Risk Management Specialist, ISO 31000: 2018
12.04.2022 2022-05-26 13:35Risk Management Specialist, ISO 31000: 2018
Risk Management Specialist, ISO 31000: 2018
COURSE OBJECTIVES
- Good understanding of the concept, principles and trends governing risk management and the associated international infrastructure in the current economic and social environment;
- Good understanding of the context in which the integrated management of the organization’s risks operates, of the legal and regulatory requirements, of the standards of good practice applicable to the organizations;
- Knowledge of the requirements of the international standard ISO 31000 and understanding of the integrative role of this international standard in the context of the multitude and diversity of requirements at organizational level regarding risk management;
- Understanding the concepts promoted through the main standards that operate with notions in the field of organizational risk: 22301, 27005, 14001, 45001 etc.
- Understanding the requirements regarding the management of the integrated risk management process within the organization;
- Understanding the requirements regarding the implementation of adequate risk assessment methods (identification, analysis, estimation), regarding the establishment of the evaluation criteria and the acceptability threshold;
- Understanding “4T” Risk Management Requirements: Tolerance, Treatment, Transfer and Termination
- Ability to plan the implementation and management of a risk management system in the organization
-
Module 1
- Basics of risk management, national and international regulatory framework: Definitions, classifications, standards & codes of good practice, authorities;
- The evolution of the risk management concept;
- Definitions
- History and trends in risk management;
- Principles and approaches;
- National and international regulatory framework;
- National and international authorities and forums (IRM, FERMA, RMA, ISO, ISACA etc)
- Regulations, codes of good practice, standards (31000, 22301, 27005, SOX, BASEL II, COBIT, OCTAVE, CRAMM etc.)
- Examples of methods and analysis tools with wide applicability in areas with risk exposure: construction, banking, IT&C, etc.
-
Module 2
- The concept of integrated risk management of the organization
- Risk categories that influence the functioning / performance of the organization
- Legal requirements applicable to organizations according to the international and national regulatory framework (environment, occupational health and safety, information security, copyright, social responsibility, etc.)
- Standards and codes of good practice applicable in organizations as de facto standards (ISO family, BS standards, directives)
- Integrated approach to the organization’s risk management requirements
-
Module 3
- International harmonization of risk management requirements through standardization at ISO level, ISO 31000 standard
- Principles of risk management
- Design of the organizational framework according to SR EN ISO 31000
- Establishing policies regarding the organization’s risks
- Establishing the organizational structure and responsibilities for risk management
- Determining the resources necessary for the implementation and operation of the risk management system
- Establishing communication methods
- Implementing risk management
- Implementing the organizational framework
- Implementation of the risk management process
- The risk management process
- Establishing the organizational context
- Risk identification, analysis and estimation (assessment)
- Risk management
-
Module 4
- International harmonization of business continuity requirements through standardization at ISO level, ISO 22301 standard, “Business continuity management systems”, in brief
- Establishing business continuity management strategies
- Risk analysis in business continuity management systems
- Planning and documenting continuity management systems
- Testing continuity management systems
- Continuous monitoring and improvement
-
Module 5
- Risk management in projects according to PMI PMBoK and ISO 21500 standard: “Project management”
- Peculiarities in the implementation of risk management in projects
- Risk management as a PM process
- PM Subprocesses (PMBoK PMI)
- Risks versus problems in project management
- Risk planning in projects
- Responsibility and authority in risk management
- Risk management plan
- Methods of risk analysis specific to IT&C projects: FRAP, 27005
- Construction: IPRA
-
Module 6
- Integrated risk management as an organizational process
- Strategic risk management
- Risk management and business model
- Establishing policies and objectives in the field of risk management
- Establishing the organizational architecture (structure) of risks
- Creating the organizational culture regarding risk management: training, information, awareness, communication
- Creating risk management plans
- Operational risk management
- Risk management related to operational processes
- Integration of “risk nomenclatures”: business continuity, financial losses, loss of information, environment, health and safety at work, social responsibility, etc.
- Establishing quantitative / qualitative analysis methods
- Establishing the evaluation criteria and the acceptability threshold
- Carrying out the risk management process
- Risk management, the “4T”: Tolerance, Treatment, Transfer and Termination
- Risk measurement and monitoring
- Measurement by conformity assessment with internal standards / standards / procedures (internal audit)
- Improving the integrated risk management mechanism of the organization.