11.2.2012

Boards and Risk Management

Increasing risk oversight is a priority of boards and management since the global financial crisis, but many are unprepared to do this according to a recent report from the Canadian Institute of Chartered Accountants (CICA). A Framework for Board Oversight of Enterprise Risk presents a nine-step roadmap to help directors identify, understand and address enterprise risk and recognize potential compounding effects when risks collide.  The roadmap is sound and also can be a valuable resource for risk management professionals.

The CICA report states “a common concern among boards of directors is the lack of a comprehensive framework and toolsets to assist boards to structure an effective, robust risk oversight process.”  Key activities in the CICA framework include: identifying risks; analyzing, validating and prioritizing them; determining risk tolerance and risk appetite; managing risk through various response strategies; and ongoing monitoring.  These are similar to recommendations included in ISO’s risk management standard (31000) and their business continuity management system standard (22301). Read More

Posted By | in Risk Management | Tags: , , , , , , | No Comments »

7.19.2012

Business Continuity Management Evolves, Meet ISO: ISO 22301:2012

Since events such as 9/11, Katrina, the SARS (severe acute respiratory syndrome) pandemic of 2002/3, the 2011 Tohaku earthquake in Japan, and others, the field of Business Continuity Management (BCM) has become more formal and taken on greater visibility in overall organizational risk management.

Some of this evolution is seen in the recently published ISO Business Continuity Management System (BCMS) standard, ISO 22301:2012. The ISO Technical Committee (TC) that developed 22301:2012 is ISO/TC 223.  This TC’s overall subject area is “Societal Security.”  ISO indicates that TC 223 is working on an ISO 22301 companion guidance document that will be called ISO 22313

ISO Focus+ reports that work on ISO 22301 originated in 2006 during a workshop on Emergency Preparedness and that an interim guidance document (ISO/PAS 22399:2007) was prepared that addressed business continuity (BC) and incident preparedness. Read More

Posted By | in ISO News, Management Systems, Risk Management | Tags: , , , , , | 2 Comments »

3.9.2012

Integrated Risk Management – Key Learning from Deepwater Horizon

At the IOSH Conference in Manchester, England this week, risk- and evidence-based management was a prime topic. During a presentation of particular interest, Steve Flynn, the vice president of health, safety, security, and environment (HSSE) for BP, reported on numerous continual improvement actions that BP has taken since the Deepwater Horizon explosion and oil spill in April 2010.

One of the key lessons learned, Flynn reported, was the need for and value of an integrated risk management approach, embedded throughout the value chain. He spoke of this in terms of a balance between people and systems, pointing to the importance of not only focusing on systems, such as a formal EHS management system, but also on the overall culture and perceptions of employees, including management. His comments reflect BP’s organizational learning, based on the Grangemouth, Forties Alpha, and Texas City accidents, as well as the Deepwater Horizon spill. Read More

Posted By | in Emerging Issues, Risk Management | Tags: , , , , | No Comments »

9.15.2011

The Era of Transparency and a Mandatory Reporting Trajectory Point to the Need for a Strong Risk Management Framework

In the sustainability and corporate social responsibility (CSR) “space” there is increasing pressure to report on triple-bottom-line issues through reporting frameworks, such as the GRI G3. There is a trajectory toward quasi-mandatory reporting by value-chain stakeholders and actual mandatory reporting by regulatory-bodies. Quasi-mandatory reporting is seen with the inclusion of GRI sustainability reporting as tracked by Bloomberg’s Index and other financial indices. Mandatory reporting is seen in South Africa, Denmark, and France. Read More

Posted By | in Auditing & Metrics, Corporate Social Responsibility, Emerging Issues, Innovation, Management Systems, Risk Management, Uncategorized | Tags: , , , | No Comments »

9.15.2011

EHS/S and Risk Management Challenges

As part of my research this summer on relationships between EHS/S and risk management, I interviewed a group of EHS/S and risk management executives about various aspects of their activities. Prior to the interviews, the interviewees were given the Redinger EHS white paper titled, “360 Vision for Environmental Health, and Sustainability: Anticipate and Avoid Black Swan Events.” A series of questions focused on the needs and challenges of EHS/S and risk management departments. Some of the responses included:

  • “I need to know as much as I can about the risks my company faces. I wrestle with having confidence that my team and I have a good understanding about risks that will bite us. I am not sure we have a good understanding about our EHS risks.” Read More

Posted By | in Emerging Issues, Innovation, Risk Management, Uncategorized | Tags: , , | No Comments »

9.15.2011

Risk Management, EHS/S, Business Continuity, and the 360 Risk Management Check-Up™

It has been a while since I’ve posted. The  summer has been full, working on developing the 360 Risk Management Check-Up™, a high-level diagnostic to measure the EHS/S and risk management function in organizations. Associated with this work, I have been conducting research on the evolution of organizational risk management and growing attention on non-financial risk management (NFRM).

Organizational risk management (RM) concepts and practices have been evolving from a singular focus on financial risk to a more broad focus on enterprise-wide and non-financial risks. Approaches such as enterprise risk management, strategic risk management, value risk management, etc. have been evolving into what is being called NFRM. Read More

Posted By | in Emerging Issues, Innovation, Risk Management, Uncategorized | Tags: , , , , | No Comments »

6.30.2011

Risk Management and Business Continuity with an Integrated Management System

In my previous post, I briefly discussed the integrated quality, safety, and environmental management system (QSEMS) at the Cannes Convention Center. The trend toward integrated management systems, including ISO’s movement toward a generic management system model for wide application, will provide a new tool for organizational risk management.

As evolved as risk management methods and models are, organizations struggle with integrating risk management practices. A silo phenomenon challenges risk managers as it has EHS managers for many years. In current non-financial risk management writings and research, the need for risk management integration and “silo-busting” is highlighted. An integrated risk management system can provide a way to bust silos in an organization. Read More

Posted By | in Auditing & Metrics, Emerging Issues, ISO News, Management Systems, Risk Management | Tags: , , , | No Comments »

6.22.2011

ISO 50001 Just Published – “Energy Management Systems – Requirements with Guidance for Use”

The much anticipated ISO management system for energy management was published on June 15. The ISO 50001 format closely follows ISO 14001 on environmental management. I will be posting comments over the next couple of weeks regarding things I see in it and issues that will help with implementation and integration.

At first glance, where an ISO 14001 or OHSAS 18001 management system is in place, integration of ISO 50001 will be somewhat straightforward.

A unique piece for 50001 is section 4.4.3 that addresses “energy review.” This is the equivalent of environmental aspects in 14001 and risk assessment in 18001. While this standard is new and interpretations will be fleshed out in the coming months and years, the interpretation of “energy” may not be trivial when considering conformance with 50001. The way it is defined will impact how the energy review requirements will be met. Read More

Posted By | in Auditing & Metrics, Corporate Social Responsibility, Emerging Issues, ISO News, Management Systems, Sustainability | Tags: , , , , , , , , | No Comments »

5.25.2011

Supercharging Your EHS/S MS Management Review – Developing a Strategic Risk Management MS

Many EHS/S management system experts believe that one of the most important components of an integrated MS is management review. Management review is the time during which the overall strategy of an integrated EHS/S MS is assessed. Said differently, it is a time to see if the MS’s purpose and desired outcomes are being fulfilled. Management review is commonly framed as a performance evaluation activity. While this is correct, I would suggest that there is much more available through management reviews—that is, these are strategic opportunities to impact an organization’s Strategic Risk Management (SRM) process, and possibly start developing an SRM MS.

Enterprise Risk Management and the evolution of Strategic Risk Management are relatively new in the domain of organizational and management science. While strong frameworks for financial risk management have evolved, this is not the case for overall non-financial risks and their management. In particular, there is an absence of a universally accepted management system approach in this arena. Yes, the ISO 31000 standard on risk management goes a long way toward helping, but it is not a management system, per say. Rather, it is intended to augment an existing MS framework. Read More

Posted By | in Auditing & Metrics, Corporate Social Responsibility, Emerging Issues, Risk Management, Strategic Thinking & Planning | Tags: , , , , | No Comments »

3.6.2011

ISO 28000 – Security Management, Risk Assessment, and ISO 14001 as a Foundation

The current issue of ISO Focus (February 2011) is dedicated to a wide range of security-related issues and highlights the ISO 28000 series on security risk management.

ISO 28000 was published in 2007 and provides guidance on security management. Its framework follows the ISO 14001 framework closely. 28000 is the core of the family, providing a specification management system standard. ISO 28004 provides implementation guidance in specific areas, such as 28005 (Electronic Port Clearance) and 20858 (Ships and Marine Technology). Read More

Posted By | in ISO News, Management Systems, Risk Management, Uncategorized | Tags: , , , , , | No Comments »

Page 1 of 212