Enterprise Risk Management and ISO 31000

Name: Enterprise Risk Management and ISO 31000
Rating: 4.2 (618 reviews)

Learn how to make better decisions in the increasingly uncertain business environment.

Created byAntonio Miguel

Last updated 7/2016

English

What you'll learn

Have a framework for the management of enterprise risk
Understand how risk management can be used to support organisations in achieving their objectives
Have the skills to effectively assess risk and to select appropriate risk treatment
Understand the benefits of risk management and its relationship with governance, social responsibility, sustainability, and organizational prosperity

Course content

4 sections • 21 lectures • 1h 39m total length

Welcome to the Course - Section Objective and Contents1:21
In this lecture students will be presented the objectives and contents of the course.
What is Risk and Risk Management?3:56
This lecture presents and discusses the concepts of Risk and Risk Management, according to ISO 31000.

It also discusses and exemplifies the three types of risks - pure risks, control risks, and opportunity risks. The lecture stresses the distinction between threats (negative risks) and opportunities (positive risks).

A downloadable document entitled “Achieving Rewards by Taking Risks” helps students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as a downloadable document.
Why Manage Risk?6:48
This lecture discusses the importance of managing risks in modern organizations and illustrates the effects of globalization in the increasing situations of risk to people and organizations. An exercise helps consolidate this important subject.

It also discusses the concept and the importance of stakeholders in risk management.

Finally, the main benefits of risk management – Financial, Infrastructure, reputational, and marketplace – are presented and discussed.

Two downloadable documents entitled “The Development of Risk Management” and “Making Risk Management Deliver Business Value” help students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Risk Management Principles and Attributes5:38
This lecture presents the nine risk management principles presented in ISO 31000, and discusses the five attributes of an effective risk management, according to the Institute of Risk Management (IRM): proportionate, aligned, comprehensive, embedded, and dynamic.

A downloadable document entitled “Principles of Risk Management” expands and consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Risk Management Disciplines3:58
This lecture introduces three disciplines of the risk management body of knowledge – Enterprise Risk Management, Governance, and Compliance – and discusses their role and importance.

Codes of Corporate Governance have been issued by many governments and institutions, with the objective of regulate the management of risk in several important sectors of activity, like financial and energy. The objectives and importance of the two main worldwide tendencies for these codes, are introduced and discussed.

A downloadable document entitled “ERM in the Pharmaceutical Industry” exemplifies the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Introduction to Risk Management

Objectives and Contents1:01
This lecture presents the objectives and contents of this section.
Overview of ISO 31000 Principles, Framework and Process4:18
This lecture presents an overview of the structure of ISO 31000 – risk management principles, risk management framework, and risk management process.

The first component of the structure – the risk management principles – have already been discussed in lecture 4. The third component – risk management process – will be deeply discussed in Section 3 of this course.

The five components the risk management framework – Mandate and Commitment , Framework Design, Risk Management Implementation, Framework Monitoring & Review, and Framework Continual Improvement – are detailed in their objectives and contents.

All the slides of the video presentation are included as downloadable documents.
Overview of COSO ERM 2013 Framework4:22
This lecture introduces COSO 2013, a risk management framework born in the United States of America in order to help listed companies cope with the Sarbanes-Oxley Act, a US federal law enacted July 30, 2002, that set new or enhanced standards for all U.S. public company boards, management and public accounting firms.

COSO first version was introduced in 2009 and in 2013 a new version, more adequate to the modern globalized world and its inherent risks, was launched.

COSO framework –also known as the COSO Cube – is presented and its three dimensions – Objectives, Internal Control, and Organizational Structure – discussed.

The lecture also discusses the benefits COSO framework provide to management.

Two downloadable documents entitled “COSO 2013 Executive Summary” and “COSO 2013 and SOX Compliance” help students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Risk Management Standards

Objectives and Contents1:03
This lecture presents yhe objectives and contents of section 3.
Communication and Consultation4:07
This lecture describes the first step in ISO 31000 risk management process: Communication and Consultation. It shows the importance of communicating with the various stakeholders and listening to their views.

A case study of a serious disaster occurred in 2012 is used to show students what can happen when stakeholders do not communicate.

A downloadable document entitled “Importance of Communicate and Consult” helps students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Establishing the Context2:36
This lecture describes the second step in ISO 31000 risk management process: Establish the Context. It shows the importance of analyzing the main aspects to be defined:

The internal and the external contexts,

The context of risk management, and

The risk criteria to be used.

It also describes the purpose and the importance of establishing correctly the context, for risk management to be a successful venture.

Students are kindly requested to perform an exercise about the risk management context in their organizations.

A downloadable document entitled “Importance of Establishing the Context” helps students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Risk Identification - Process and Tools10:23
This lecture addresses the first step in Risk Assessment: Risk Identification. It is the first step of a series of five; if not correctly done, the following steps can be compromised.

The lecture shows the importance of a correct and thorough risk identification, and describes several tools and techniques used in this process:

Workshops and brainstorming,

Questionnaires and checklists,

Inspections and audits,

Flowcharts and dependency analysis,

SWOT analisys, and

Risk bow-ties.

A structured risk checklist known by the acronym PESTLE is presented and developed.

Students are invited to perform an exercise: when given a list of alleged risks, identify the events that are actually risks, and know why the remaining events are not risks.

A case study is used to help students get familiar with the PESTLE risk identification tool.

The Risk Register is introduced at the end of the lecture and its importance in the whole risk management process is stressed.

A downloadable document entitled “PESTLE Analysis” helps students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Qualitative Risk Analysis - Process and Tools6:40
This lecture defines what Risk Analysis is and then develops the concept, the process and the tools for a Qualitative Evaluation of the risk.

We describe the two dimensions of risk – likelihood/probability and impact – as well as the Risk Matrix, a very important tool in risk management. The concept and applicability of Risk Exposure are also introduced and explained.

Students are invited to perform an exercise on risk identification and analysis. It is shown how to register the results of the qualitative analysis in the Risk Register

A downloadable document entitled “Importance of Risk Analysis” helps students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Quantitative Risk Analysis - Process and Tools7:08
This lecture shows the importance of performing a Quantitative Risk Analysis, as well as the criteria used to decide whether to perform it or not. A number of critical success factor for an effective quantitative analysis, is also presented.

The lecture presents and develops the three main tools used in Quantitative Risk Analysis:

Expected Monetary Value (EMV),

Decision Tree analysis,

Monte Carlo simulation.

Students are shown examples of application of those three tools - Expected Monetary Value, Decision Tree analysis, and Monte Carlo simulation in order to consolidate the concepts.

Two downloadable documents entitled “Monte Carlo Simulation” and “Decision Tree Analysis” help students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Risk Evaluation - Process and Tools7:04
Risk evaluation is the final step in the Risk Assessment process of ISO 31000. This lecture analysis the objectives of this step, and introduces four important concepts in Enterprise Risk Management:

Risk Appetite,

Risk Tolerance,

Risk Universe, and

Risk Capacity.

These concepts and their interrelations are graphically illustrated with suggestive pictures.

In this lecture you will also learn how to prioritize risks in terms of their significance and their relation to the organization's risk appetite.

The important concept of risk appetite is further detailed, bay analyzing the factors that can influence its value.

The characteristics of risk averse and risk aggressive organizations are illustrated by a Risk Matrix.

All the slides of the video presentation are included as downloadable documents.
Risk Treatment - Process and Tools6:36
According to ISO 31000 Risk Treatment is the process of modifying the risk profile. This lecture analysis risk treatment as a cyclical process, and details the typical risk responses for:

negative risks (threats), and

positive risks (opportunities),

as well as identifies which response is more suitable according to the risk profile, i.e., its likelihood/probability and impact.

Students are invited to solve an exercise, in order to consolidate the concepts presented.

A complete Risk Register for two different types of situations – risks in a high way and risks in a project – is presented to show how the exercise is completed.

A downloadable document entitled “Importance of Establishing the Context” helps students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Monitoring and Review - Process and Tools5:11
In this lecture you will learn about the importance of reporting risks and risk treatment actions and how to be assured that risks are being treated as planned.
Risk Management Processes

Objectives and Contents0:52
This Lecture presents the objectives and contents of this section 4.
Risk Management Maturity6:02
In this lecture you will learn what is needed in order to achieve excellence in risk management, through the concept of risk maturity.

Maturity models are a very useful tool for assessing the current state of maturity and helping in the way to excellence.

Several maturity models exist in the market, and are referenced in the lecture, but the model chosen to be detailed is the 4-N model, which describes four maturity levels in the way to excellence in risk management:

Naïve,

Novice,

Normalized, and

Natural.

The lecture also evaluates the organizational benefits of an enhanced maturity, and describes the necessary steps in the way from the lowest to the highest maturity level.

A downloadable document entitled “Risk Culture and Risk Maturity” helps students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Risk Aware Culture3:59
This lecture introduces the important concepts of Organizational Culture and Risk Culture and analyses their influence in risk management excellence.

The characteristics of a Risk Aware Culture are also described, as well as the framework LILAC that allows the assessment of the risk awareness level. This framework allows the evaluation of five characteristics of a risk aware culture:

Leadership,

Involvement,

Learning,

Accountability, and

Communication.

This framework states that the greater the level of risk maturity, the more embedded risk management activities will become within the routine operations undertaken by the organization.

A downloadable document entitled “Importance of a Risk Culture” helps students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Managing Supply Chain Risk6:29
This lecture analysis the risks associated to the modern business model of outsourcing components of the supply chain.

Outsourcing has obvious benefits, but also associated risks that can put in danger not only the benefits organizations look for, but also the business itself.

This lecture develops these aspects in the modern globalized world, with global clients and global partnerships.

Two examples of supply chain risks illustrate the likely risks associated with the dependency of global outsourcers.

The lecture also describes the most effective strategies to cope with the risks of this business model.

Students are invited to analyze a case study and identify the strategies used by an international company to mitigate the supply chain risks.

The lecture includes three downloadable documents describing the two business examples and the case study, and a document entitled “Managing Supply Chain Risk” that help students consolidate the subjects discussed in this lecture.

All the slides of the video presentation are included as downloadable documents.
Risk Maturity and Risk Culture

Requirements

No previous risk management experience needed.
Have a computer and an internet connection

Description

Enterprise Risk Management (ERM) provides a framework for organizations to deal with and to react to uncertainty. By identifying and proactively addressing risks and opportunities, business enterprises protect and create value for their stakeholders, including owners, employees, customers, regulators, and society overall.

This is a practical introductory course in Enterprise Risk Management (ERM) and ISO 31000, the global risk management standard. It uses real life practical examples to bring to life the way risk management works in practice. Students will learn risk management tools and techniques They can immediately apply at work.

The course is divided in four parts:

Part 1 - Introduction to Risk Management
Part 2 - Overview of Risk Management Standards
Part 3 - ISO 31000 and Risk Management Processes
Part 4 - Risk Culture

Each part includes exercises and/or case studies for a deeper and more effective understanding of the processes, tolls and techniques explained, as well as a simple quiz test to check your understanding of the subjects. All the slides are supplied as PDF documents.

In total, the course has 21 lectures, 4 quiz tests, 8 technical and managerial support documents, and 3 case studies. Also, there are several exercises to be done by the student in each section.

At the end of the course you will be awarded a certificate of completion granting 14 PDUs for PMI certification purposes.

If students want to apply to the International Certificate in Risk Management of the Institute of Risk Management, this course will be a valuable leverage.

Who should attend this course? Let me help you:

Are you a manager, a supervisor, a project manager, or a team leader concerned with making decisions taking into account the risks involved?
Are you an auditor, a safety practitioner, a risk practitioner or an insurance manager?
Are you a student of management or IT sensitive to the risks involved in decision making?

If you answered Yes to any of the above categories, this course is for you.

If you have any questions, please send an email to: antonio.miguel@pmskills.com. I will answer you back in a short time.

Who this course is for:

Chief executives and heads of departments who require a better understanding of risk management and the role it should play within their organizations.
Managers who are responsible for managing risk and/or embedding effective systems of corporate governance.
Insurance managers, brokers, safety practitioners, auditors, project managers, accountants, solicitors and consultants who are increasingly finding risk management is forming part of their remit or are expected to have a broad understanding of the subject.
Practitioners who require a refresher on recent developments in risk management.

Enterprise Risk Management and ISO 31000

What you'll learn

Explore related topics

Course content

Introduction to Risk Management5 lectures • 22min

Risk Management Standards3 lectures • 10min

ISO 31000 - Risk Management Process9 lectures • 51min

Risk Maturity and Risk Culture4 lectures • 17min

Requirements

Description

Who this course is for: