risk communication, monitoring and

improvement

To:

1. Fundamental principles and concepts of

Risk Management

2. Risk Management framework and process

3. Risk assessment techniques based on

IEC/ISO 31010

The content in the notes has been updated as well.

No. 11 No. 12 Certified 31000 Risk Manager The content in the notes has been updated

No. 12 No. 13 Certificate The certificate sample and the notes have been

updated

No. 13&14

No. 14 What is PECB? The notes are split into two slides

No. 15 No. 15 Certification Bodies for Persons The notes have been updated

No. 16 No. 16 Why become a Certified Manager?

The following typo from the slide tittle has been

corrected

From:

Why becoming Certified Manager?

To:

Why become a Certified Manager

No. n/a No. 17 Customer Service This slide has been deleted

No. 17 No. 19 Questions? The section summary has been deleted




No. 18 No. 39 Standards and regulatory frameworks

In the old version of the training, this section was

section 3, in the new version it is repositioned as

section 2. The tittle of this sections has been

slightly modified from “Standard and Regulatory

Framework” to “Standards and regulatory

frameworks” and contains the following sub-

sections:

a. Standard and methodology

b. ISO 31000, ISO/TR 31004 and IEC/ISO

31010

c. History of the development of risk

management standards and best practices

d. NIST 800-30

e. AS/NZS 4360

f. COSO ERM Framework

g. COSO ERM and ISO 31000

No. 21 No. n/a ISO/TR: Guidance for the Implementation of ISO 31000

This slide containing a brief summary of ISO/TR

31004 has been added

No. 22 No. 44 IEC/ISO 31010: Risk Assessment Techniques

This slide has been repositioned from slide 44 in

the old version to the slide 22 in the new version of

the course.

The scope of the standard has been added in the

notes

No. 23 No. 47

History of the Development of Risk Management Standards and Best Practices

The tittle of the slide has been changed to “History

of the Development of Risk Management Standards

and Best Practices”

The following text has been added in the notes:

“Note: The subsequent slides will further explain

the following standards, guidelines and frameworks:

• NIST 800-20;

• AS/NZS 4360; and

• COSO ERM.”




No. 24 No. 48&49

NIST 800-30

The tittle of the slide has been modified from “NIST

800-30:2002” to “NIST 800-30”

Slide 48&49 are merged and re-designed.

The following content has been added in the notes:

“NIST 800-30 has been developed by NIST

(National Institute of Science and Technology) and

was published in July 2002. “

No. 26 No. 51 NIST 800-30 Slide has been re-designed

No. 27 No. 52 AS/NZS 4360 Slide has been re-designed

No. 28 No. 53 AS/NZS 4360 Slide has been re-designed

No. 29 No. 54&55

AS/NZS 4360 Slide 54 and 55 of the old version of the training

has been merged into slide 29 in the new version.

No. 30 No. 56 COSO ERM

Slide has been re-designed.

The following content has been added in the notes:

“The Committee of Sponsoring Organizations

(COSO) is a voluntary private-sector organization

that provides guidance to executive management

and governance entities towards the establishment

of more effective, efficient, and ethical business

operations on a global basis.

The Committee of Sponsoring Organizations

(COSO) ongoing mission is to: provide thought

leadership through the development of

comprehensive frameworks and guidance on

enterprise risk management, internal control and

fraud deterrence designed to improve

organizational performance and governance, and to

reduce the extent of fraud in organizations.

Source: www.coso.org”

http://www.coso.org/




No. 31 No. 57 COSO ERM Framework The source of the content has been added

No. 32 No. 58 COSO ERM Framework

The colors in the figure in slide have been modified.

The following content is added in the notes:

1. Internal environment: Provides the

attitude of the organization regarding the

determination of risk appetite, risk

management approach and ethical values

2. Objective setting: The organization’s

board determines the objectives, which are

aligned with the organization’s risk appetite,

in order to approve the organization’s

mission

3. Event identification: The organization

should recognize internal and external

events that influence the performance of

the organization’s objectives

4. Risk Assessment: The possibility and

impact of risks are evaluated as a basis for

deciding how to manage them

5. Risk Response: Essential actions are

taken by management to regulate risks

with risk tolerance and risk appetite

6. Control activities: To establish that risk

responses are effective policies and

procedures

7. Information and Communication:

Information systems have to make sure

that data is identified, communicated and

secure in a way that allows managers and

employees carry out their responsibilities

8. Monitoring: The management system has

to be monitored and modified




No. 33 No. 59 COSO ERM Framework

The following content has been added in the slide:

“Why COSO ERM?

COSO ERM objectives can be viewed in the

context of four categories:

Strategic

Operations

Reporting Compliance”

No. 34 No. n/a COSO ERM Framework and ISO 31000

This slide has been added

No. 35 No. 60 Comparison Between ISO 31000 and COSO ERM

A table containing a more detailed comparison of

ISO 31000 and COSO ERM has been added.

The notes contain new content as well.

No. 37 No. 20 Introduction to ISO 31000 concepts and principles

In the old version of the training this section was

named “Concepts and Definitions of Risk” and was

positioned as the second section. In the new

version the name of the section has been modified

to “Introduction to ISO 31000 concepts and

principles” and has been repositioned as the third

section of Day 1.

This section contains the following sub-sections:

a. Underlying concepts and principles

b. Risk management principles and their

application

c. Advantages of risk management

d. Risk types

No. 38 No. n/a Underlying Concepts and Principles


No. n/a No. 22 Concepts of Risk This slide has been deleted




No. 39 No. 23 Risk

The first paragraph in the notes has been slightly

modified to:

“The concept of risk is associated with different

considerations like: Probability of a harmful event

and eventuality that a threat exists which is more or

less predictable and which may affect the

objectives of an organization (the event is

evaluated as negative, the threat, its likelihood of

occurrence and/ or impact).”

No. n/a No. 24 Common Definition of the word Risk

This slide has been deleted

No. n/a No. 25 Risk and Threats This slide has been deleted

No. n/a No. 26 Scientific Definition of Risk This slide has been deleted

No. n/a No. 27 The Calculation of Risk This slide has been deleted

No. n/a No. 28 Risk and Statistics This slide has been deleted

No. n/a No. 29 Opportunities of Risk This slide has been deleted

No. 40 No. 30 Risk Management Strategy

The following sentence has been deleted from the

notes:

“With a weak risk management, an organization is

undergoing the risks. However, an effective risk

management allows foreseeing the risks and taking

the risks related to opportunities. “

No. n/a No. 31 The Perception of Risk This slide has been deleted

No. n/a No. 32 Definition of Risk This slide has been deleted

No. 41 No. n/a Uncertainty This slide has been added

No. 42 No. n/a Risk Treatment and Control This slide has been added

No. 43 No. n/a Risk Management Framework This slide has been added

No. 44 No. n/a Risk Criteria This slide has been added

No. 45 No. n/a Management, Risk Management and Managing Risk





No.46 No. n/a Risk Management Principles and Their Application


No.47 to 59

No. 33, 34 & 35

Risk Management Principles

The old version of this training slides 33, 34 and 35

contained only briefly mentioned principles of risk

management.

In the new version, from slide 47 to slide 59, each

principle has been properly elaborated, a “How to

apply?” paragraph is added both in the slide and in

the notes.

No. 60 No. 36 Advantages of Risk Management Advantages of risk management from ISO 31000

introduction have been added.

No. 62 to 77

No. n/a Risk Types Risk Types, from Slide 62 to 77 have been added

to the training The old version of the training does not contain such slides

No. n/a No. 61 ISO 27005 This slide has been deleted

No. n/a No.67 to 72

The History of Risk These slides have been deleted

No. 79 No. 74 Risk management framework

The name of the section has been modified from

“Implementing a Risk Management Framework” to

“Risk management framework”

This section contains the following sub-sections

a. ISO 31000 recommendations

b. Risk management framework

c. Obtaining a mandate and commitment of

management

d. Design of a framework for managing risk

e. Implementing risk management

f. Risk Management Process According to

ISO 31000

g. Relationship Between the Rm Principles,

Framework and Process

h. Monitoring and review of the framework

i. Continual improvement of the framework

No. 80 No. n/a ISO 31000 Recommendations This slide has been added




No. 81 No. n/a Risk Management Framework This slide has been added

No.82 No. 77 Obtaining a Mandate and Commitment of Management

This slide has been removed as an activity in the

risk management process

Content from ISO/TR 31004, C.1 General and

ISO/TR 31004, C.2 Methods for expressing

mandate and commitment has been added in the

notes

No.83 No. n/a **Slide notes extension** An example has been added

No. 84 No. n/a Design of a Framework for Managing Risk


No. 85 No. n/a Implementing Risk Management This slide has been added

No. 86 No. 62 Risk Management Process According to ISO 31000


the old version of this training, to slide 86 in the new

version




No. 87 No. 42 Relationship Between the RM Principles, Framework and Process


the old version of this training, to slide 87 in the new

version.

The name of the slide has been changed from

“Structure of ISO 31000” to “Relationship Between

the RM Principles, Framework and Process”

The following content in the notes has been added:

“ISO 31000 standard provides principles, a risk

management framework and a risk management

process. For the risk management to be effective

an organization should comply with the 11

principles provided by ISO 31000 at all levels.

Besides complying with the 11 principles of risk

management, organizations should implement a

management framework as well.

The success of the risk management will depend

on the effectiveness of the management framework

providing the foundations and arrangements that

will embed it throughout the organization (at all

levels). The management framework assists in

effectively managing risk through the application of

the risk management process at varying levels and

within the specific context of the organization. “

No. 88 No. n/a Monitoring and Review of the Framework


No. 89 No. 66 Continual Improvement of the Framework


the old version of the training, to slide 89 in the new

version.

The name of the slide has been modified from “Risk

Management: a Continuous Process” to “Continual

Improvement of the Framework”

Clause 4.6 Continual improvement of the

framework from ISO 31000 has been added in the

notes




No. 92 No.94 Initiating the risk management process implementation

Section 5 in the new version of the course has been

renamed to “Initiating the Risk management

process implementation” and contains the following

sub-sections

a. Understanding the organization and its

context

b. Establishing risk management policy

c. Accountability

d. Integration into organizational processes

e. Resources

f. Establishing internal communication and

reporting mechanisms

g. Establishing external communication and

reporting mechanisms

h. Choosing the RM process to implement

No.93 No.95 PECB Risk Management Process

The “PECB Risk Management Framework” has

been modified to “PECB Risk Management

Process”

The steps and design of the PECB Risk

Management Process has been modified

In the notes, clause 4.4.2 Implementing the risk

management process from ISO 31000 has been

added

No. n/a No. 96 **Slide Notes Extension** This slide has been deleted

No. 94 No. n/a Understanding the Organization and its Context


No. 95 No. 83 Establishing Risk Management Policy

This slide has been renamed from “1.5.

Establishing a Risk Management Policy” to

“Establishing a Risk Management Policy” and

repositioned from slide 83 to slide 95

No. 96 No. 82 Accountability

This slide has been renamed from “1.4 Ensuring

Accountability” to “Accountability” and has been

repositioned from slide 82 to slide 96.




No. 97 No. 79 Defining Roles and Responsibilities

The slide has been renamed from “1.3 Defining

Responsibilities of Principal Stakeholders” to

“Defining Roles and Responsibilities” and has been

repositioned from slide 79 to slide 97

No. 98 No.78 Appointing a Risk Manager Responsible

The slide has been renamed from “1.2 Appointing a

Risk Management Responsible” to “Appointing a

Risk Manager Responsible” and has been

repositioned from slide 78 to slide 98.

Both the content in the notes and the slide has

been modified

No. 99 No. n/a Skills and Knowledge Required for a Risk Manager

Slide has been added

No. 100 No. n/a Work Styles for a Risk Manager Slide has been added

No. 101 No. n/a Common Mistakes of Risk Managers


No. 102 No. 84 Integration into Organizational Processes

Slide has been renamed from “1.6. Development

and Implementation of a Risk Management Process

Embedded into Organizational Processes” to

“Integration into Organizational Processes” and has

been repositioned from slide 84 to slide 102

Slide has been redesigned

No. 103 No. 91 Resources

Slide has been renamed from “1.10. Provision of

Resources” to “Resources” and has been

repositioned from slide 91 in the old version of the

training to slide 103

No. 104 No. n/a Establishing Internal Communication and Reporting Mechanisms


No. 105 No. n/a Establishing External Communication and Reporting Mechanisms


No. 106 No. n/a Choosing the Risk Management Process to Implement


No. 107 No. 85 Selecting a Risk Analysis Approach Slide has been repositioned from No.85 to No. 107




No. 108 No. 86 Qualitative Risk Assessment

Slide 86 in the old version of the training has been

split into separate slides for Qualitative Risk

Assessment.

New content has been added both in the slide and

the notes

No. 109 No. 86 Quantitative Risk Assessment

Slide 86 in the old version of the training has been

split into separate slide for Quantitative Risk

Assessment.

New content has been added both in the slide and

the notes

Recap of the changes in Day 1

Examination domains have been updated. New ISO 31000 RM version now contains 3 examination domains

Training objectives have been updated based on course content

Information form ISO/TR 31004: Guidance for the Implementation of ISO 31000 has been added

Comparison between COSO ERM Framework and ISO 31000 standard has been updated

Risk management concepts have been updated

Risk management advantages have been added

The following risk types have been added:

o Operational risk

o Financial risk – financial risk types

o Credit risk

o Information technology risk

o Integration risk

o Security risk

o Legal risk

o Compliance risk

o Work related risks

The 11 Risk management principles are elaborated and contain information on how these principles can be applied.

A section containing information related to risk management framework as specified by ISO 31000 standard is integrated on the training material

PECB Risk Management framework has been updated to PECB Risk Management Process

List of activities are involved in each phase of the risk management process




Day 2:

Slide Number

Slide Description:

Modifications: Comments Current version

Previous version

No.1 No.1 First slide

The schedule for Day 2 of the training has been updated as in the following: Section 06: Context establishment Section 07: Risk identification Section 08: Risk analysis Section 09: Risk evaluation Section 10: Risk treatment Section 11: Risk acceptance Section 12: Risk communication and consultation Section 13: Risk monitoring and review The version number has been updated from 4.6.1 to 4.7

No. 2 No. 94 Day 1

Section 6/ Context Establishment This section has been repositioned from Day 1 of this course to the Day 2

No. 3 No. 95 Day 1

1. Context Establishment Risk management process updated Added the main objectives of the step & clause 5.3.1 from ISO 31000

No. 4 No. 96 Day 1

**Slide Notes Extension** Repositioned slide from Day 1 No. 96, to Day 2 No. 4

No. 5 No. 97

Day 1 1. Context Establishment

List of activities updated accordingly. Inputs, activities and outputs added in the notes.

No. 6 No.98

Day 1

1.1. Mission, Objectives, Values and Strategies of the Organization

Slide numbering has changed from “2.1.” to “1.1.” “Clause 4.2 Mandate and commitment from ISO 31000” added in the notes

No. 7 No. 99

Day 1 1.2. Establishing the External

Context Slide numbering has changed from “2.2.” to “1.2.” The notes have been updated accordingly

No. 9 No. 101

Day 1 1.3. Establishing the Internal

Context Slide numbering has changed from “2.3.” to “1.3.” The notes have been updated accordingly




No. 11 No.103 Day 1

1.4. Identification and Analysis of Stakeholders

Slide numbering has changed from “2.4.” to “1.4.” The slide is slightly modified in its design The notes are updated accordingly

No. 12 No.104 Day 1

1.5. Identification and Analysis of Requirements Related to Risk Management

Slide numbering has changed from “2.5.” to “1.5.”

No. 13 No. 105 Day 1

1.6. Determine Objective

Slide numbering has changed from “2.6.” to “1.6.” The slide tittle has been modified from “Determination of the Objectives” to “Determine Objectives”

No. 14 No. 106 Day 1

1.7. Determine Risk Criteria

Slide numbering has changed from “2.7.” to “1.7.” The slide tittle has been modified from “Determination of the Basic Criteria” to “Determine Risk Criteria”

No. 15 No. 107 Day 1

Defining Risk Criteria Slide has been updated Clause 5.3.5 Defining risk criteria from ISO 31000 has been added in the notes.

No. 16 No. 110

Day 1 1.8. Defining the Scope and

Boundaries Slide numbering has changed from “2.8.” to “1.8.”

No. 17 No. 111

Day 1 Constraints Affecting the Scope

Slide has been updated and redesigned accordingly

No. 18 No. n/a Exercise 4 Exercise has been updated

No. 20

No. 2

Day 2 (from here after)

Section 7/ Risk identification

The sub-sections have been updated as in the following:

a. ISO 31000 recommendations b. Identification of assets c. Identification of risk sources d. Identification of risk events e. Identification of existing measures f. Identification of consequences

Clause 5.4.2 Risk identification from ISO 31000 has been deleted from the notes

No. 21 No. 3 2. Risk Identification Risk management process

No. 22 No. n/a ISO 31000 Recommendations Notes from slide 2 of the old version have been added as information in the slide and notes.




No. 23 No. n/a 2. Risk Identification List of activities added, with inputs, activities and outputs in the notes.

No. 24 No. n/a 2.1. Identification of Assets Slide added

No. 25 No. n/a Asset Slide added

No. 26 No. n/a Identification of Supporting Assets Slide added

No. 27 No. 10 2.2. Identification of Risk

Sources

Slide numbering has changed from “3.1” to “2.2” Content in the slide has been updated Clause 5.4.2 Risk identification from ISO 31000 has been added in the notes

No. 28 No. 12 Identify Sources of Risk Content in the slide has been modified. Slide redesigned

No. 29 No. 21 2.3. Identification of Risk

Events Content in the slide has been updated

No. 30 No. n/a Identification of Risk Events based on COSO ERM

Slide added

No. 31 No. n/a 2.4. Identification of Existing

Measures Slide added

No. 32 No. 17 Identification of the Level of Maturity

This slide has been repositioned from slide 17 in the old version of the training, to slide 32 in the current version.

No. 33 No. 18 2.5. Identification of

Consequences The content in the slide has been updated

No. 34 No. 19 Identification of Consequence The content in the slide has been updated

No. 37 No. 24 Section 8/ Risk Analysis

In the old version, Risk analysis and Risk evaluation were in the same section, in the current version, they are split into two sections Sub-sections have been updated as in the following:

a. ISO 31000 and ISO 31010 recommendations

b. Assessment of consequences c. Assessment of incident likelihood d. Level of risk determination

No.38 No. 25 3. Risk Analysis Risk management process updated accordingly




No. 39 No. n/a ISO 31000 Recommendations Slide added

No. 40 No. 27 Risk Analysis Design updated Notes updated

No. 41 No. n/a 3. Risk Analysis List of activities added, together with inputs, activities and outputs in the notes

No. 42 No. 28 3.1. Assessment of

Consequences

Slide updated Clause 5.3.5 Consequence analysis from IEC/ISO 31010 added in the notes

No. 43 No. 29 Consequence Analysis

The name of the slide changed from “4.1. Assessment of Consequences” to “Consequence Analysis” Content in the slide updated Clause 5.4.3 Risk analysis from ISO 31000 added in the notes

No. 44 No. 31 3.2. Assessment of Incident

Likelihood

Numbering of the slide changed from “4.2.” to “3.2.” Clause 5.3.4 Likelihood analysis and probability estimation from IEC/ISO 31010 added in the notes

No. 45 No. 32 Likelihood – Definition Slide & notes updated

No. 47 No. n/a 3.3. Level of Risk

Determination Slide added

No. 48 No. 34 Level of Risk – Definition Slide & notes updated

No. n/a No. 35 Example of a Risk Determination Matrix

Slide deleted

No. 49 No. n/a Exercise 5 Exercise added

No. 51 No. n/a Section 9/ Risk evaluation

In the old version, Risk analysis and Risk evaluation were in the same section, in the current version, they are split into two sections The sub-sections of Risk evaluation are as in the following:

a. ISO 31000 recommendations b. Evaluation of Levels of Risk based on Risk

Evaluation Criteria c. Prioritization of risk

No.52 No. n/a 4. Risk Evaluation Risk management process added





No. 54 No. n/a 4. Risk evaluation Slide containing list of activities, together with notes with inputs, activities and outputs added

No.55 No. 37 4.1. Evaluation of Levels of

Risk based on Risk Evaluation Criteria

The slide name & numbering changed from “5.1. Risk Evaluation” to “4.1. Evaluation of Levels of Risk based on Risk Evaluation Criteria” Content in the slide & notes updated

No. 56 No.38 Risk Evaluation

Slide name changed from “Guidance on Risk Evaluation” to “Risk Evaluation” Slide redesigned Reference to IEC/ISO 31010, clause 5.4 given both in the slide and the notes

No. n/a No. 39 Example of a Risk Evaluation Slide deleted

No. 57 No. n/a Risk Evaluation Slide added

No. 58 No. 40 Prioritization of Risks Content in the slide updated Content added in the notes

No. 60 No. 42 Questions? Section summary deleted

No. 61 No. 44 Section 10/ Risk Treatment

Sub-section of Risk treatment have been updated as in the following:

a. ISO 31000 recommendations b. Risk treatment activities c. Risk treatment options d. Risk treatment plan e. Evaluation of residual risk

No. 62 No. n/a 5. Risk Treatment Risk management process added


No. 65 No. n/a Risk Treatment Activities Slide added

No. 66 No. n/a **Slide Notes Extension** Slide added

No.67 No. n/a 5. Risk Treatment Slide containing list of activities added, together with inputs, activities and outputs in the note

No. 68 No. n/a 5.1. Risk Treatment Options Slide added




No. 69 No. 47 Risk Treatment Options Content in the slide has changed Notes are added

No. n/a No. 48-56 Slides deleted

No. 70 No. 57&58

5.2. Risk Treatment Plan Content in the slides 57&58 of the previous version of the training have been merged

No. 71 No. 64 5.3. Evaluation of Residual

Risk

No. 72 No. n/a Evaluation of Residual Risk Slide added


No. 75 to 85

No. n/a Section 11/ Risk acceptance The whole section has been updated

No. 86 No. 68 Section 12/ Risk communication and consultation

The sub-sections for this section are as in the following:

a. ISO 31000 recommendations b. Communication and consultation c. Risk communication objectives d. Communication plan e. Establishing internal and external

communication and reporting mechanisms f. Records of decisions & communication

No. 87 No. 69 7. Risk Communication and Consultation

Risk management process updated


No. 89 No. n/a Communication and consultation Slide added

No. 90 No. 70 7. Risk Communication and Consultation

List of activities updated Inputs, activities and outputs added in the notes.

No. 91 No. 72 7.1. Defining Risk Communication Objectives

Content in the slide has been modified New content is added in the notes

No. 92 No. 74 7.2. Establishing a Risk Communication Plan

Content in the slide & notes updated

No. 93 No. 74 (notes)

Continual Communications

The content if the slide is made of the notes from slide 74 of the previous version of the training, based on Annex A, A.3.4 Continual Communications, ISO 31000




No. 94 No.75 7.3. Establishing Internal Communication and Reporting Mechanisms

Content from Clause 4.3.6 Establishing internal communication and reporting mechanisms from ISO 31000 added in the notes

No. 95 No. n/a Internal Communication Slide added

No. 96 No. 76 Effective Communication with Stakeholders

Clause 4.3.2 Communication and consultation from IEC/ISO 31010 added in the notes

No. 97 No.77 7.4. Establishing External Communication and Reporting Mechanisms

Clause 4.3.7 Establishing external communication and reporting mechanisms from ISO 31000 added in the notes

No. 98 No. n/a External Communication Slide added

No. 99 No. 81 & 82

7.5. Recording of Decisions & Communications

Slide 81 & 82 in the old version have been merged into slide 99 of the new version of the course

No.101 No. 85 Section 13/ Risk monitoring and review

Sub-sections of section 13 are listed as in the following:

a. ISO 31000 recommendations b. Monitoring and review of the framework c. Monitoring and review of the process d. Set improvement objectives e. Risk management continual improvement f. Recording the risk

No. 102 No. 86 8. Risk Monitoring and Review Risk management process has been updated


No. 104 No. 87 Risk Monitoring and Review

The title of the slide has been modified from “Risk Management Monitoring, Review and Improvement” to “Risk Monitoring and Review” New content added in the notes

No. 105-107

No. n/a Risk Monitoring and Review Slides added

No. 108 No. n/a 8. Risk Monitoring and Review List of activities, together with input, activities and outputs added

No. 109 to 113

No. n/a Slides added

No. 114 & 115

No. 90 8.3. Set Improvement

Objectives Design of the slide updated Notes modified




No. 116 No. 91 8.4 Risk Management Continual Improvement

Content in the slide & notes updated

No. 117 No. 92 & 93

8.5. Recording the risk Slides 92 & 93 in the old versions merged into slide 117 in the new version

No. 118 No. n/a Maintenance and Improvement of the RM Process

Slide added



Each section contains added information from ISO 31000 before the list of activities is presented

COSO ERM framework is integrated on the risk identification phase

Updated RM process phases including:

o Context establishment

o Risk identification

o Risk analysis

o Risk evaluation

o Risk treatment

o Risk acceptance

o Risk communication and consultation

o Risk monitoring and review

Risk treatment options have been updated

Principles of an effective communication with stakeholders are now integrated on the training material

New information regarding to risk monitoring and review is integrated on the training material. All the information is based on ISO 31000 annex




Day 3:

Slide Number

Slide Description:

Modifications: Comments Current Version

Previous version

No. 1 No. 1 First slide

Section 12: Risk management methodologies (part 1) & Section 13: Risk management methodologies (part 2) have been merged into one section in day 3:

Section 14: Risk assessment techniques based on IEC/ISO/ 31010

The sub-sections of this section are as in the following:

a. IEC/ISO 31010 risk assessment techniques

b. Brainstorming

c. Decision tree analysis

d. Bow tie analysis

e. Root cause analysis

f. Business impact analysis

g. Scenario analysis

h. FMEA and FMECA

i. Cause and effect analysis

j. Consequence/probability matrix

The following risk assessment techniques are no longer included in the current version of the training:

1. DELPHI Technique

2. HAZOP – Hazard & Operability Analysis

3. HACCP – Hazard Analysis Critical Control Point

4. FTA – Fault Tree Analysis

The version number of the training has been updated from “4.6.1” to “4.7”




No. 3 & 4 No. n/a IEC/ISO 31010 – Risk Assessment Techniques

Slides added

No. 5 No. 4 A. Brainstorming

Content in the slide has been redesigned

Annex B, B.1.1 Overview from IEC/ISO 31010 has been added in the notes

No. 6 No. 5 Brainstorming Annex B, B.1.2 Use from IEC/ISO 31010 has been added in the notes

No. 8 No. 7 Brainstorming

“General Rules to be Followed” has been replaced with “5-Whys used in brainstorming sessions”

New content has been added both in the slide and the notes

No. 9 No. n/a Brainstorming Slide added

No. 11-14

No. n/a B. Decision Tree Analysis Slides added

No. 15-18

No. n/a C. Bow Tie Analysis Slides added

No. 19- 22

No. n/a D. Root Cause Analysis Slides added

No. 23-27

No. n/a E. Business Impact Analysis Slides added


No. 29-34

No. 35-40

F. Scenario Analysis Slides have been repositioned from No. 35 to 40 in the previous version to No. 29 to 34 in the new version

No. 35-42

No. 42-50

G. FMEA and FMECA

Slides have been repositioned from No. 42 to 50 in the previous version to No. 35-42 in the new version

There are changes in design in some slides

Slides 44 & 45 in the previous version are merged into one slide (slide 37) in the new version




No. 43-52

No. 59-68

H. Cause and Effect Analysis

Slides have been repositioned from 59 to 68 in the previous version to No 43-52 in the new version of the training

There are changes in design colors

No. 53-58

No. n/a I. Consequence/Probability

Matrix Slides added


No. 61-74

No.71-84

Section 15/ Competence, evaluation and closing the training

The name of the section has been updated from “Applying for certification and closing the training” to “Competence, evaluation and closing the training”

The sub-sections are listed as in the following

a. PECB ISO 31000 certification scheme

b. PECB certification process

c. Applying for certification

d. Maintaining certification

e. Evaluation of the training

This section has been updated based on the most recent Training Development Guideline of PECB


New risk assessment techniques based on ISO 31010 have been integrated in the training material, including: o Brainstorming

o Decision tree analysis

o Bow tie analysis

o Root cause analysis

o Business impact analysis

o Scenario analysis

o FMEA and FMECA

o Cause and effect analysis

o Consequence/ probability matrix




Comments: ...……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………… ………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………… …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………… ……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………

05050-FO5-Change Log Form Approver: Training Development ... 31000RM Change Log-… · • ISO/TR...

Documents

Transcript of 05050-FO5-Change Log Form Approver: Training Development ... 31000RM Change Log-… · • ISO/TR...