Today’s society is ever more complex, challenging and uncertain. Unforeseen events can affect businesses, non-profits and government agencies. Contemporary risks and requirements are numerous. As such, risk management is ever more a priority for any organisation or business, including SME’s. It’s easy to see why: the better you manage these effects of uncertainty on objectives, the better you are equipped to deal with unexpected change and take informed decisions, gain the confidence of stakeholders and grow. Managing risk boosts your performance.
Since its launch in 2009, helping organisations achieve those goals has been the objective of the ISO 31000 standard, which has been revised in 2018. Updated in February 2018, the ISO 31000 standard has a major impact on organisations everywhere. It does not only provide best practices, structure and guidance for risk management professionals; it is also important for a wide range of other business roles. After all, risk management now is a key component of all management system standards that apply the High-Level Structure (HLS). As such, this standard benefits every manager.
To know and understand ISO 31000 is nice, but often people struggle to get these guidelines translated into action and implementation in their organisation. They work hard building a comprehensive ERM system that is creating and protecting value for the organisation, but with varying success.
Learning objectives of this course
In this 5-day interactive course, you will learn and practice how to develop the ISO 31000 framework to fit with your needs and desires. You will discover how to match the ISO 31000 process with the governing practices in your organisation. You will build your own policies, plans and procedures to integrate risk management into operational processes at all levels of the organisation and how to tie into and align this with the already existing practices present in your organisation. You go home with inspiration for immediate action, for as far as these plans are within the scope of your mission and under your control.
During these five days, you will work on your own case to produce the policies, plans and procedures needed to successfully implement ISO 31000 and necessary to get the benefits of it. You will become inspired by your fellow participants, general examples and the various models used to make this work.
This 5 day course also prepares you for the CRMIP certification, which gives you the title of “Professional Certified in Risk Management Implementation in accordance with ISO 31000 - Advanced Level” and is a proof of your knowledge and understanding of how to implement the ISO 31000 standard.
Program: The program is tailored to the needs of the participants and focuses on the elaboration of the ISO 31000 framework, adapted (customised) to the participants specific situation and input.
- Introduction and overview of the course
- Refresher of the ISO 31000 standard, including the changes that were introduced in the 2018 version.
- The components and deliverables of the ISO 31000 Risk Management Framework – An overview
- Leadership and commitment
- Leadership & Commitment
- Alignment (Vision, Mission & Ambition, Values, Strategy, Processes, Behaviour, …)
- (Corporate) Risk attitude & Risk criteria
- An integrated corporate policy document
- Corporate context
- Risk ownership & delegation
- Corporate decision making & structure
- Internal and external relationships
- Connecting risk management and decision making throughout the organisation
- The organisation and its context (internal & external)
- Risk management commitment
- Roles, authorities, responsibilities and accountabilities
- Required resources
- Approach towards communication & consultation
- Risk Management Plan
- Actual situation vs Desired situation (Gap analysis)
- Required modifications, additions, removals, …
- Timing & resources
- Risk Management Implementation plan
- Evaluation plan / checklist
- Continually improving
- Arrangements on how to adapt and continually improve
- ISO 31000 CRMIP certification evaluation
This training is addressed to managers and consultants with a basic knowledge of ISO 31000 (whether or not demonstrated by a certificate) and is ideal for:
- Risk managers responsible for developing and improving risk management in their organization;
- Consultants who assist companies in their development;
- users of other management standards seeking to integrate risk management;
- SME managers, management and strategic staff;
- Internal external auditors working with ISO 31000;
- Every person who wants to integrate risk management into their organization, into daily decision-making and at all levels of the organization.
Prequisites to follow this course
Knowledge of the ISO 31000 standard:
- 2009 and/or 2018 versions. If possible, proven by an appropriate certificate.
Familiarity with the own organisation:
- Organisational objectives, values and convictions (what is important and valuable for the organisation and its essential stakeholders)
- Organisational structure, decision making and delegation
- Current risk management practices
- Available resources
In cooperation with NBN, a GNIC (Global Network for Independent Certification) ISO 31000 implementor certification (CRMIP) will be earned when participants comply with the following:
Obtain at least 75% for the ISO 31000 Framework multiple choice questionnaire (40 questions in 1 hour – online or classroom test)
Hand in the documents (discussed and developed during the course) for evaluation (This can also be done afterwards):
- a concise corporate policy document
- a concise risk management plan, including
- an articulated risk management commitment
- performance indicators
- an (approved) approach to communication and consultation
- a concise risk management implementation plan, including
- arrangements on how to adapt and continually improve