To know and understand ISO 31000 is nice, but often people struggle to get these guidelines translated into action and implementation in their organisation. They work hard building a comprehensive ERM system that is creating and protecting value for the organisation, but with varying success.
Learning objectives of this course
In this 5-day interactive course, you will learn and practice how to develop the ISO 31000 framework to fit with your needs and desires. You will discover how to match the ISO 31000 process with the governing practices in your organisation. You will build your own policies, plans and procedures to integrate risk management into operational processes at all levels of the organisation and how to tie into and align this with the already existing practices present in your organisation. You go home with inspiration for immediate action, for as far as these plans are within the scope of your mission and under your control.
During these five days, you will work on your own case to produce the policies, plans and procedures needed to successfully implement ISO 31000 and necessary to get the benefits of it. You will become inspired by your fellow participants, general examples and the various models used to make this work.
Program: The program is tailored to the needs of the participants and focuses on the elaboration of the ISO 31000 framework, adapted (customised) to the participants specific situation and input.
- Introduction and overview of the course
- Refresher of the ISO 31000 standard, including the changes that were introduced in the 2018 version.
- The components and deliverables of the ISO 31000 Risk Management Framework
- Leadership and commitment
- Leadership & Commitment
- Alignment (Vision, Mission & Ambition, Values, Strategy, Processes, Behaviour, …)
- (Corporate) Risk attitude & Risk criteria
- An integrated corporate policy document
- Corporate context
- Risk ownership & delegation
- Corporate decision making & structure
- Internal and external relationships
- Connecting risk management and decision making throughout the organisation
- The organisation and its context (internal & external)
- Risk management commitment
- Roles, authorities, responsibilities and accountabilities
- Required resources
- Approach towards communication & consultation
- Risk Management Plan
- Actual situation vs Desired situation (Gap analysis)
- Required modifications, additions, removals, …
- Timing & resources
- Risk Management Implementation plan
- ISO 31000 Framework test
This training is addressed to managers and consultants with a basic knowledge of ISO 31000 (whether or not demonstrated by a certificate) and is ideal for:
- Risk managers responsible for developing and improving risk management in their organization;
- Consultants who assist companies in their development;
- users of other management standards seeking to integrate risk management;
- SME managers, management and strategic staff;
- Internal external auditors working with ISO 31000;
- Every person who wants to integrate risk management into their organization, into daily decision-making and at all levels of the organization.
Prequisites to follow this course
Knowledge of the ISO 31000 standard:
- 2009 and/or 2018 versions. If possible, proven by an appropriate certificate.
Familiarity with the own organisation:
- Organisational objectives, values and convictions (what is important and valuable for the organisation and its essential stakeholders)
- Organisational structure, decision making and delegation
- Current risk management practices
- Available resources
In cooperation with NBN, a GNIC (Global Network for Independent Certification) ISO 31000 implementor certification (CRMIP) will be earned when participants comply with the following:
Obtain at least 75% for the ISO 31000 Framework test (40 questions in 1 hour)
Hand in the following documents for evaluation:
- a concise corporate policy document
- a concise risk management plan, including
- an articulated risk management commitment
- performance indicators
- an (approved) approach to communication and consultation
- a concise risk management implementation plan, including
- a concise overview of Functions & decision making processes
- an estimate of timeline and resources
- arrangements on how to adapt and continually improve