Approaches to risk management 
112
3 
Terms and definitions
4 
Context of the organization
5 
Leadership
6 
Planning
7 
Support
8 
Operation
9 
Performance evaluation
10 
Improvement
It is interesting to note that the structure does not explicitly describe framework and 
process as separate items, in the way that these are presented in ISO 31000. Perhaps 
this is part of the reason that there are currently (November 2016) no plans to
convert ISO 31000 into the Annex SL format. Nevertheless, the Annex SL structure 
enables organizations developing their own approach to enterprise risk management 
to devise an approach that is compatible with any other ISO standards implemented 
in the organization, including the most popular of all ISO standards – ISO 9001 on 
quality management.
Many of the headings used in Annex SL will be familiar to risk professionals,
including Clause 4: Context of the Organization. Clause 4 is intended to identify 
why the organization exists. As part of answering this question, the organization needs 
to identify external and internal issues that can impact on its intended outcomes, as 
well as all stakeholders and their requirements. Clause 5: Leadership and Clause 7: 
Support work together and can be considered to be equivalent to the risk architec-
ture, strategy and protocols (RASP) in relation to Clause 5, and the components of 
embedded risk management as leadership, involvement, learning, accountability and 
communication (LILAC) in relation to Clause 7.
Clause 6: Planning, Clause 8: Operation, Clause 9: Performance evaluation and 
Clause 10: Improvement are exactly equivalent to the plan–implement–measure–
learn (PIML) approach described in this book. The PIML approach is similar to
the plan–do–check–act (PDCA) terminology used by several organizations. An
important aspect of Annex SL is that the planning stage described in Clause 6 sets 
out two sub-clauses:
●
●
actions to address risks and opportunities;
●
●
management system, objectives and planning to achieve them.
This means that the requirement to plan and implement actions to address risks and 
opportunities is now embedded into ISO 9001 on quality management and will become 
embedded into other standards as the Annex SL format is progressively introduced.
The important lesson for risk professionals, as an increasing number of management 
system standards are migrated into the Annex SL format, is to seek to ensure that the 
enterprise risk management initiative is fully aligned with the Annex SL approach. 
This should ensure greater acceptance of an enterprise risk management initiative 
within the organization. One further important point to note is that Clause 8: 
Operation is described as having the bulk of the management system requirement, 
including the overall process and management that will include adequate criteria to 
control the processes.

Download 3.45 Mb.

Do'stlaringiz bilan baham: