Needs
Organizations of all types and sizes are required to minimize all risks (internal and external factors and influences) that make it uncertain whether and when they are achieving their objectives.
Risks may be related to business, financial, compliance and operations.
Organizations should pro-actively manage risk by identifying it, analyzing it and then evaluating whether the risk should be modified by risk treatment in order to satisfy their risk criteria.
Throughout this process, they should communicate and consult with stakeholders and monitor and review the risk and the controls that are modifying the risk in order to ensure that no further risk treatment is required.
ISO 31.000 is an International standard (currently in final draft version) designed for providing organizations with a number of principles that need to be satisfied to make risk management effective.
This International Standard recommends that organizations develop, implement and continuously improve a framework whose purpose is to integrate the process for managing risk into the organization's overall governance, strategy and planning, management, reporting processes, policies, values and culture.
The document has been designed to enable organization to harmonize risk management processes in existing standards such as ISO 14.000 for Environmental Management System and OHSAS 18.001 for Health and Safety Management System.
ISO/FDIS 31.000:2009 provides organizations with a comprehensive framework enabling to ensure that risk is managed effectively, efficiently and coherently across an organization.
The approach described in this International Standard draft provides the principles and guidelines for managing any form of risk in a systematic, transparent and credible manner and within any scope and context.
ICMQ India Approach
ICMQ India has developed an approach to conduct effective voluntary audits to verify whether an organization has established and is deploying an effective Risk Management approach (The ISO 31.000 standard is not intended for purpose of certification)
The purpose of this service is to provide organizations with a third party evaluation on the Risk Management system based on ISO 31.000:2009 and to verify its deployment across the organization.
The Risk Management assessment is conducted in two phases:
- Documentation analysis: aiming to verify the Risk Management approach established by the company
- Assessment: aiming to verify whether such approach is effectively implemented, monitored and reviewed
The output of the voluntary assessment is a report describing strength points and improvement area in the organization’s risk management approach.
Benefits
When implemented and maintained an effective risk management system may enable organizations to:
- increase the likelihood of achieving objectives
- encourage proactive management
- be aware of the need to identify and treat risk throughout the organization
- improve the identification of opportunities and threats
- comply with relevant legal and regulatory requirements and international norms
- improve financial reporting
- improve governance
- improve stakeholder confidence and trust
- establish a reliable basis for decision making and planningv
- improve controls
- effectively allocate and use resources for risk treatment
- improve operational effectiveness and efficiency
- enhance health and safety performance, as well as environmental protection
- improve loss prevention and incident management
- minimize losses
- improve organizational learning
- improve organizational resilience
Assessment process
ICMQ provides a voluntary assessment of the risk management system according to the following process
- Request for quotation from customer
- ICMQ India quotation
- Acceptance offer from customer
- Order confirmation by ICMQ India (with Terms and Condition for the certification signature)
- Documentation Analysis
- Assessment
