ww

w.jj

pro

ject

con

sult

ing.

com

.au

1CPRM/CRMT Masterclass 2014

The aim of the conference is to…

• Promote learning at the cutting edge of risk management practice

• Foster creative thinking

• Network

• Have fun!

2

Jeff Jones CPRM, AFRMIA, RPEQ, MIEAust, Lead Auditor (QMS)

“How to apply and benefit from the new risk management guide ISO/TR 31004:2013

for implementing ISO 31000.”

3

Introductions & Demographic

ww

w.jj

pro

ject

con

sult

ing.

com

.au

4

Introductions & Demographic

ww

w.jj

pro

ject

con

sult

ing.

com

.au

5

Introductions & Demographic

ww

w.jj

pro

ject

con

sult

ing.

com

.au

6

ww

w.jj

pro

ject

con

sult

ing.

com

.au

7

* Subject to Copyright

ww

w.jj

pro

ject

con

sult

ing.

com

.au

8* Subject to Copyright

ww

w.jj

pro

ject

con

sult

ing.

com

.au

9

ww

w.jj

pro

ject

con

sult

ing.

com

.au

10

ww

w.jj

pro

ject

con

sult

ing.

com

.au

11

ISO/TR 31004

ww

w.jj

pro

ject

con

sult

ing.

com

.au

12

Implementing 31000 – 3.1

General Methodology

A. Comparing current practise with that described in ISO 31000

B. Identifying what needs to change and preparing and implementing a plan for doing so

C. Maintaining ongoing monitoring and review to ensure currency and continuous improvement

ww

w.jj

pro

ject

con

sult

ing.

com

.au

13

Implementing 31000 – 3.3Integration of ISO 31000 into the Organisations management processes

• 3.3.1 General• Choice and order of elements should be tailored to the needs of the

organisation and stakeholders• Integration supports the overall business strategy• Meet the organisations objectives and protect/create value• Consider culture and change management methodologies

• 3.3.2 Mandate & Commitment• Any business management activity begins with an analysis of the

rationale…and cost / benefit analysis• Implementation process typically involves the following;

• Acquiring mandate & commitment• A gap analysis• Tailoring & scale based on org needs, culture and creating value• Evaluating risks associated with transition• Developing a business plan – objectives, scope, accountabilities, timeframe &

resources• Identifying the context of implementation, inc. communication with stakeholders

ww

w.jj

pro

ject

con

sult

ing.

com

.au

14

Implementing 31000 – 3.3

• 3.3.3 Designing the Framework• Existing approaches to RM should be evaluated (in context)• Consider legal / regulatory / customer obligations and certification

requirements• Careful tailoring of the design and implementation plan• Permit alignment with the structure, culture and general systems• Establish risk criteria – consistent with the objectives & risk attitude

• 3.3.3.2 – decide which aspects of the current RM approach…• Could continue to be used in the future and extended to other areas• Need amendment or enhancement• No longer add value and should be discontinued

• 3.3.4 Implementing the Framework• A detailed implementation plan is needed = ref PM 101

(including its own implementation R/A)

ww

w.jj

pro

ject

con

sult

ing.

com

.au

15

Implementing 31000 – 3.4

• 3.4 Continual Improvement

• As part of Monitoring & Review

• Assess whether design of framework & processes remains appropriate

• Assess whether implementation is adding value as intended

• Constant awareness and uptake of the opportunity for improvement

ww

w.jj

pro

ject

con

sult

ing.

com

.au

16

ISO/TR 31004

ww

w.jj

pro

ject

con

sult

ing.

com

.au

17

Annex B – Application of ISO 31000 Principles

Principles (Clause 3)

a) Creates value

b) Integral part of organisational processes

c) Part of decision making

d) Explicitly address uncertainty

e) Systematic, structured and timely

f) Based on the best available information

g) Tailored

h) Takes human and cultural factors into account

i) Transparent and inclusive

j) Dynamic, iterative and responsive to change

k) Facilitates continual improvement and enhancement of the organisation

ww

w.jj

pro

ject

con

sult

ing.

com

.au

18

Annex B – Application of ISO 31000 Principles

c) Part of decision making

Risk Management helps decision makers make informed choices, prioritise actions and distinguish among

alternative courses of action.How to apply the principle

• States that RM provides the foundation for informed decision making

• Should be integrated into activities supporting the achievement of objectives and the decision-making process

• Decision-making should assess and treat risk, proactively

Practical Help

Following questions should be carefully considered…

• How…Who….What….

ww

w.jj

pro

ject

con

sult

ing.

com

.au

19

Annex B – Application of ISO 31000 Principles

Masterclass Exercise

• Aim Working as a table cohort, examine the designated Principle and content provided in 31004, to conclude on its usefulness as a guide to application by practitioners.

• Method Team discussionFlip-chart

• Deliverable Appointed speaker to provide 1 min summary of table discussion and findings;- How to Apply overall scope out of 10- Practical Help useful Y/N- biggest challenge?- what’s missing?

• Time 15 minutes (5 read + 5 discuss + 5 prep)

ww

w.jj

pro

ject

con

sult

ing.

com

.au

20

ISO/TR 31004

ww

w.jj

pro

ject

con

sult

ing.

com

.au

21

Annex E – Integrating risk management within a management systemE2 What is a management system?

ww

w.jj

pro

ject

con

sult

ing.

com

.au

22

Annex E – Integrating risk management within a management system

E1 General

• Integrate RM into organisations system of management (inc.governance & strategy)

• If purpose is to add value, logically signifies adopting ways to influence what already takes place, to enhance & improve it, as a natural function of decision making

• Requires the adaption and alteration of tools and processes to suit the needs of the decision makers and their existing processes for decision making

E3 approach

• Integration with core business processes AND create interaction between all management systems

• The RM framework should extent to and incorporate all management systems

• Utilising risk assessment techniques within other systems

ww

w.jj

pro

ject

con

sult

ing.

com

.au

23

Annex E – Integrating risk management within a management system

E4 Implementing RM into a Quality Management System framework

ww

w.jj

pro

ject

con

sult

ing.

com

.au

24

In conclusion….

“For organisations that have transitioned to ISO 31000, there should be a constant awareness and uptake of the opportunity for improvement”. ISO/TR 31004:2013

25

ww

w.jj

pro

ject

con

sult

ing.

com

.au