Fundamentals of Risk Management
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
|
Features of RM standards
The main risk management standards that have been developed are the IRM Standard, ISO 31000, British Standard BS 31100 and the COSO ERM framework. British Standard BS 31100:2011, entitled ‘Risk Management: Code of Practice and Guidance for the Implementation of BS ISO 31000’, was published in 2011. It emphasizes the requirement for a risk management framework to support the separately described risk management process. In particular, British Standard BS 31100 states that the risk management process should provide a systematic, effective and efficient way by which risks can be managed at different levels throughout the organization. The risk management framework is described in the British Standard in some detail. In fact, most of the standard is made up of a description of the risk manage- ment framework, together with a detailed part on how to develop risk management activities. Part of the reason for updating the original BS 31100:2008 was to align it more closely with ISO 31000. Therefore, the diagrams used in BS 31100:2011 are very similar, and in some cases identical, to those used in ISO 31000. The International Standards Organization (ISO) published ISO 31000 entitled ‘Risk Management: Principles and Guidelines’ in the latter part of 2009. The diagram used to illustrate the risk management process in ISO 31000 is reproduced in Figure 6.4. It could be argued that Figure 6.4 contains elements of the risk manage- ment framework, as well as the key stages of the risk management process. In addition to developing ISO 31000 and the guide to risk management terminology, Guide 73, work has also been completed on a guide to risk assessment techniques. ISO/IEC 31010 ‘Risk Management: Risk Assessment Techniques’ is a very comprehen- sive publication and it reflects current good practices in the selection and utilization of risk assessment techniques. Standards institutions around the world have a requirement for routine review of standards, typically every four years. Therefore, the existing standards, as well as those additional standards that are being developed, will be subject to review on a regular basis. This will ensure that the advice and guidance given in the various standards will remain up-to-date and in line with current practice. In addition to risk management standards, there are also a number of internal control standards in existence. These internal control frameworks have a different emphasis and are outside the scope of this book, with the exception of the Criteria of Control (CoCo) framework produced by the Canadian Institute of Chartered |
