Categorie: English

Geplaatst op

ISO 31000

The International Organization for Standardization | November 2009

The International Organization for Standardization (ISO) in Genève started in 2005 the development of a guidance standard on risk management. An ISO working group was established to develop a Committee Draft called ISO CD31000. The standard “gives generic guidelines for the principles and the adequate implementation of risk management. It is not intended to be used for the purposes of certification.”

ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes, replacing the myriad of existing standards, methodologies, and paradigms that differ between industries, subject matters, and regions. For this purpose, the recommendations provided in ISO 31000 can be customized to any organisation and its context.

In some respects, ISO 31000 is similar to ISO 9000 and other broad-based international standards. Though it is not certifiable, it is a concise and comprehensive statement which can, in a practical sense, contribute to the awareness and implementation of risk management.

Geplaatst op

COSO Enterprise Risk Management

Integrating with Strategy and Performance, June 2017

This project was commissioned by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), which is dedicated to providing thought leadership through the development of comprehensive frameworks and guidance on internal control, enterprise risk management, and fraud deterrence designed to improve organi- zational performance and oversight and to reduce the extent of fraud in organizations.

Foreword

“In keeping with its overall mission, the COSO Board commissioned and published in 2004 Enterprise Risk Management—Integrated Framework. Over the past decade, that publication has gained broad acceptance by organizations in their efforts to manage risk. However, also through that period, the complexity of risk has changed, new risks have emerged, and both boards and executives have enhanced their awareness and oversight of enterprise risk management while asking for improved risk reporting. This update to the 2004 publication addresses the evolution of enterprise risk management and the need for organizations to improve their approach to managing risk to meet the demands of an evolving business environment.

The updated document, now titled Enterprise Risk Management—Integrating with Strategy and Performance, highlights the importance of considering risk in both the strategy-setting process and in driving performance. The first part of the updated publication offers a perspective on current and evolving concepts and applications of enterprise risk management. The second part, the Framework, is organized into five easy-to-understand components that accommodate different viewpoints and operating structures, and enhance strategies and decision-making. In short, this update:

  • Provides greater insight into the value of enterprise risk management when setting and carrying out strategy.
  • Enhances alignment between performance and enterprise risk management to improve the setting of performance targets and understanding the impact of risk on performance.
  • Accommodates expectations for governance and oversight.
  • Recognizes the globalization of markets and operations and the need to apply a common, albeit tailored, approach across geographies.
  • Presents new ways to view risk to setting and achieving objectives in the context of greater business complexity.
  • Expands reporting to address expectations for greater stakeholder transparency.
  • Accommodates evolving technologies and the proliferation of data and analytics in sup- porting decision-making.

The figure illustrates the framework considerations in the context of mission, vision, core values, and as a driver of an entity’s overall direction and performance.

Sets out core definitions, components, and principles for all levels of management involved in designing, implementing, and conducting enterprise risk management practices.

Readers may also wish to consult a complementary publication, COSO’s Internal Control— Integrated Framework. The two publications are distinct and have different focuses; neither supersedes the other. However, they do connect. Internal Control—Integrated Framework encompasses internal control, which is referenced in part in this updated publication, and therefore the earlier document remains viable and suitable for designing, implementing, conducting, and assessing internal control, and for consequent reporting.

The COSO Board would like to thank PwC for its significant contributions in developing Enterprise Risk Management—Integrating with Strategy and Performance. Their full consideration of input provided by many stakeholders and their insight were instrumental in ensuring that the strengths of the original publication have been preserved, and that text has been clarified or expanded where it was deemed helpful to do so. The COSO Board and PwC together would also like to thank the Advisory Council and Observers for their contributions in reviewing and providing feedback.”

By Robert B. Hirth Jr. (COSO Chair) and Dennis L. Chesley (PwC Project Lead Partner and Global and APA Risk and Regulatory Leader)

2017 COSO ERM: Integrating with Strategy and Performance (Executive-Summary)

Geplaatst op

Risk Management at the Edge of Three Worlds

City management in the perspective of ‘risk’

Jack P. Kruf | 2007

In this article, I focus on the specific characteristics of the roles and positions of local authority CEOs and city managers in relation to the three worlds of politics, society, and management. A specific focus on the role of risk management in supporting the CEO, and on the process of discussing these issues, should be made to emphasise that risk management belongs on the strategic agenda and demands a holistic approach.

The “best” job

Some might say it is the most attractive and fascinating job there is: serving as CEO in local public management (or city manager or secretary). Why? Because it is at the very heart of a dynamic society, close to politics and government, at the centre of the world of “power and influence”, and at the top of the management pyramid. This person is at the junction of necessary skills, ambitions, rights, stakes, and interests. He or she is, via society, close to disasters, successes, poverty, and environmental challenges, and, via politics, to elected officials like the mayor and local alderman, but always in close contact with officials in higher government and very close to the professionals within the organisation. Local government leadership is a very exciting job.

“It is clear that risk management should be seen as a core competence for every public leader.”

The CEO is a generalist, not a specialist. One might say that a realistic comparison of the job would be with the decathlon. As with decathletes, the CEO must be well-rounded, competitive, and competent in many areas. 

Lees verder “Risk Management at the Edge of Three Worlds”
Geplaatst op

Global Risks Report 2006

World Economic Forum | 2006

Towards a more sophisticated understanding of global risks, this document summarises the output of a collaboration between the World Economic Forum, MMC (Marsh & McLennan Companies, Inc.), Merrill Lynch and Swiss Re, in association with the Risk Management and Decision Processes Center of the Wharton School at the University of Pennsylvania, on the topic of Global Risks. The purpose of this collaboration, building on work undertaken in 2004, was to:

  • Identify and assess current and emerging global risks in the 2006 and 2015 time horizons.
  • Study the links between them and assess their likely effect on different markets and industries.
  • Advance the thinking around more effective mitigation of global risks.
Lees verder “Global Risks Report 2006”
Geplaatst op

Global Risks to the Business Environment

World Economic Forum | 2005

Global Risks to the Business Environment: “This paper, the output of two workshops organised by the World Economic Forum in collaboration with Merrill Lynch, reviews major, global risks facing business leaders today, and examines how those risks differ from the challenges of the past. Some key points:

1) Global Risks and Business

At a time when risks not specific to business are having an unprecedented effect on the corporate world, it is crucial for business leaders to understand the environment in which their business operates, in order to survive, remain competitive and grasp opportunities.

2) An Increasingly Turbulent and Complex World

Today’s risks are much more interconnected than in the past. They are much more volatile and can disrupt markets throughout the world with almost instantaneous precision. Such risks can be difficult to anticipate and respond to, even for the most seasoned business leaders.

3) The Global Risks

We identify 36 “global” risks, classified into four categories: economic, geopolitical, societal and environmental. This report details the prevailing consensus reached at our workshop discussions as to the ten risks most likely to have a major or extreme impact on business:
• Instability in Iraq
• Terrorism
• Emerging fiscal crises
• Disruption in oil supplies
• Radical Islam
• Sudden decline in China’s growth
• Pandemics – infectious diseases
• Climate change
• Weapons of mass destruction (WMD)
• Unrestrained migration and related tensions

4) Risk Mapping – Connecting the “Dots” and Spotting the Patterns

In an interconnected world, global risks should not be considered on a stand-alone basis; it is important to understand how they can trigger, amplify or buffer one another.

5) Dealing with Global Risks

Seldom can global risks be addressed by a single business entity, industry or country, and many institutional mechanisms are proving fairly ineffectual as they struggle to cope with the challenge. There is also a large discrepancy between the immediate time horizon employed by most business and political leaders and the long-term approach required to tackle risks on a global scale. As a result, our capacity to address risk is jeopardized; a myopic tendency – or worse, denial – prevails. Finally, of equal concern is the problem that some major risks are being passed on to those least able to solve them – or with least responsibility for creating them.”

Global Risks to the Business Environment

Geplaatst op

Rising above water

Marta Jiménez | Utrecht University

Sea levels are rising, and the rate of rise is accelerating. All over the world, many of today’s dikes, sea walls and flood barriers won’t be enough to hold back the water in the future. This will be particularly a problem in countries that lack the resources to maintain or fund extensive engineering projects to protect their citizens. But we can all learn from alternative, more affordable and flexible approaches that adapt to the rising water currently emerging all around the world.

Rather than only battling to keep ever-rising seas out, these natural solutions aim to help rebuild land above sea level. Researchers from Utrecht University are testing which of these strategies will work for specific regions to help tame the tide. And they’re also thinking ahead: how can we minimise the damage and ensure people have somewhere safe to go when the water does come?

Geplaatst op

Ransomware: An insurance market perspective

Source: Geneva Association

  • New Geneva Association report highlights the important role of private re/insurers, alongside governments, in boosting society’s resilience to ransomware and ensuring the full benefits of digitalisation can be realised.
  • The report explores the significant value add of cyber insurance beyond risk transfer, amid ongoing debate on whether to ban ransom payments or associated insurance coverage.
  • Governments should do more to counter ransomware attacks: disrupt cybercriminal business models, fight illicit use of cryptocurrencies and promote cyber hygiene throughout business and society.

ZURICH, 20 July 2022 – The frequency of ransomware attacks, a form of cyber extortion, is increasing, along with the size and nature of ransom demands. Cybercriminals are deploying more sophisticated approaches to target governments, businesses and individuals, with serious and costly effects. The growth of the ransomware-as-a-service (RaaS) business model has also enabled threat actors with limited technical skills to launch highly disruptive attacks.

Cyber insurance provides vital financial protection and operational support in the event of an attack, but ransomware has contributed to the recent deterioration in cyber insurers’ underwriting performance. Ransomware accounted for 75% of all cyber insurance claims in 2020 (AM Best) and is also likely to have been the costliest loss event category in 2021 (WTW).

Lees verder “Ransomware: An insurance market perspective”