Agenda of the conference
The 5th international Conference on the ISO 31000 Risk Management Standard in Dubai on 12-13 October 2016, follows the successful annual conferences in Paris 2012, Toronto 2013, New York 2014 and Cape Town 2015.
Day 1, Wednesday 12 October, 2016
- Kevin KnightChairmanISO/TC 262 Risk management (ISO 31000)
25 years experience in risk management standards
In the last 40 years, Kevin has been instrumental in the development of widening risk management standardization across countries. Kevin will review his contributions in the last 25 years, from the successive revisions of the Australian/New-Zealand Standard AS/NZS4360, the broad acceptance of AS/NZS4360 leading to the first international standard published on risk management – ISO 31000 (guidance standard) and the ISO Guide 73 (vocabulary). He will present the challenges for more risk management standardization across industries, sectors and his vision for the future of risk management.
Making the link between risk and performance
ERM has been guided by various frameworks and standards but has fallen short in many deployment attempts. While every approach has legitimacy since ERM should be customized to the needs of adopting ERM with ISO 31000 approach providing the flexibility and emphasis to improve the users chance of success. The session will present how ISO 31000 makes the link between risk, objectives, decision-making, uncertainty and best allocations of resource towards optimal performance.
The Nexus Between Risk and Performance
- Some Risks Matter More than Others
- The Challenge of Emerging Risks Impacting Strategy
- Importance of Risk Appetite Strategy
- Measuring Risk and Success
- Capability Maturity and the Risk Intelligent Enterprise
How to create your risk criteria in practice
Some risk professionals consider that Risk appetite is the hardest part of any ERM implementation”. Others prefer to write entire books on the subject. This session will explain in a practical and easy to understand fashion how to build your risk appetite and risk criteria in order to include risk management with the objectives of the organization taking into account the internal and external context, sector, culture and objectives.
Designing better risk criteria to enable effective evaluation
- Starting from organizational goals, mission and values
- Incorporating stakeholder expectations and requirements
- Linking to performance management
- Defining thresholds, adding more dimensions and determining rules
- Assessing criteria effectiveness
Current status of the revision of COSO ERM
PwC authored the 2004 COSO ERM Framework has been engaged in 2014 by the Board of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) to update the Framework to make it more applicable for today’s environment. COSO Advisory Council.
Following the presentation made by Carmen Le Grange, PwC Partner & Leader for Business Resilience: Africa, at the 4th International ISO 31000 conference in Cape Town, South Africa, a key person from the PwC Global Risk Project Team has been invited this year to present the current draft of the COSO ERM Framework revision. We will learn during this session if PwC has succeeded to align the COSO ERM revision with advanced thinking in risk management and specifically with the international ISO 31000 risk management standard.
The new ISO 45001 Occupational Health and Safety
A new International Standard for Occupational Health and Safety Management Systems is currently under development to replace BS OHSAS 18001. It will help your organization provide a safe and healthy workplace for your workers and other people, prevent deaths, work-related injury and ill-health as well as continually improve OH&S performance.
We would like to update our clients on the development of ISO 45001, a new standard consolidating the best practice knowledge on Occupational Health & Safety (OH&S) which is expected to replace BS OHSAS 18001.
Managing occupational health and safety risks the ISO 45001 way
- The context of occupational health and safety (OHS) in the global arena
- The risk based approach versus compliance
- Aligning Annex SL risk approach with the management of OHS
- The success of OHS standards and the development of ISO 45001
The new ISO 37001 Anti-bribery management systems
Bribery is one of the world’s most destructive and challenging issues. With over US$ 1 trillion paid in bribes each year*, The future ISO 37001, Anti-bribery management systems, intends to prevent the consequences which are catastrophic, reducing quality of life, increasing poverty and eroding public trust.
Despite efforts on national and international levels to tackle bribery, it remains a significant issue. Recognizing this, ISO is currently developing a new standard to help organizations fight bribery and promote an ethical business culture.
The future ISO 37001, Anti-bribery management systems, specifies a series of measures to help organizations prevent, detect and address bribery. These include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures.
Managing the Corruption Risk with ISO 37001 – Anti-Bribery Management Systems
- What is ISO 37001 – content, scope, users, benefits
- Should you create a Management System? What are requirements ?
- Does the Standard define bribery? Is it illegal in some countries ?
- Can my organization be ISO 37001 certified?
Why the G31000 Risk Maturity Model is unique
In the recent book from Domenic Antonucci reviewing more than 80 risk management maturity models, the only risk maturity model based on ISO31000:2009 principles will be presented
G31000 Risk management maturity model is a modern tool designed to help risk practitioners to implement risk management into organizational processes and the overall culture of the organization. This is a tool that will provide great value to internal auditors, risk managers and business functions alike. The risk maturity model is based on ISO31000:2009 principles and is suitable for any type of organization as well as any industry.
G31000 Risk management maturity model
- Overview of 80 risk maturity models across industry and sectors, worldwide
- Measuring the alignment of risk management and performance
- G31000 model : the only model solely based on the ISO 31000 risk management principles
- Collective expertise of the G31000 network for corporates, consultants, auditors and risk managers
A tradition by now is the G31000 Excellence Award Ceremony during the Gala Dinner. The Global Institute for Risk Management Standards G31000, seeks to distinguish acknowledge individuals and organizations, who have demonstrativeness, expertise and achievement with the international ISO 31000 risk management standard. Awards will be delivered to the best trainees, trainers and organizations in the private or public sector.
Day 2, Thursday 13 October, 2016
How is the ISO 31000 standard changing the risk management world!
Alex Dali will welcome the participants to the second day of the conference and will talk about the latest developments in risk management theory and practical application of ISO31000 principles, framework and processes.
Project risk management is an important aspect of project management. According to the Project Management Institute’s PMBOK, risk management is one of the ten knowledge areas in which a project manager must be competent. Project risk is defined by PMI as, “an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives.
The session will demonstrate how risk management (as outlined in ISO 31000) and project management (as presented in the PMBOK) are perfectly aligned.
Risk Assessment – From ISO 31000 to project risk management
- Risk vs Project specification
- Risk with the Project Lifecycle
- Risk assessment : how to select a techniques
- Contingency Reserve and assurance of success
ISO management systems
A new International Standard for Occupational Health and Safety Management Systems is currently under development to replace BS OHSAS 18001.
It will help your organization provide a safe and healthy workplace for your workers and other people, prevent deaths, work-related injury and ill-health as well as continually improve OH&S performance.
This session will provide an update on the development of ISO 45001, a new standard consolidating the best practice knowledge on Occupational Health & Safety (OH&S) which is expected to replace BS OHSAS 18001.
Integrated management – a highly sought-after concept
- Definition & objectives
- Specific ISO Requirements
- A proposed strategy
Continuity & Resilience
Security, resilience, business continuity, emergency planning and disaster planning are all subjects discussed by the international Technical Committee ISO/TC 292 on Security and Resilience. Given their importance to risk management, how can these topics be related to the content of the ISO 31000 risk management standard? Two prominent experts will explain how.
Bridging Security and Resilience with Risk Management
- Current status of Security Architecture framework and references
- How to bridge the work of TC292 Security and Resilience and ISO 31000.
- Exploring the model for a future global security architecture
- The next generation of security related standards – what to expect ?
Three Decades of Leadership – Building the Resilience Profession
- Business continuity: Why so many ISO standards: ISO 31000, ISO 22301, ISO 22316?
- What the definition of risk and risk management in BCM ?
- Are the DRI certification of companies competing against the ISO 22301 certification?
- Current situation on training and certification – how to select your best option?
This presentation will help delegates to understand people risk and the mindset of Risk Culture and how to incorporate the requirements and principles of ISO31000 into a Risk Culture Building strategy to create value and drive sustainable competitive advantage.
Given the importance of risk culture to the success of a risk management programme, a prominent expert will explain how risk culture refers to the content of the ISO 31000 risk management standard.
Risk Culture Building and ISO31000
- What is Risk Culture Building?
- What are the elements of an effective risk culture
- Incorporating ISO31000 in your Risk Culture Strategy
- The way forward to sustainable value creation
Organisational learning using ISO 31000 proactively for safety, performance and sustainability
- Proactive: TR³M a systems thinking approach
- Learning: Increasing the quality of one’s perception
- Alignment: Level 5 leadership (Respecting people)
- Safety & performance: Risk management (Respecting profit)
- Sustainability: continuous improvement (Respecting the planet)
Finance, Insurance & Internal Audit
The session will start with the 40 minute presentation, plus 5 minutes for Q&A, would basically cover Internal Audit experiences of dealing with the subject of Risk Management, and the trials and tribulations faced in implementing Risk Management for Internal Auditing. It would cover:
Internal Audit & Risk Management – Tying the knot with ISO 31000
- What the IIA says about IA’s role in risk management – in brief
- The background to IA & Risk Management in most organizations
- The “flirting & dating with Risk Management” phase – First involvement with risk management, getting to understand it better, gathering knowledge about risk management, initial foray into risk management
- The “we broke-up” phase – What worked, what did not, and the decision to part ways with our initial methodology
- The “I’m dating again” phase – The second attempt at a risk management methodology, our first interactions with ISO 31000
- The “Getting engaged” phase – Having gathered enough knowledge about ISO 31000, what we did to move further to the implementation phase
- The “Tying the Knot” phase – Challenges we had to face, how we overcame those challenges, and how we made it work
The second part of the session will provide an overview of the increasing importance of ERM within the insurance and financial sector and look at some of the main challenges facing risk managers in implementing ERM in the insurance sector. It will address also the new role of internal audit based on the international ISO 31000 standard, based on a practical implementation from an internal audit perspective.
Enhancing and embedding your ERM framework in the insurance sector
- The role of ERM for insurance companies
- How to implement ERM using the latest tools and techniques
- Internal and External challenges faced by CRO’s – (Use of technology; dealing with rating agencies regulators etc).
- Advantages of using ISO 31000 standard
The international ISO 31000 risk management standard has now been translated into 23 languages and adopted by 63 countries as their national risk management standard.
This panel discussion aims to share experiences about how to raise awareness to encourage public and private organisations to adopt ISO 31000 as their reference in the management of risk. Starting with twenty years of experience in Australia, the session will continue with experiences from Europe, America, Asia and Africa.
Current status and future of ISO 31000, worldwide
- Latest statistics on ISO 31000 – countries, sectors, companies
- Development of the G31000 network and its representatives
- Why G31000 needs to expand – new products & services
- Priorities and objectives for future
Current status of ISO 31000 in Eastern Africa
- Increased membership in the LinkedIn discussion across East Africa
- Three ISO 31000 certification training organised : Tanzania (September 2015) and Uganda (January 2016 and August 2016)
- Collaboration with local Institute of Auditors (IIA) chapter in Tanzania and Uganda (MoU signed
Current status of ISO 31000 in Spain and Latin America
- Development of ISO 31000 in Latam 2009-2015
- Latam countries facts
- Latam idiosyncrasy
Current status of ISO 31000 in Nigeria
Road Map to Implementation and Adoption in Nigeria.
- Successful Implementation in Goldlink Insurance Plc, and its benefits for the company.
- Inaugural and first ISO 31000 Risk Management Certification Training in Nigeria.
- Second certification training on ISO 31000 Risk Management coming up with participants from Government Agencies and Parastatals
- Public Sectors and Enterprise Risk Management in Nigeria.