Example: bankruptcy

Risk assessment techniques ISO 31010 - PR4GM4

Risk assessment techniques ISO 31010 Risk managementAout 2010 - PR4GM4 News, January27 20102 News, February 11 20103 ScopeThis International Standard is a companion standard ISO provides guidelines for choosing and applying techniques of systematic risk assessment . It thus contributes to risk Is not intended to be used for Does not provide specific criteria for identifying the need to conduct a risk Does not recommend any Does not specifically address security4 Application fieldsThis can be for: Assessing human reliability Define a tree of events Analyze a fault tree Failure Analysis Analyze the impact on activity To the reliability-based maintenance Make a cost / benefit In the fields: of information technology study of hazards of chemical and petrochemical plants natural sciences (plant, animal, human) aero-spacial production systems5 Normative referencesThe reference documents are.

Scope This International Standard is a companion standard ISO 31000. It provides guidelines for choosing and applying techniques of systematic risk assessment. It thus contributes to risk

Tags:

  Assessment, Risks, Technique, Risk assessment, 31010, Risk assessment techniques iso 31010

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Risk assessment techniques ISO 31010 - PR4GM4

1 Risk assessment techniques ISO 31010 Risk managementAout 2010 - PR4GM4 News, January27 20102 News, February 11 20103 ScopeThis International Standard is a companion standard ISO provides guidelines for choosing and applying techniques of systematic risk assessment . It thus contributes to risk Is not intended to be used for Does not provide specific criteria for identifying the need to conduct a risk Does not recommend any Does not specifically address security4 Application fieldsThis can be for: Assessing human reliability Define a tree of events Analyze a fault tree Failure Analysis Analyze the impact on activity To the reliability-based maintenance Make a cost / benefit In the fields: of information technology study of hazards of chemical and petrochemical plants natural sciences (plant, animal, human) aero-spacial production systems5 Normative referencesThe reference documents are.

2 ISO / IEC Guide 73, Risk management -Vocabulary ISO 31010 , Risk management Risk assessment techniques6To be reasonAny activity of an organization involves risks should be process of risk management therefore facilitates is indeed to take into account the uncertainty of any events or circumstances (intended or unintended) and their effects on is risk assessment ?Risk assessment attempts to answer the following key issues: What's going on there and why (risk identification)? what are the consequences? what is the probability of occurrence? Are there any factors to limit the impact of the risk or reduce the likelihood of risk occurring?

3 8 Concepts of risk assessmentBenefits: understandingof riskand itspotentialimpact on objectives; providinginformation for decision-making; participation in the understandingof risksto facilitatethe selectionof treatmentoptions; identification of the main factorscontributingto riskand weaklinks of a system or organization; riskcomparisonwithothersystems, technologies or approaches; communication about risksand uncertainties; help set priorities;9 Concepts of risk assessmentRiskManagement Framework:10 RulesproceedingsOrg. provisions++Concepts of risk assessmentProcessriskmanagement:11 Communication and consultationestablishing the contextRisk Assessmentrisk treatmentmonitoring and reviewProcess risk managementOverview:12 Analyse de risqueProcess risk management13 RiskIdentification:Riskidentification isthe processof research, recognition and registration of : To identifythe reasonswhythe objectives of the system or organizationmaynot risk management14 RiskAnalysis-Generality:Riskanalysisisto determinethe consequencesand probabilitiesfor the risksidentified, takingintoaccountthe presence(or not) and the effectivenessof canbe.

4 Qualitative Semi-quantitative quantitativeProvides an estimateof all the consequencesProcess risk management15 RiskAnalysis-Assessmentof Controls:The levelof riskdependson the adequacyand effectivenessof existingcontrols. This involvesansweringthe followingquestions: whatare the existingcontrolsrelatedto a particularrisk? thesecontrolsare theyable to handlethe risksoas to maintaina tolerablelevel? in practice, the controlsdo theyworkas expectedand theireffectivenesscanbedemonstrated, if any?Process risk management16 Riskanalysis-implications:The analysisof the consequencesto determinethe nature and type of impact thatmayoccurby assigninga set of objectives and risk management17 Riskanalysis-probabilityand probability:3 approaches:a)Use of relevant historicaldata to identifyeventsor situations thathave occurredin the pastand extrapolatethe probabilityof theiroccurrence in the )Forecastprobabilitiesusingpredictivetec hniques suchas faulttreeanalysisand )The expert opinion maybeusedin a systematicand structuredprocessto estimatethe risk management18 Riskanalysis-riskscreening.

5 Screening shouldbebasedon criteriadefinedin the context. Preliminaryanalysisto determineone of the suites of the following: decisionto treatthe riskwithoutfurtherassessment; definitionof non-significantcollateralriskdidnot warrant treatment; continuedby a more detailedassessmentof shoulddocument the initial assumptionsand risk management19 Riskanalysis-uncertaintyand sensitivity:It isnecessaryto clearlyidentifytheseuncertaintiesto interpretand effectivelycommunicatethe resultsof risk management20 Riskassessment, 3 "bands":level of risk is considered intolerabletreatment of risk is essential regardless of costrisk level is considered "gray"the costs and benefits are taken into accountlevel of risk is considered negligibleno treatment is consideredProcess risk management21 Documentation:Documentation mayinclude: the objectives and scope.

6 Description of the correspondingparts of the system and theirfunctions; riskcriteriaappliedand theirjustification; the limitations, assumptionsand justification of assumptions; the evaluationmethodology; resultsof riskidentification; the data, assumptions, theirsources and validation; resultsof riskanalysisand evaluation; sensitivityanalysisand uncertainty; criticalassumptionsand otherfactorsto bemonitored; discussion of results; conclusions and recommendationsr f rencesProcess risk management22 Control and examinationof the developmentrisk:It shouldalsomonitor and document the effectivenessof controlsto providedata for use in riskanalysis.

7 It shoulddefinethe responsibilitiesfor the creationand reviewof evidenceand risk management23 Application of riskassessment:Riskscanbeassessedatall stages of the life cycle. In general, theyare manytimes atdifferentlevelsof detail, soas to of evaluation techniquesGenerality:Wewillanswerthe question: how to select one or more techniques of riskassessment?Appendix: Tools and of evaluation techniquesSelectiontechniques:It shouldbea suitabletechnique has the followingcharacteristics: itshouldbejustifiedand appropriateto the situation or organizationconcerned; shouldthe resultscome in a formthatallowsa betterunderstandingof the nature of the risksand how theycanbetreated; shoulditbeusedsothatitistraceable, repeatableand of evaluation techniquesSelectiontechniques:It shouldbechosenand the techniques basedon relevant factorssuchas: the objectives of the study; the needsof decisionmakers; the type of riskto beanalyzed; the magnitude of potentialconsequences.

8 The degreeof competenceand HR needs; availabilityof information; regulatoryand of evaluation techniquesAvailabilityof resources: skills, experience, abilityand skillsof the team riskassessment; the constraintsof time and otherresourcesof the organization; the budget availableif externalresourcesare of evaluation techniquesNature and degreeof uncertainty: Poordata qualityor lackof essential data and reliable; beinherentin the externaland of evaluation techniquesComplexity:Significantimpacts and dependenciesof the riskmust beunderstoodto ensurethatthe management of one riskdoesnot followan intolerablesituation of evaluation techniquesApplication of riskassessment:The riskassessmentprovides: to ensurethatthe system riskistolerable to participatein the processof improvingthe design, to participatein feasibilitystudies, identifyrisksthatimpact on the subsequentphases of the life of evaluation techniquesTypes of riskassessmenttechniques: AppendixA: correlatesand potentialtechnicalclass.

9 AppendixB: Furtherdevelopmentof of evaluation techniquesTechnicalriskassessment:30 + toolsand techniques (Delphi, HAZOP, SWIFT, etc.).factorsinfluencing Resourcesand skills Uncertainty complexity32 Conclusion 31010 is not a certification; The air current requires organizations to make risk management; Is not specific to security but rather risk management as a whole; Achieve corporate objectives; Every organization and therefore its context (its) way (s) appropriate risk assessment (s).33 ReproductionThis document is distributed under the terms of the license BY-NC-ND Creative Commons's. You are free to copy, distribute and transmit the work Under the following conditions: Attribution.

10 You must attribute the original author as indicated by the author of the work or the copyright owner who gives you this (but not in a way that suggests that they endorse you or your use of the work). Noncommercial. You do not have the right to use this work for commercial purposes. No change. You do not have the right to alter, transform, or build upon this inquiries please contact Christophe Jolivet to or 418-261-6320. Thank ISO/IEC 31010 :2009 PDF version (EN/FR) info_ieciso31010{ } (DRAFT)


Related search queries