Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
12 Cards in this Set
- Front
- Back
Risk management standards
|
ISO 31000 - Risk management,
ISO 28000 - Supply chain security management systems |
|
ISO 31000 risk management principles, risk management...
|
Creates and protects value,
Is an integral part of organisational processes, Is part of decision-making, Explicitly addresses uncertainty, Is systematic, structured and timely, Is based on the best available information, Is tailored, Takes human and cultural factors into account, Is transparent and inclusive, Is dynamic, iterative and responsive to change, Facilitates continula improvement and enhancement. |
|
ISO 31000 Framwork:
|
Mandate and commitment,
Design of framework to manage risk, Implementing risk management, Monitoring and review, Continual improvement |
|
ISO 31000 Risk Management process:
|
Establishing context,
Risk assessment, Risk treatment, Monitoring and review, Communication and consultation |
|
ISO 31000 - 5 Attributes for enhanced risk management
|
Continual improvement,
Full accountability for risks, Applixcation of risk management in all decision making, Continual communication, Full integration in the organisation's governance structure |
|
ISO 28000 provides a best practice framework for developing, documenting, implementing and maintaining a effective SMS including elements such as:
|
Security management policy; objectives / targets; and programmes,
Security management structure, Security management competence, Security planning, Legal and regulatory requirements, Documents, data and information systems and controls, Operational control measures; emergency plans and procedures, Monitoring and measuring security performance, Auditing and evaluating the SMS |
|
Th risk management process:
|
Risk management cycle,
Risk management and mitigation strategies, Monitoring, reporting and review |
|
Risk management cycle:
|
Identify sources of risk,
Assess probability and impact of potential risks, Formulate risk management strategies, Allocate accountabilities and resources for managing identified risks, implementrisk management, Monitor, report, adjust |
|
Mitigation strategies
|
Tolerate,
Transfer, Terminate, Treat. Treating or mitgating is often explained in application of controls: Preventative controls, Dorective controls, Detective controls, Corrective conrols |
|
Monitoring, reporting and review
|
Important, in order to:
Ascertain whether the organisation's risk profile or exposure is changing, Give assurance that the organisation's risk management processes are effective, Indicate where contract risk management processe need improvement |
|
External reprting of risks in corporate accounts
|
Pressure may be supported by,
Regulatory requirements, The expectation of external stakeholders, The organisation's own governance, CSR and risk manegemnt policies, The reputational and other benefits of planned, voluntary disclosure |
|
Resource categories for risk management strategies:
|
Informational resources,
Human resources, infrastructure development, Technology resources, Physical resources, Financial resources |