Topics covered at the conference
The 5th international Conference on the ISO 31000 Risk Management Standard in Dubai on 12-13 October 2016, follows the successful annual conferences in Paris 2012, Toronto 2013, New York 2014 and Cape Town 2015.
Day 1, Sunday 24 September, 2017
25 years experience in risk management standards
In the last 40 years, Kevin has been instrumental in the development of widening risk management standardization across countries. Kevin will review his contributions in the last 25 years, from the successive revisions of the Australian/New-Zealand Standard AS/NZS4360, the broad acceptance of AS/NZS4360 leading to the first international standard published on risk management – ISO 31000 (guidance standard) and the ISO Guide 73 (vocabulary). He will present the challenges for more risk management standardization across industries, sectors and his vision for the future of risk management.
Making the link between risk and performance
ERM has been guided by various frameworks and standards but has fallen short in many deployment attempts. While every approach has legitimacy since ERM should be customized to the needs of adopting ?rms, the ISO 31000 approach provides the ?exibility and emphases to improve the users chance of success. The session will present how ISO 31000 makes the link between risk, objectives, decision-making, uncertainty and best allocations of resource towards optimal performance.
How to create your risk criteria in practice
Some risk professionals consider that Risk appetite is the hardest part of any ERM implementation”. Others prefer to write entire books on the subject. This session will explain in a practical and easy to understand fashion how to build your risk appetite and risk criteria in order to include risk management with the objectives of the organization taking into account the internal and external context, sector, culture and objectives.
Extenting Information security through standards
This session provides practical guidance, benchmarks and other effective tools for all enterprises that use information systems. Through its comprehensive knowledge and experience, the speaker presents key concepts such as Security Architecture, Developing Awareness trainings, Information Security Program Development and Management, Vulnerability management and Incident management applied in the banking sector.
ISACA defines the roles of information systems governance, security, audit and assurance professionals worldwide.
How to go beyond GRC and compliance
The work accomplished by DEWA using the SAP GRC 10.1 (Risk Management Module) to centralise the ERM function in the organization, including Corporate Risk Management, Business Units Risk Management, Supply Chain Risk Management, Business Continuity Management, IT risk assessments and Project Risk Management has attracted our attention since you are embedding the international ISO 31000 risk management standard.
We will learn how DEWA encourages proactive risk management in its pursue of performance against objectives and thereby excellence in service delivery.
The new ISO 45001 Occupational Health and Safety
A new International Standard for Occupational Health and Safety Management Systems is currently under development to replace BS OHSAS 18001. It will help your organization provide a safe and healthy workplace for your workers and other people, prevent deaths, work-related injury and ill-health as well as continually improve OH&S performance.
We would like to update our clients on the development of ISO 45001, a new standard consolidating the best practice knowledge on Occupational Health & Safety (OH&S) which is expected to replace BS OHSAS 18001.
The new ISO 37001 Anti-bribery management systems
Bribery is one of the world’s most destructive and challenging issues. With over US$ 1 trillion paid in bribes each year*, The future ISO 37001, Anti-bribery management systems, intends to prevent the consequences which are catastrophic, reducing quality of life, increasing poverty and eroding public trust.
Despite efforts on national and international levels to tackle bribery, it remains a significant issue. Recognizing this, ISO is currently developing a new standard to help organizations fight bribery and promote an ethical business culture.
The future ISO 37001, Anti-bribery management systems, specifies a series of measures to help organizations prevent, detect and address bribery. These include adopting an anti-bribery policy, appointing a person to oversee anti-bribery compliance, training, risk assessments and due diligence on projects and business associates, implementing financial and commercial controls, and instituting reporting and investigation procedures.
Current status of the revision of ISO 31000
The current international risk management standard – ISO 31000:2009, Risk management – Principles and guidelines, is currently under revision.
The session will present the new aspects to be expected in the next version, in a form of a panel discussion where the audience can ask questions to our panel of experts, members of the ISO/TC 262 committee.
Current status of the revision of COSO ERM
PwC authored the 2004 COSO ERM Framework has been engaged in 2014 by the Board of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) to update the Framework to make it more applicable for today’s environment. COSO Advisory Council.
Following the presentation made by Carmen Le Grange, PwC Partner & Leader for Business Resilience: Africa, at the 4th International ISO 31000 conference in Cape Town, South Africa, a key person from the PwC Global Risk Project Team has been invited this year to present the current draft of the COSO ERM Framework revision. We will learn during this session if PwC has succeeded to align the COSO ERM revision with advanced thinking in risk management and specifically with the international ISO 31000 risk management standard.
Why the G31000 Risk Maturity Model is unique
In the recent book from Domenic Antonucci reviewing more than 80 risk management maturity models, the only risk maturity model based on ISO31000:2009 principles will be presented
G31000 Risk management maturity model is a modern tool designed to help risk practitioners to implement risk management into organizational processes and the overall culture of the organization. This is a tool that will provide great value to internal auditors, risk managers and business functions alike. The risk maturity model is based on ISO31000:2009 principles and is suitable for any type of organization as well as any industry.
Day 2, Monday 25 September, 2017
Link between risk and project management
Project risk management is an important aspect of project management. According to the Project Management Institute’s PMBOK, Risk management is one of the ten knowledge areas in which a project manager must be competent. Project risk is defined by PMI as, “an uncertain event or condition that, if it occurs, has a positive or negative effect on a project’s objectives.
The session will demonstrate that risk management (proposed in ISO 31000) and project management (as presented by PMI) are perfectly aligned in terms of thinking.
Leverage your ERM based on ISO31000
ISO 31000 says: “The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a speci?c organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and speci?c practices employed” In this session, we will learn how large companies have achieved the implementation of ISO 31000. What are the major barriers to effective risk management in organizations today? How Risk Maturity Models can be developed and used for bench marking.
Successful ERM implementation : case studies
The session will provide an overview of the increasing importance of ERM within the insurance and financial sector. With an overview of the evolution of ERM with practical examples including how major catastrophic events, ERM has shaped the world today. Latest tools and techniques and how they have adapted to the new requirements including maturity models will be explained, especially with practical real-life examples and associated main challenges facing risk managers in implementation of ERM in the insurance sector. The case study of how the ISO 31000 standard has helped to embed ERM in AL Koot insurance company will be presented.
How to integrate different management systems?
The tendency of increased compatibility between ISO Standards has paved the road to integration (or rather merging) management systems. How to achieve a success integration?
An Integrated Management System can be defined as: “A management system that integrates all of an organisation’s systems and processes into one complete framework, enabling an organisation to work as a single unit with unified objectives.”
The session will explain how to change the emphasis of integration from ‘System’ to ‘Management’.
How to build an effective risk culture ?
The Risk Culture Building is one of the most talked about concepts in the business world nowadays.
Many companies are spending a lot of time and money on formulating and implementing a correct risk management strategy, yet failing to build a consistent risk culture will jeopardize any project.
Today, it is absolutely imperative for any organization to develop an organizational culture that can embrace risk culture management, but how?
Covering aspects such as organizational culture, risk awareness by employees, common language, human behaviors, knowledge, beliefs, values and personal objectives of individuals, the session will be managed by an internationally- recognized experts in this subject.
About the link between risk & Resilience
Security, resilience, business continuity, emergency planning and disaster planning are all subject management by the international Technical Committee ISO/TC 292 Security and resilience.
Given their active and quickly predominance in risk management, how can you relate these topics with the content of the ISO 31000 risk management standard. A prominent expert will explain.
Innovative thinking in safety management models
With reference to the risk management standard, the current status of advanced innovation in safety management and research accomplished at the TU Delf, a recognized university in the Netherlands, the session will focus human factors, organizational thinking and management play an important role in safety hazards.
Going beyond regulatory requirement
Today, banks are mandated to meet many different regulations including but not limited to Anti Money Laundering requirements, Sarbanes Oxley, Dodd Frank Wall St Reform Act, International Accounting Standards and Basel II / Basel III banking accord. This session will look at how ISO 31000 can assist in bringing these various regulatory initiatives together and not only be harmonious with Basel II, III but improve its operations.
Internal Audit and Assurance in effective Management
Can internal auditors, external auditors and credit rating agencies really provide assurance on the effectiveness of risk management? What are the techniques to use and potential pitfalls when integrating risk management and internal control in alignment with ISO 31000? This session will focus on how to apply a comprehensive approach covering all ISO 31000 clauses using a maturity approach to assess sustainability
Current status and future of ISO 31000, worldwide
The international ISO 31000 risk management standard has now been adopted by 63 countries as national risk management standard and translated in 23 languages.
This panel discussion is intended to share experiences about how to raise awareness to encourage public and private organisation to adopt ISO 31000 as their reference in the management of risk. Starting with the 20 years long experience of Australia, the session will continue with experience from Europe, America, Asia and Africa.