ISO 31000 - Enterprise Risk Management for the Professional

The 6 big differences between the 2018 and 2009 standard. Why the 2018 version is shorter and easier to understand than the 2009 version (plus the 1 thing that I wish they hadn’t changed). The #1 reason why you can be certain that ISO 31000 will become as popular in the US as it is in other countries, including the UK, Canada, and Australia. Do our objectives (or goals) matter? The one kind of person who never has to manage uncertainty, and why most of us are unlike him. An astonishing conversation that I once had with the manager of an energy company. Bonus: The surprising reason why the ISO 31000 is numbered “31000.”

Why use risk management? The 3 reasons why ISO 31000 is the best standard for managing risk. If you check these 2 boxes, you (or any of your employees) can use risk management to bring order to chaos in your organization. How companies that already have processes for risk management can also benefit from ISO 31000. Learn to easily distinguish between the internal and external factors which create uncertainty, with 2 real-world examples.

The one concept in risk management that is hated by tens of thousands of people worldwide. How the same tactics used to prevent loss can be used to keep uncertainty from holding you back. One important “paradigm shift” that explains why the way your colleagues view risk is changing. Also, a real-life example of managing risk (you may have used this tactic yourself quite recently).

How has risk management evolved over the years? The oldest book I could find about risk management. The one industry which is considered the father of risk management. Are you guilty of these two real-world examples of poor risk management?  Walk in the footsteps of the earliest risk managers as we travel through risk management’s timeline. Find out which unlikely book changed the way people thought about risk - forever.

In part 2, we continue the timeline into 1979. The one situation where every single person (even the most rational) will make irrational decisions. The one day of the year which is the “poster child” for uncertainty - can you guess which one?Why it’s important to revisit decisions made in the past as things change. For example, this company in Big Oil made a bad risk decision - how it cost them dearly. Also, millions of people expected dire predictions to come true on this date - how risk management saved the day.

The engineer who predicted the Apollo tragedy before it happened - and why no one listened. 3 examples of uncertainties you may experience when operating a lemonade stand, and how this applies to huge industries like aerospace or hedge funds. The difference between “risk management” and “managing risk” (if you understand this key difference, you can achieve your goals, earn promotions, and hit benchmarks with ease)

In some countries, all public companies have to use ISO 31000. In this video, you’ll learn about some of the differences between voluntary standards, and standards that are legally required. Why many companies choose to use risk management frameworks, even though their government doesn’t require it. Find out the main reason why some companies struggle with risk management regulations. (Bonus: How a risk management regulation in Canada led to my friend receiving a $55,000 check in the mail).

Which are better: industry-specific or generic standards? Here are 3 reasons why you should use a generic standard (unless you fall into this one exception). How the certification process works for other standards, like the ISO:9001. Find out some of the factors that you will measure when you create a RMMA (risk management maturity assessment) for your company. Experience an important shift in mindset by learning the real definition of the word “stakeholder.” As an example, I’m a stakeholder at this company (even though I’ve never met anyone who works there or made a purchase).

What are management systems? If the ISO:31000 standard isn’t a management system, what is it? The big difference between a management system and ISO:31000, explained in simple terms. Learn the definition of Enterprise Risk Management, and how companies (including Wall Street) use it to comply with government regulations. How you can use ISO:31000 to shift employee attention from the task of the moment to the ‘big picture’ and direct their focus towards your biggest priorities.

At the end of this course, you will have gained the ability to understand the text of the ISO:31000 standard. You can use this knowledge to position yourself as the expert on risk management in your place of work. In this video, we begin reading the standard, beginning with the introduction. I’ll go through the introduction slowly, paragraph by paragraph, including examples as often as possible. Are people in your company playing tug-of-war when they manage risk? There’s an easy way to inspire them to work in concert with one another.

Today, you’re going to find out which ten benefits your company will receive by using ISO:31000. We’re also going to move into the first section of the standard, called “Section 1: Scope.” In this video, you’ll learn the definition of the term “consequences” with examples of what consequences are and are not. It’s important to understand what consequences are, because this will help you focus more strongly on your objectives. If you understand this idea, you will be able to shift smoothly as your context changes, make smart decisions under pressure and remain focused on your goals.

You’ve already learned two out of the eight definitions in this course (“stakeholder” and “consequences”). Today, you will meet the other six! Get the ability to speak confidently, justify your decisions and make convincing arguments  about risk. That's not all. Understanding these definitions will also allow you to explain how risk works in simple and clear terms. This will allow you to teach others about risk, communicate your priorities with ease and ultimately keep others focused on YOUR goals.

What the definition of risk truly is (hint: it’s not what most people think), with examples. Find out which risks you must pay attention to, and which risks you may ignore. Find out how positive occurrences are part of risk, too - and what this means for your company. See how the way you see risk changes when you begin noticing the positive risks that the future may have in store.

Which are more important, the standard’s definitions, or the footnotes? Take your best guess, then watch this video to find out. Why it’s important for every person in a company to be focused on the same objectives. How a specific risk can apply to one person in a company, yet be utterly inapplicable to another. How objectives within the same company can conflict with one another (with an example).

In this video, you’re going to drill down into the definition of risk. I’ll break down each word in the definition one-by-one, explaining as I go. When you understand what risk truly is, you’re able to pay attention to what’s most salient to your objectives without getting bogged down in non-essentials. You’re also going to watch me walk through four specific examples of objectives which a large corporation may have, and how the definition of risk applies in those cases.

Crime - does it pay? Find out. Join me as we venture into the world of corporate malfeasance. In this video, I introduce the 8 principles of the standard (not the same as the 8 definitions, which you’ve previously learned). You can use these 8 principles as a foundation for managing risk. When you find yourself in doubt, unsure, or rapidly losing confidence, use these principles as an avenue for gracefully regaining your feet. Find out what the true purpose of risk management is (hint: it’s not JUST managing risk). If you are employed as a risk manager, why doing your job ‘too well’ could get you fired. Why it’s not enough to JUST achieve your objectives, you also need to do - this.

Begin learning the eight principles of the standard. Also, see if you can guess the insane amount that J.P. Morgan spent on risk management in 2013 (watch the video to find out). As a risk manager, is it appropriate to use an “us against them” mentality? The reason why risk management should be integrated into every part of an organization, not a separate department (you’ll learn how to do it later in the course). Plus, an example of what can happen when no one applies risk management to standard operating procedures (SOPs).

Until now, all the risk factors that you’ve learned about have been external. But what about changes which occur inside of a company? Join us as we explore provocative questions, including: Why do human and cultural factors cause so much uncertainty? What happens if your salespeople sell something you don’t actually own? Is it conceivable that a decision like Executive Order 9066 (Japanese internment post-Pearl Harbor) could be made again today?

What you need to do to prepare your organization to manage risk. Find out how to create a “risk management framework” within your organization. It turns out that the effectiveness of your risk management all hinges upon one structure - what is it? Learn how to design, put in place, review, and troubleshoot your framework. I’ll give examples of which components might be a part of your framework, and why it’s important.

How to be a leader. If these key people are resistant to your efforts to integrate risk management, your efforts will be for naught (find out who they are by watching the video). How to get them on your side. How to create change that lasts. A personal story about how poor risk communication can destroy morale. The time my boss played “double or nothing” with my salary. Who should be in charge of communication at an organization? Find out.

How many people are responsible for managing risk in a given company? Which mechanism should you include in your risk management framework if you want to make your organization better, more error-free, and more profitable? Why you need to know everything about your company in order to get the full benefits of risk management for yourself. A real-world example of two hospitals, and why their risk must be managed individually. (Plus, I made a mistake on one of my slides).

How to find your organization’s external context. By being aware of your surroundings, you can promote your company’s success and prevent outrage. Steps for finding your organization’s internal context. Enjoy more effective employees and fewer risk my understanding internal factors like goals and capabilities.

How to best divvy up the roles in your organization. Why it’s essential to communicate roles, authorities, responsibilities and accountabilities to your employees, with examples. The key idea that is going to be nearly impossible for you to “sell” to your employees and colleagues (unless you watched this video). Many real-world examples are included so that you can easily learn how to do it yourself. Press play to learn an easy way you can sell even the most reluctant employee on risk management… without once mentioning the phrase.

This lesson has two important messages. First, learn how to implement your risk management framework. And second, get an intro for how to implement the process of risk management, which occurs INSIDE your framework. Find out which parts of your organization you can just “build and leave” and which parts need constant refinement. Find out what people DON’T say in meetings (and what they should say instead).

How to test your framework's soundness. How to tell if you’re getting real results from your risk management. The difference between active and periodic evaluation. An example of a “hole” in your framework. What you should always use as a measuring stick when you perform your evaluations. An example of a well-known company whose context recently changed. Why there’s an employee at Disney with an odd job description (and why this position even exists in the first place).

Today, begin learning process. Once your framework is in place, you can begin to actually perform risk management. There are 8 components to the process (just like there are 8 definitions and 8 principles) and only 3 steps. Watch this video for an explanation of these 3 steps. Also, real-world examples of companies who used tactics included in this risk management process with success.

Continue learning about Process, starting with Step 1, “Establishing the Context.” I’ll walk you through a detailed example of how to define the scope, context, and criteria of a specific decision using risk management. Learning these techniques will help you make better, wiser decisions in any corporate setting. By practicing these risk management techniques over and over, you will ultimately find yourself able to make intelligent, thought-out decisions with ease.

Continue learning how to perform Step 1 (Risk Criteria) of the Process in Part 3. We continue to use the employee manual example. How to use risk management to avoid groupthink. How the wife of my friend saved her own life (and the lives of dozens of others) from a dangerous watermelon by refusing to succumb to fear. How to know exactly what you are prepared to do before you need to make a decision about it. It’s easy to learn how to measure risk using the many specific examples provided in this video.

In the last two lessons, you learned how to perform Step 1 (Risk Criteria) of the Process. Watch this video to begin learning the 2nd step of Process, which is called “Risk Assessment.” In Step 2, knowledge is power. Step 2 has 3 subsets (risk identification, risk evaluation, and risk analysis) which are explained in this video. To enjoy the benefits of risk management, you may need to find out certain information about your risks. Watch this video to learn how you can assess the risks for your individual situation.

Watch this video to continue learning about risk identification, explained side-by-side with a real-world example. Learn how to make your own Risk Register spreadsheet. I’ll also show you an example of a “vague” risk while comparing it to a risk that has been described in a manner that is far more useful. How and how not to select the tools best suited to help you achieve your objectives in your risk management process. 31 extremely useful tools for risk assessment, where to locate them in the ISO 31010 (not a typo), and how to use them to your advantage. I’ll also run through a few of the tools to show you how to choose the most effective tool out of 31 for your specific task.

Watch this video to learn about risk analysis, which is a subset of Step 2 in the Process. As you watch this video, it’s helpful to remember that all 3 of the subsets of Step 2 (risk identification, risk evaluation, and risk analysis) happen together, in an iterative process which is constantly refreshing. In this video, you’re going to learn how you can quantify risk to specific levels. This helps you make better and more informed decisions. It also enables you to offer clear justifications for your decisions to others, like your boss, colleagues and clients.

Continue learning about the 3rd subset (risk analysis) of Step 2 of Process. Learn why the source and the cause of a risk are not necessarily the same, with an example. Learn how to make the important distinction between the likelihood of an event occurring, and the likelihood that the same event will in fact produce the consequences which you wish to avoid. The purpose of analysis is to get at the facts, so watch this video to find out how you can get the most accurate, purposeful, and relevant information for your objectives.

If you find yourself having to “pull teeth” for information, try questioning the recalcitrant party using this chart. Learn how to do a “bow-tie analysis” to measure how well your risk management is preventing negative consequences.

Imagine that you have the results of your risk analysis on your desk. What now? Watch this video to find out. It’s time for the final subset of step 2, called "Risk Evaluation.” Decide which risks are acceptable. Determine which risks need to be mitigated. Compare your risk analysis with your risk criteria (ex. Risk appetite, etc.) How to “triage” to decide which risk to treat first. An example of a situation where you might need to treat one risk and neglect the others for some time. Discover a list of all the possible actions you can take after evaluating your risks (including one option that may seem drastic).

Welcome to the home stretch! In this video, you’re going to begin learning how to perform the 3rd and final step of the Process, which is called “Risk Treatment.” Are your risk management practices creating new risks? Find out, with an example. Promote your organization’s success by making choices based on the likelihood of negative risk. Know what’s really going on in your organization by becoming aware of ‘residual risk.’ Did you know there are 7 ways to treat risk? Watch the video to find out what they are.

Continue learning how to use step 3 of the Process, “Risk Treatment.” This step is going to show you how to choose the most effective, quickest options for your risk management. This will put you steps ahead of the game and your competitors. Why the “Cadillac approach” doesn’t work (at least, if you want to be profitable). Why at times it may benefit you to make a decision that doesn’t seem to make sense financially, with an example from the healthcare industry. The time that a company I consulted for cut vacation days by 33% — and what happened.

My new course about the California Consumer Privacy Act has just been released and is available on Udemy: https://www.udemy.com/course/ccpa-california-data-privacy-law/?referralCode=5DB92EE19EA6CDCD200F