ISO 31000 : 2009 -Risk Management - kmis.or.kr

1 AbcdabcISO 31000 : 2009 -Risk Managementabcabcd2 Agenda Risk ? ISO31000 Risk abcabcd3 Black Swan ? Black Swan(1770 !)abcabcd4 Black Swan ? , , -NassimTaleb9 11 3,400 , , 13000 333 abcabcd5 Risk ?Risk( ): (Effect of Uncertaintyon Objectives)1. (effect) / .2. ( , , ) , ( , , , ) . 3.. Risk Management : ISO Guide 73: 2009 Risk Management abcabcd6 1 1 2 2 Risk ?

2 Abcabcd7 ISO 31000 2009 ISO (International Organization for Standardization) Risk Risk ( ) Risk Risk (ISO 9001, ISO 20000, ISO 14001, OHSAS 18001,ISO 22000, ISO 27001, ISO 28000 ) abcabcd8 ISO 31000 part of organisational of decision addresses , structured & on the best available human & cultural factors into & , iterative & responsive to continual improvement & enhancement of the organisationFrameworkMandate & CommitmentDesign of framework for managing risk Implementing risk managementContinual improvement of the frameworkMonitoring & review of the frameworkProcessEstablishing the ContextCommunications & ConsultationMonitor and ReviewRisk IdentificationRisk AnalysisRisk EvaluationRisk TreatmentRisk Assessmentabcabcd9 ISO 31000 Risk Management Principles1.

3 Creates and protects value.. 2. Integral part of all organizational processes , , , , .3. Part of decision making .4. Explicitlyaddresses uncertaintyRisk .5. Systematic, structured and timelyRisk , , . 6. based on the best available information , , , , , . abcabcd10 ISO 31000 Risk Management Principles7. Risk Management is tailored. / .8. Takes human and cultural factors into account , , , .9. Transparent and inclusive.

4 10. Dynamic, iterative and responsive to change / Risk , Risk .11. Facilitatescontinual improvement of the organization Risk .abcabcd11 Risk Establishing the Context Risk Identification Risk Analysis Risk Evaluation Risk Treatment Risk Assessment Communication and Consultation Monitoring and ReviewAS/NZS ISO 31000 2009abcabcd12 Risk (Assessment) Risk Risk Risk Risk Assessment , , , , ? (Risk source) ? ? ? ? ? Risk ?

5 ? : : , , Risk (Criteria) : , Risk ( ) .Risk , Risk , Risk abcabcd13 etc. abcabcd14 , abcabcd15 , . 10 .1 , .2 , , 2~5 .3 12 .4 .5 (5 ; 5 5 ) 1 Insignificant ( ) ( ) ; (5 ~ 5 ; 5 5 ~ 5 5 )2 Minor ( ) ; (5 ~ 2 5 ;5 5 ~ 27 )3 Moderate / 5 (55 ) / ( ) ; (2 5 ~ 5 ; 27 ~55 )4 Major.

6 / 1 (11 ) ( ) , , ; (5 ; 55 )5 Catastrophic 4 1. 2. - 3. / 4. / abcabcd16 Risk Identification Risk Analysis Risk Evaluation Risk Register Post Risk Treatment Risk Assessmentabcabcd17 , . , / / Risk Evaluation & Treatmentabcabcd18 (AVOID) / ( ) ( ) , . (REDUCE) /.

7 ( KRI: ) , (SHARE) ; . ; , . (RETAIN) / ( , ) , ..Risk Evaluation & Treatmentabcabcd19 ISO 31000 Risk Management Risk Management FrameworkPLANDOCHECKACT abcabcd20 / ; ; : ; ; ; ; ; ; abcabcd21 , Risk Management , ? ? , !

8 (Risk) , ; (Risk Mgmt) / ; (Risk Mgmt) ; (Risk Mgmt) . ISO 31000 !Risk Risk Management abcabcd22 Any questions?LRQA: Business unit <set on slide master>abcabcd !!!The Premier Provider of Business Assurance Service 736-6231010-8725-4317