Page 28 - Insurance Times November 2022
P. 28
What is risk management? ensures that these information is used as a basis for
decision making and accountability at all relevant
Risk management is defined as a set of coordinated activities
organizational levels.
to direct and control an organization with regard to risk.
This clause describes the necessary components of the
Structure of ISO 31000
framework for managing risk and the way in which they
This figure shows the relationships between the risk
interrelate in an iterative manner.
management principles, framework and process
Mandate and commitment: Management of the organization
Key caluses of ISO 31000:2009
needs to demonstrate a strong and sustained commitment
ISO 31000 is organized into the following main to risk management by defining risk management policy,
clauses: objectives, ensuring legal and regulatory compliance,
Clause 3: Principles ensuring necessary resources are allocated to risk
management, communicating the benefits of risk
Clause 4: Framework
management to all stakeholders.
Clause 5: Process
Design of framework for managing risk: Before the
Each of these key activities is listed below.
implementation, the organization must design a framework
Clause 3: Principles of risk management for managing risk. This includes:
Understanding of the organization and its context
In order to have an effective risk management, an
organization has to comply with these 11 principles. Establishing risk management policy
1. Risk management creates and protects value;
Ensuring accountability, authority and appropriate
2. Risk management is an integral part of all organizational competence for risk management
processes;
Integrating risk management into organizational
3. Risk management is part of decision making; processes
4. Risk management explicitly addresses uncertainty; Allocating appropriate resources
5. Risk management is systematic, structured and timely;
Establishing internal and external communication and
6. Risk management is based on the best available reporting mechanisms
information;
Implementing risk management: The organization must
7. Risk management is tailored;
implement the framework for managing risk and risk
8. Risk management takes human and cultural factors into
management process.
account;
9. Risk management is transparent and inclusive; Monitoring and review of the framework: To ensure
effectiveness of the risk management the organization should
10. Risk management is dynamic, iterative and responsive
measure risk management performance and progress,
to change;
review whether the risk management framework, policy and
11. Risk management facilitates continual improvement of
plan are still appropriate and review the effectiveness of the
the organization.
risk management framework.
Clause 4: Framework
Continual improvement of the framework: Based on results
ISO 31000 states that the success of risk management will
of monitoring and review, decisions should be made on how
depend on the effectiveness of the management framework
the risk management framework, policy and plan can be
providing the foundations and arrangements what will embed
improved.
it throughout the organization at all levels.
Risk assessment: Risk assessment is the overall process of
The framework:
risk identification, analysis and evaluation.
assists in managing risks effectively through the
Risk identification: Through applying risk identification
application of the risk management process;
tools and techniques, the organization should identify
ensures that information about risk derived from the risk sources, areas of impacts, events and causes, and
risk management process is adequately reported; and their potential consequences.
24 November 2022 The Insurance Times
