7/19/2020

Fundamentals of Risk
Management
Based on ISO 31000:2018 Risk Management
Guidelines

Dr. Ryan T. Liba, CHE, FSCO

Facilitator

Intended Learning Outcomes

At the end of this session, the students are expected to:

Explain the Principles, framework and process of Risk

Management

Identify, analyze, evaluate, treat the organizational

functional, and/or process risks

Monitor, review, record, and report the actions to address

the risks and opportunities.

1
 7/19/2020

Presentation Outline
3. Terms and definitions

4. Principles

5. Framework
5.1 General
5.2 Leadership and commitment
5.3 Integration
5.4 Design
5.5 Implementation
5.6 Evaluation
5.7 Improvement

Contents
6. Process
6.1 General
6.2 Communication and consultation
6.3 Scope, context and criteria
6.4 Risk assessment
6.4.1 General
6.4.2 Risk identification
6.4.3 Risk analysis
6.4.4 Risk evaluation
6.5 Risk treatment
6.5.1 General
6.5.2 Selection of risk treatment options
6.5.3 Preparing and implementing risk treatment plans
6.6 Monitoring and review
6.7 Recording and reporting

2
 7/19/2020

Figure 1.
Principles, framework and
Process of Risk Management

5 Framework
5.1 General

The purpose of the risk management

framework is to assist the organization in
integrating risk management into
significant activities and functions.

Figure 3 — Framework

3
 7/19/2020

5 Framework
5.2 Leadership and commitment - Top management and oversight bodies,
where applicable, should ensure that risk management is integrated into all
organizational activities and should demonstrate leadership and commitment
by:

customizing and implementing all components of the framework;

issuing a statement or policy that establishes a risk management approach, plan

or course of action;

ensuring that the necessary resources are allocated to managing risk;

assigning authority, responsibility and accountability at appropriate levels within

the organization

5 Framework
by demonstrating leadership and commitment, this will help the
organization to:
establish the amount and
criteria, ensuring that
align risk management recognize and address all type of risk that may or
they are communicated
with its objectives, obligations, as well as its may not be taken to
to the organization and
strategy and culture; voluntary commitments; guide the development
its stakeholders;
of risk

ensure that the risk

communicate the value
of risk management to
the organization and its
stakeholders;
management framework
promote systematic
remains appropriate to
monitoring of risks;
the context of the
organization.

4
 7/19/2020

5 Framework
Top management is accountable for managing risk while oversight bodies
are accountable for overseeing risk management. Oversight bodies are
often expected or required to:
ensure that risks are
understand the risks ensure that systems to
adequately considered
facing the organization manage such risks are
when setting the
in pursuit of its implemented and
organization’s
objectives; operating effectively;
objectives;

ensure that such risks ensure that information

are appropriate in the about such risks and
context of the their management is
organization’s properly
objectives; communicated.

5 Framework
5.3 Integration
• Integrating risk management relies on an
understanding of organizational structures and
context.
• Structures differ depending on the organization’s
purpose, goals and complexity.
• Risk is managed in every part of the organization’s
structure. Everyone in an organization has
responsibility for managing risk.

5
 7/19/2020

5 Framework
5.4 Design
5.4.1 Understanding the organization
and its context
When designing the framework for
managing risk, the organization should
examine and understand its external
and internal context

5 Framework
Organization’s External Context
the social, cultural,
political, legal, factors, whether key drivers and trends
regulatory, financial, international, national, affecting the objectives
technological, economic regional or local; of the organization;
and environmental

external stakeholders’
contractual the complexity of
relationships,
relationships and networks and
perceptions, values,
commitments; dependencies.
needs and expectations;

6
 7/19/2020

5 Framework Organization’s Internal Context

governance,
vision, mission and organizational strategy, objectives and the organization’s
values; structure, roles and policies; culture;
accountabilities;

capabilities, understood
standards, guidelines in terms of resources property, processes, data, information
and models adopted by and knowledge (e.g. systems and systems and
the organization; capital, time, people, technologies); information flows;
intellectual

relationships with
internal stakeholders, contractual
interdependencies and
taking into account relationships and
interconnections.
their perceptions and commitments;
values;

5 Framework
5.4.2 Articulating risk management
commitment

Top management and oversight bodies, where

applicable, should demonstrate and articulate
their continual commitment to risk
management through a policy, a statement or
other forms that clearly convey an organization’s
objectives and commitment to risk
management.

7
 7/19/2020

5 Framework
The commitment should include, but is not limited to:
the organization’s reinforcing the need to
leading the integration
purpose for managing integrate risk authorities,
of risk management into
risk and links to its management into the responsibilities and
core business activities
objectives and other overall culture of the accountabilities;
and decision-making;
policies; organization;

measurement and
the way in which
making the necessary reporting within the review and
conflicting objectives
resources available; organization’s improvement
are dealt with;
performance indicators;

5 Framework
5.4.3 Assigning organizational roles, authorities, responsibilities and
accountabilities

Top management and oversight bodies, where applicable, should ensure that
the authorities, responsibilities and accountabilities for relevant roles with
respect to risk management are assigned and communicated at all levels of the
organization, and should:

emphasize that risk management is a core responsibility;

identify individuals who have the accountability and authority to manage

risk (risk owners).

8
 7/19/2020

5 Framework
5.4.4 Allocating resources

the organization’s
people, skills, documented
processes, methods
experience and processes and
and tools to be used
competence; procedures;
for managing risk;

information and
professional
knowledge
development and
management
training needs
systems;

5 Framework
5.4.5 Establishing communication and
consultation
The organization should establish an
approved approach to communication and
consultation in order to support the
framework and facilitate the effective
application of risk management.

9
 7/19/2020

5 Framework
5.5 Implementation
The organization should implement the risk management framework by:

developing an appropriate plan including time and resources;

identifying where, when and how different types of decisions are made
across the organization, and by whom;

modifying the applicable decision-making processes where necessary;

ensuring that the organization’s arrangements for managing risk are

clearly understood and practised.

5 Framework
5.6 Evaluation

In order to evaluate the effectiveness of the risk

management framework, the organization should:

• periodically measure risk management framework

performance against its purpose, implementation
plans, indicators and expected behaviour;

• determine whether it remains suitable to support

achieving the objectives of the organization.

10
 7/19/2020

5 Framework
5.7 Improvement
5.7.1 Adapting
The organization should continually monitor
and adapt the risk management framework
to address external and internal changes. In
doing so, the organization can improve its
value.
5.7.2 Continually improving
The organization should continually improve
the suitability, adequacy and effectiveness
of the risk management framework and the
way the risk management process is
integrated.

Framework of Risk
Management
Review

Figure 3 — Framework

11
 7/19/2020

References
ISO 31000:2018 Risk management — Guidelines. International
Organization for Standardization, Switzerland. Retrieved from
https://www.iso.org/obp/ui/#iso:std:iso:31000:ed-2:v1:en

Risk Management as Applied to Sanitation,

Safety and Security
CLUSTER

Dr. Ryan T. Liba, CHE, FSCO Ms. Maria Margarita P. Cruz

12
7/19/2020

13