ISO31000 Integrating Risk Management into Decision Making

Risk management should not only help companies to achieve minimum legal compliance requirements but also contribute to the demonstrable achievement of objectives, linking risks with performance. According to ISO31000 standard, integrating risk management into an organization is a dynamic and iterative process, and should be customized to the organization’s needs and culture. Risk management should be a part of, and not separate from, the organizational governance, leadership, strategy, operations and performance management.

Alex Sidorenko, known for his risk management blog www.riskacademy.blog, has created a 25-step program to integrate risk management into decision making, core business processes and the overall culture of the organization. This course covers practical steps to design, implement and measure effectiveness of risk management.

This course will help you answer the following questions:

• Do key stakeholders believe risk management is aligned with strategy, objectives and culture and helps the organization achieve its objectives?

• Is there a risk management statement or policy?

• Does management show commitment to the integration of risk management into all processes or decision types, giving risk team sufficient resources and responsibility?

• Is responsibility for risk management as part of business activities and decision making regularly communicated by top management to management and staff?

• Are oversight bodies confident that risks have been adequately considered when setting the organization’s objectives?

• Is information about risks and their management presented in the reports that oversight bodies receive and included in any significant decisions they have to make?

• Are results of independent risk management effectiveness assessments presented to the oversight bodies on a regular basis?

• Is risk management effort consistent with internal and external environment (meeting both regulatory requirements and stakeholder expectations)?

• Have risk management principles been integrated into existing policies and procedures instead of just having a single aggregated risk management framework document?

• Has the responsibility for risk identification and analysis been documented in the committee charters, policies, procedures and job descriptions?

• Does risk management team have the necessary resources to effectively integrate risk management into business activities and decision making?

• Is information about risks and their management integrated in existing financial and management reporting?

• Does an organization have a plan to implement risk management into all activities throughout the organization, including decision-making?

• Are significant decisions and approvals made by the management only after analysing the risks associated with these decisions?

• Is risk management integrated into planning, budgeting, motivation and performance management processes instead of having a standalone risk management process?

• Are strategic goals, objectives and key performance indicators set based on the results of the risk analysis?

  Is risk management integrated in core operational processes, risks are analysed on an ongoing basis within operating activities?

• Are key supporting (back-office) processes organized in such a way, that risks and their treatments are considered?

• Is risk-based decision making consistently applied across subsidiaries, key suppliers and supply chains?

• Are risk management competences developed in all key departments?

• Are risk management competences integrated in the training and development program for employees, is there regular risk management training for different levels of management?

• Are risk management competences an important attribute when applying for jobs in the organization?

• Do you consider organization has a strong culture dedicated to risk-based decision making and risk management?

The content of the course is 100% aligned with the structure and principles of the ISO31000:2018. This course will be immensely valuable for risk managers, risk consultants, auditors and everyone who want to learn more about risk management 2.