ISO31000 - Risk Management Standard

00:13:25
https://www.youtube.com/watch?v=lsknePz5TGQ

Ringkasan

TLDRThe video discusses ISO 31000, a risk management standard that outlines a systematic process for managing risks within organizations. It starts with the importance of understanding the difference between projects and operations, emphasizing the role of risk management amid corporate collapses and disasters. The video explains critical components of risk management, including the identification and analysis of risks through probability and consequence. It provides a procedural approach to risk management consisting of steps such as risk context establishment, identification, analysis, evaluation, and treatment strategies. The key treatment strategies discussed include acceptance, avoidance, mitigation, and transfer, culminating in the creation of a risk register for effective stakeholder communication. The emphasis is on a structured approach that adapts to changing environments.

Takeaways

  • πŸ“Œ Understand the difference between projects and operations
  • πŸ” Define key terms like risk and uncertainty
  • ⚠️ Importance of risk management in avoiding corporate collapses
  • πŸ“Š Two main elements of risk: probability and consequence
  • πŸ› οΈ ISO 31000 provides a systematic approach to risk management
  • πŸ“… Steps include establishing context, identifying, analyzing, evaluating risks
  • πŸ“ Create a risk register for effective communication
  • πŸ“ˆ Treatment strategies: acceptance, avoidance, mitigation, transfer
  • πŸ‘₯ Involve all relevant stakeholders in the process
  • πŸ”„ Adapt the risk management process to changing environments

Garis waktu

  • 00:00:00 - 00:05:00

    This section introduces the ISO 31000 risk management standard, differentiating between projects as temporary endeavors and operations as ongoing activities. It emphasizes the significance of understanding risk, with examples like corporate collapses (e.g., Decker Smith and FDX) and the COVID-19 pandemic. Risk management involves assessing probabilities and consequences of risks, leading to effective strategies for identification, assessment, treatment, and monitoring of risks within organizations.

  • 00:05:00 - 00:13:25

    The procedural approach to ISO 31000 is outlined, starting with establishing the risk context, defining roles and responsibilities, and identifying risks related to project objectives. The analysis of risks requires determining likelihood and impact through descriptive ratings. The evaluation uses a risk matrix for prioritization, creating a risk register for stakeholders. Risk treatment options include acceptance, avoidance, mitigation, and transfer, ensuring a structured response to identified risks.

Peta Pikiran

Video Tanya Jawab

  • What is ISO 31000?

    ISO 31000 is a risk management standard that provides guidelines for creating a structured and systematic approach to managing risks.

  • Why is risk management important?

    Risk management is crucial to prevent corporate failures, unexpected disasters, and mitigate impacts from events like the COVID-19 pandemic.

  • What are the first steps in the ISO 31000 process?

    The first steps include establishing the context, identifying risks, and analyzing risks.

  • What is a risk register?

    A risk register is a document that records identified risks, their analysis, and management strategies for communication with stakeholders.

  • What are the main strategies for risk treatment?

    The main strategies are acceptance, avoidance, mitigation, and transfer.

Lihat lebih banyak ringkasan video

Dapatkan akses instan ke ringkasan video YouTube gratis yang didukung oleh AI!
Teks
en
Gulir Otomatis:
  • 00:00:01
    welcome everyone in this video we will
  • 00:00:04
    be talking about risk management
  • 00:00:05
    standard Hardware ISO 31 000.
  • 00:00:09
    some important definitions to start with
  • 00:00:12
    the difference between a project which
  • 00:00:15
    is a temporary in the verb and
  • 00:00:18
    operations that refers to repetitive
  • 00:00:21
    activities to produce a service or
  • 00:00:24
    product
  • 00:00:26
    in terms of risks and determinology and
  • 00:00:32
    we have uncertainty that refers to lack
  • 00:00:35
    of information or shortage of knowledge
  • 00:00:38
    about the phenomena and the risk or risk
  • 00:00:42
    scenario
  • 00:00:44
    is when the situation comes to fruition
  • 00:00:49
    an example in here we are on certain and
  • 00:00:53
    have a shortage of knowledge about
  • 00:00:55
    availability of resources in a project
  • 00:00:58
    and this might trigger
  • 00:01:02
    the risk of delays for the project
  • 00:01:07
    late completions
  • 00:01:11
    the question comes to mind why we should
  • 00:01:15
    focus on risk management there have been
  • 00:01:18
    many instances of corporate collapses in
  • 00:01:23
    the world
  • 00:01:24
    a recent example in Australia was the
  • 00:01:27
    retail giant Decker Smith
  • 00:01:30
    and we have also heard about FDX which
  • 00:01:36
    was active in the cryptocurrency market
  • 00:01:40
    other
  • 00:01:42
    risks scenarios such as an actual
  • 00:01:44
    disasters and more recently
  • 00:01:48
    covid-19 pandemic
  • 00:01:51
    and the consequences of these risks
  • 00:01:54
    shows us data risk management is a very
  • 00:01:59
    important term
  • 00:02:01
    concept to focus on
  • 00:02:05
    there are two main elements when looking
  • 00:02:07
    at any risk a scenario probability or
  • 00:02:11
    likelihood is the first one and we have
  • 00:02:16
    the consequence or impact an example in
  • 00:02:20
    here there is a 50 chance of heavy
  • 00:02:23
    showers resulting in floods so we have
  • 00:02:28
    the element of chance or probability and
  • 00:02:32
    the consequence
  • 00:02:38
    risk management standard was a
  • 00:02:42
    first established and published in 2009
  • 00:02:45
    with a revision in 2018
  • 00:02:48
    uh the very favorable
  • 00:02:52
    property of this standard is a
  • 00:02:54
    systematic and structured approach it
  • 00:02:57
    has for identification assessment
  • 00:03:00
    treating and monitoring risks
  • 00:03:05
    it is based on principles of risk
  • 00:03:09
    management
  • 00:03:10
    including creation of value
  • 00:03:13
    integrating into processes being a
  • 00:03:17
    structured and comprehensive and
  • 00:03:20
    inclusive approach that involves all
  • 00:03:25
    relevant asset holders and also the
  • 00:03:28
    standard is very Dynamic and it can be
  • 00:03:32
    used in response to changes into
  • 00:03:34
    internal and external environment
  • 00:03:39
    here is a diagram of the procedural
  • 00:03:44
    approach in an ISO 31000 which starts
  • 00:03:48
    with establishing the context followed
  • 00:03:51
    by risk identification risk analysis and
  • 00:03:54
    risk evaluation and risk treatment
  • 00:03:59
    monitoring and review and also
  • 00:04:01
    communication and consultation with the
  • 00:04:04
    stakeholders or other important pillars
  • 00:04:08
    of this standard
  • 00:04:12
    the first step focuses on establishing
  • 00:04:14
    the risk context to understand what is
  • 00:04:19
    the appropriate level of risk tolerance
  • 00:04:22
    for an individual or organization
  • 00:04:26
    and also definition of rules and
  • 00:04:28
    responsibility
  • 00:04:33
    here is an example which defines a risky
  • 00:04:37
    tolerances
  • 00:04:38
    and you can see in the first column on
  • 00:04:42
    the risk level
  • 00:04:44
    we have very high to low levels in here
  • 00:04:50
    uh in a very high level of risk it is
  • 00:04:54
    obviously not acceptable and it creates
  • 00:04:58
    a large or severe impact for the related
  • 00:05:02
    activity and it should be seized
  • 00:05:04
    immediately
  • 00:05:07
    on the very low end of this spectrum we
  • 00:05:12
    have an acceptable
  • 00:05:14
    risk level which is tolerable and there
  • 00:05:18
    is no required treatment strategy and
  • 00:05:22
    that needs to be implemented
  • 00:05:26
    and it needs to be
  • 00:05:28
    still periodically monitored to ensure
  • 00:05:32
    that no changes in the situation is
  • 00:05:35
    likely to happen
  • 00:05:39
    the second step on their establishing
  • 00:05:41
    the risk context is to Define roles and
  • 00:05:44
    responsibilities here is an example that
  • 00:05:49
    shows the hierarchy of the rules
  • 00:05:52
    starting from Chief Executive
  • 00:05:56
    which has very high level
  • 00:05:58
    responsibilities to maintain a culture
  • 00:06:01
    of risk awareness and then it comes to
  • 00:06:06
    executive and Senior Management
  • 00:06:09
    responsibilities to nominate
  • 00:06:12
    risk assessment facilitators or wraps
  • 00:06:16
    and for those facilitators we have
  • 00:06:20
    responsibilities such as you know
  • 00:06:22
    reporting
  • 00:06:24
    um
  • 00:06:26
    the area of responsibility and it can be
  • 00:06:30
    weekly monthly or quarterly report and
  • 00:06:33
    for every project team and we have the
  • 00:06:37
    responsibility of supporting and
  • 00:06:38
    reporting to maths
  • 00:06:42
    of course this is an example and for
  • 00:06:43
    different organizations this can differ
  • 00:06:47
    back to our procedural approach the next
  • 00:06:52
    step is to identify the risks and we
  • 00:06:57
    need to
  • 00:06:58
    be aware of critical project objectives
  • 00:07:01
    and identify the threats on those
  • 00:07:03
    objectives and formulate risk scenarios
  • 00:07:06
    here we have three
  • 00:07:08
    examples in the first one for example
  • 00:07:12
    increasing the cost of Steel rebars May
  • 00:07:15
    prevent the foundation stage of the
  • 00:07:17
    project to be completed within the
  • 00:07:20
    specified budget
  • 00:07:22
    the second bond is obviously
  • 00:07:25
    um safety
  • 00:07:26
    breaches and risks and this third risk
  • 00:07:31
    scenario is related to quality of the
  • 00:07:34
    project
  • 00:07:37
    the third step which is risk analysis we
  • 00:07:41
    need to we need to determine the
  • 00:07:43
    likelihood of
  • 00:07:46
    risks and also impact
  • 00:07:50
    in terms of likelihood we can consider
  • 00:07:54
    you know probabilities in different
  • 00:07:57
    ranges and use descriptive ratings such
  • 00:08:02
    as rare unlikely possible likely and
  • 00:08:05
    highly likely for them
  • 00:08:07
    and then on their impact we can again
  • 00:08:12
    use verbal descriptors such as very
  • 00:08:15
    severe severe moderate minor and then
  • 00:08:18
    negligible to identify the impact
  • 00:08:25
    to our procedural approach an X or
  • 00:08:28
    fourth step is evaluation of risks and
  • 00:08:31
    here we need to determine and also
  • 00:08:35
    prioritize risks and also
  • 00:08:38
    create a risk register for communication
  • 00:08:42
    to project the stakeholders
  • 00:08:46
    for a ResCare prioritization sometimes a
  • 00:08:52
    risk Matrix or
  • 00:08:55
    fever diagram is used which is color
  • 00:08:59
    coded most often in this example we can
  • 00:09:03
    see a 7.7 risk Matrix depending on the
  • 00:09:08
    need of organization it can be 3.3 7.7
  • 00:09:13
    or higher dimensions
  • 00:09:16
    as you can see the color coding is
  • 00:09:21
    subjective to the need of the
  • 00:09:25
    organization in here we have low
  • 00:09:29
    priorities
  • 00:09:31
    color included by green and moving to
  • 00:09:34
    medium yellow and orange and also we
  • 00:09:38
    have high and very high priority for
  • 00:09:41
    risks using environment tones of
  • 00:09:45
    choleroid like red
  • 00:09:51
    risk is uh obviously a function of
  • 00:09:54
    likelihood and impact
  • 00:10:00
    the next
  • 00:10:02
    step on the risk evaluation is to
  • 00:10:06
    formulate a risk register and it has
  • 00:10:10
    some standard components necessary for
  • 00:10:14
    communication to project and
  • 00:10:16
    stakeholders
  • 00:10:18
    here is an example on the left hand side
  • 00:10:22
    of this risk register we have this
  • 00:10:25
    identification analysis in the middle
  • 00:10:28
    and ResCare management steps on the
  • 00:10:31
    right hand side
  • 00:10:32
    it is now populated with a
  • 00:10:38
    daughter and as you can see and this is
  • 00:10:42
    relevant to an environmental risk and
  • 00:10:46
    before
  • 00:10:48
    the risk treatment
  • 00:10:50
    we have the daughter and also hostile
  • 00:10:54
    mitigation or treatment
  • 00:10:56
    it has been recorded in this register
  • 00:11:02
    foreign
  • 00:11:04
    step five which is risk treatment
  • 00:11:09
    there are several strategies of
  • 00:11:11
    acceptance avoidance mitigation or
  • 00:11:14
    transfer that can be adopted
  • 00:11:17
    acceptance or retention of the risk
  • 00:11:20
    refers to the situation that um
  • 00:11:23
    the risk is tolerable and
  • 00:11:27
    no further action is required to reduce
  • 00:11:31
    it and the management should approve
  • 00:11:37
    such a treatment strategy to accept
  • 00:11:40
    risks
  • 00:11:43
    avoidance is another strategy we have an
  • 00:11:48
    example in here we can seize any online
  • 00:11:52
    payment transactions to avoid the risk
  • 00:11:56
    of
  • 00:11:58
    hackers and online attackers to Nature
  • 00:12:03
    fraud land payments sometimes it may
  • 00:12:06
    seem extreme but if the risk is not
  • 00:12:12
    tolerable
  • 00:12:13
    this strategy for treatment is advisable
  • 00:12:18
    this grid option is another treatment
  • 00:12:22
    strategy and the example we have in here
  • 00:12:26
    is to implementation of a firewall to
  • 00:12:32
    reduce system communication with the
  • 00:12:35
    malicious external servers
  • 00:12:40
    risk transfer usually refers to
  • 00:12:44
    transfer the risk to a third party it
  • 00:12:48
    can be using insurance or so Contracting
  • 00:12:53
    as very common Solutions in here
  • 00:12:58
    for a child we talked about
  • 00:13:00
    ISO 31 000 which is risk management
  • 00:13:03
    standard with them it's a procedural
  • 00:13:08
    steps to manage the risks
  • 00:13:14
    for your attention looking forward to
  • 00:13:17
    our future discussions about similar
  • 00:13:21
    topics
Tags
  • ISO 31000
  • risk management
  • project management
  • operations
  • risk assessment
  • probability
  • consequence
  • risk treatment
  • risk register
  • corporate failures