Category Archives: ISO9001:2015@Risk™ – Greg Hutchins

#64 – FROM ERM TO EXTENDED ERM – THE INSTITUTE OF RISK MANAGEMENT

Posted on by
Reply

irm-logoThe past decades have seen a transformation in the way that both private and public organizations operate.  Delivering a product, a project or service today is likely to involve multi-tiered, often global value chains, sub-contracted manufacturing, licensed intellectual property, outsourced back offices and complicated routes to market, including digital delivery, all under increased pressures of time.  In the public sector many governments are handing over service delivery to a network of private or third sector operators. Continue reading

#64 – RISK BASED THINKING + PROCESS APPROACH = KEEPING IT REAL – T. DAN NELSON

Posted on by
Reply

T. Dan NelsonAn organization’s context and existing plans for operating are important to consider when defining a management system and its associated internal processing requirements.  An organization’s context depends on its product, industry, competence levels of personnel, complexity of operations, size, etc.  All of these are important considerations when defining a management system and deciding what documentation is appropriate. Continue reading

#63 – EXPOSING UNCERTAINTY ABOUT RESOURCES IN ISO DIS 9001:2015 – DAVID HOYLE

Posted on by
Reply

David in Office (2)There should be no uncertainty about what resources  are required to be determined and provided in implementing the requirements of ISO 9001. Unfortunately, there is considerable uncertainty on the subject as I reveal  as I examine the clauses of ISO DIS 9001 .

The first mention of resources in the standard is in clause 0.4 where in explaining the P in PDCA, it is suggested we “establish the resources needed to deliver results in accordance with customers’ requirements and the organization’s policies”.  Nothing wrong here except this is not a requirement as the clause simply explains a methodology. Continue reading

#63 – HOW TO BUILD A RELIABLE AND REPEATABLE ERM PROCESS – APQC

Posted on by
Reply

apqcIn its best practices report, Enterprise Risk Management: Seven Imperatives for Process Excellence, APQC presents the results of research on the need to evolve enterprise risk management (ERM) processes and practices.

As a result of its survey findings and interviews with ERM leaders known for developing select best practices, APQC finds that there are three stages of ERM process maturity that span seven best practices. The stages of maturity are:

  • Establish, during which organizations define process steps and risk owners;
  • Cultivate, during which ERM leaders improve the quality of risk conversations; and
  • Refine, during which organizations drive sound ERM strategy and execution. Continue reading

#62 – EMERGING RISKS II – THE BLACK SWAN SYNDROME – GREG CARROLL

Posted on by
Reply

GregCarrollIn part 2 of my analysis of the ISO 31000 forum on “Does anyone really understand Emerging Risks?” I look at the 3rd question: How do you manage the unknown?

Black Swans are a native of Western Australia and as prevalent in Perth as “Black Swan events” these days. The obvious answer is once an Emerging Risk has been identified it becomes a material risk and needs to managed as all other risks in your risk inventory.  So why all of the focus on Emerging Risks then? 

Continue reading