1

And Learning & Coaching Gedung City Square C-22 Jl Abdulrahman Saleh – Bandung tel : 022-6125446 / 447 Fax : 022-6125427 http://www.and-lc.com Consultant : Setiono Winardi,SH.,MBA E. winardi67@gmail.com M.+62-813-1542-1509

ISO 31000 – 2009, RISK MANAGEMENT

Background In all business activities conducted by the company, foundation or non-profit organizations, cooperatives, and industry will employ a process of risk, which is currently handling the risk is not getting treatment uniformly to various process risks done by a variety of business entities including the organization of non profit. ISO 31000 - 2009 to provide general principles and guidelines for the management of the risks faced, which will provide universal paradigm for practitioners and companies, as well as setting standards and methodologies together on a variety of different industries throughout the region and internationally accepted. ISO 31000-2009, relate to 1. ISO 31000: 2009 - Principles and Guidelines on Implementation 2. ISO / IEC 31010: 2009 - Risk Management - Risk Assessment Techniques 3. ISO Guide 73: 2009 - Risk Management - Vocabulary 4. ISO 21500 - Guidance on Project Management standards to align with ISO 31000: 2009 Understanding ISO 31000-2009 - Risk Management ISO 31000-2009, provides the principles and general guidelines on risk management, which can be used by the public, the company (organization), association, group or individual, and not addressed to a particular industry or sector, because it can be applied throughout the life of the organization , a variety of activities, including the strategies implemented and the decision to determine the risk, operations, business processes, functions, projects, products, services and assets that can be applied to all types of risk, regardless of the nature or kind, including the consequences of positive or negative. ISO 31000-2009 only provide guidance of a general nature and is not intended to carry out the similarities in managing risks in the institution, yet provide the design to implement the plan in risk management framework, including taking into account the needs of the organization, vision, mission, objectivity, structure, operation, processes, functions, projects, products, services, or assets and used in practice. Objective ISO 31000 - 2009 1. Provide the principles and general guidelines on risk management, which can be used on the

entire industry or sector, as it can be applied to the whole of life, including implementing strategies and decisions to define something, so it can be applied to all types of risk, regardless of the nature or kind, including the consequences of positive or negative.

2

2. Aligning the risk management processes in existing standards in the future, through a

common approach to supporting standards relating to the risk and/or certain sectors, and doesn’t replace the standard, and is not intended for certification purposes.

3. Transformation to

3.1. Executive level stakeholders 3.2. Decision makers in risk management in the company 3.3. Officers risk analysis 3.4. Line managers and project managers 3.5. Compliance officer and internal auditor 3.6. Independent practitioners.

4. Have the skills to analyze, categorize and manage the risks faced and overcome these

problems. 5. Have the ability to apply good corporate governance is based on legislation in force. 6. Have the skills to perform compliance and transparency of the company, before the law. Benefits 1. Avoiding the risk by deciding not to start or continue with activities that pose a risk 2. Accept or increase the risk to pursue opportunity, through

2.1. Removing the source of the risk 2.2. Changing possibilities 2.3. Change consequences 2.4. Sharing the risk with another party or parties (including contracts and risk financing) 2.5. Maintaining risk by decision

3. Transfer the accountability gap in risk management in the company, through: 3.1. Aligning the objectives of the framework of governance with ISO 31000 3.2. Embedding reporting mechanism for management systems 3.3. Creating risk criteria uniformly to the metric evaluation

4. Increase the likelihood of achieving the goal; 4.1. Encourage proactive management 4.2. Recognizing the need to identify and treat risk throughout the organization; 4.3. Increase in the identification of opportunities and threats; 4.4. Achieve risk management practices that are compatible between organizations and

countries; 5. Comply with the requirements of relevant laws and regulations and international norms; 6. Improving governance and control as well as improve the effectiveness and efficiency of

operations; 7. Establish a reliable basis for decision making and planning 8. Effectively allocate and use resources for risk treatment; 9. Improve the performance of health, safety and environmental protection; 10. Improve loss prevention and incident management; 11. Minimizing losses, through increased learning and organizational resilience Content ISO 31000 - 2009 1. Various terms in risk management and definition 2. Strategy to guide and inform effective risk management for a company 3. Overview and processes to create a risk management framework

3

4. Overview and processes to create a risk management process 5. Basic credible and structured for risk management. 6. Beginning of the risk management process. 7. The basis for comparison and assessment of the risk management process. 8. The risk management framework 9. Risk Management Program 10. Issues Risk Management of current and future 11. Risk Management Assessment conducted 12. Concern for Risk Management Reference Designing ISO 31000 – 2009 1. Hubbard, Douglas (2009). The Failure of Risk Management: Why It's Broken and How to

Fix It. John Wiley & Sons. p. 46. 2. Antunes, Ricardo; Gonzalez, Vicente (3 March 2015). "A Production Model for

Construction: A Theoretical Framework". Buildings 5 (1): 209–228. doi:10.3390/buildings5010209.

3. ISO/IEC Guide 73:2009 (2009). Risk management — Vocabulary. International Organization for Standardization.

4. ISO/DIS 31000 (2009). Risk management — Principles and guidelines on implementation. International Organization for Standardization.

5. Trevisani, Daniele (2007). Regie di Cambiamento (Translated Title: The Directions of Change), Franco Angeli Publisher, Milan, ISBN 9788846483775

6. Bent Flyvbjerg and Alexander Budzier, 2011, "Why Your IT Project May Be Riskier Than You Think", Harvard Business Review, vol. 89, no. 9, pp. 601-603

7. "Committee Draft of ISO 31000 Risk management" (PDF). International Organization for Standardization. 2007-06-15.

8. CMU/SEI-93-TR-6 Taxonomy-based risk identification in software industry. Sei.cmu.edu. Retrieved on 2012-04-17.

9. Common Vulnerability and Exposures list. Cve.mitre.org. Retrieved on 2012-04-17. 10. Crockford, Neil (1986). An Introduction to Risk Management (2 ed.). Cambridge, UK:

Woodhead-Faulkner. p. 18. ISBN 0-85941-332-2. 11. Dorfman, Mark S. (2007). Introduction to Risk Management and Insurance (9 ed.).

Englewood Cliffs, N.J: Prentice Hall. ISBN 0-13-224227-3. 12. McGivern, Gerry; Fischer, Michael D. (1 February 2012). "Reactivity and reactions to

regulatory transparency in medicine, psychotherapy and counseling". Social Science & Medicine 74 (3): 289–296. doi:10.1016/j.socscimed.2011.09.035. PMID 22104085.

13. IADC HSE Case Guidelines for MODUs 3.2, section 4.7 14. Roehrig, P (2006). "Bet On Governance To Manage Outsourcing Risk". Business Trends

Quarterly. 15. Lev Virine and Michael Trumper. Project Decisions: The Art and Science. (2007).

Management Concepts. Vienna. VA. ISBN 978-1-56726-217-9 16. Lev Virine and Michael Trumper. ProjectThink: Why Good Managers Make Poor Project

Choices. Gower Pub Co. ISBN 978-1409454984 17. Peter Simon and David Hillson, Practical Risk Management: The ATOM Methodology

(2012). Management Concepts. Vienna, VA. ISBN 978-1567263664 18. Flyvbjerg, Bent (2003). Megaprojects and Risk: An Anatomy of Ambition. Cambridge

University Press. ISBN 0521804205.

19. Oxford BT Centre for Major Program Management 20. Craig Taylor and Erik Van Marcke, ed. (2002). Acceptable Risk Processes: Lifelines and

Natural Hazards. Reston, VA: ASCE, TCLEE. ISBN 9780784406236.

4

21. Cortada, James W. (2003-12-04). The Digital Hand: How Computers Changed the Work

of American Manufacturing, Transportation, and Retail Industries. USA: Oxford University Press. p. 512. ISBN 0-19-516588-8.

22. Cortada, James W. (2005-11-03). The Digital Hand: Volume II: How Computers Changed the Work of American Financial, Telecommunications, Media, and Entertainment Industries. USA: Oxford University Press. ISBN 978-0-19-516587-6.

23. Cortada, James W. (2007-11-06). The Digital Hand, Vol 3: How Computers Changed the Work of American Public Sector Industries. USA: Oxford University Press. p. 496. ISBN 978-0-19-516586-9.

24. BowtieXP. Retrieved on 2014-03-04. 25. Saghee M, Sandle T, Tidswell E (editors) (2011). Microbiology and Sterility Assurance in

Pharmaceuticals and Medical Devices (1st ed.). Business Horizons. ISBN 978-8190646741. 26. Navy and Marine Corps Public Health Center, A Risk Communication Primer—Tools and

Techniques 27. U.S. Department of Homeland Security, Understanding Risk Communication Theory: A

Guide for Emergency Managers and Communicators Report to Human Factors/Behavioral Sciences Division, Science and Technology Directorate, May 2012