Navigate to...

Overview
Complete
09 Nov 2018 / The SC Corp. / Michael de la Torre
ISO 31000:2018 Risk Management Checklist
Inspection score
76.29%
Failed items
23
Created actions
0
Company
The SC Corp.
Conducted on

9th Nov, 2018

3:33 PM +08

Prepared by
Michael de la Torre
Location
2050 Canal Ave, Long Beach, CA 90810, USA
Failed items
23
5. Risk Management Framework / Plan the establishment of your Risk Management Framework
Evaluate your existing risk management practices and processes.
To Do
Notes
Will need to verify if the dedicated team already has all the old documents.
5. Risk Management Framework / Plan the establishment of your Risk Management Framework
Identify gaps in your risk management practices and processes.
To Do
Notes
Can begin working on this once the documents are found. If not found, will still proceed beginning third week of the month.
5. Risk Management Framework / Plan the establishment of your Risk Management Framework
Establish a framework that meets your organization's unique needs.
To Do
5. Risk Management Framework / Plan the establishment of your Risk Management Framework
Establish a framework that fills the gaps in existing practices and processes.
To Do
5. Risk Management Framework / Plan the establishment of your Risk Management Framework
Consider how you're going to evaluate your risk management framework.
To Do
Notes
Our new business has new risk management practice in place and we will work closely to integrate our processes.
5. Risk Management Framework / Show leadership by making a commitment to risk management
Ask them to ensure that risks are communicated throughout the organization.
To Do
Notes
Will need to verify if this has been communicated across the board.
5. Risk Management Framework / Show leadership by making a commitment to risk management
Ask them to ensure that risk management methods are communicated.
To Do
Notes
Will need to verify also if this has been communicated across the board.
5. Risk Management Framework / Show leadership by making a commitment to risk management
Ask them to ensure that risk management is integrated into all activities.
To Do
5. Risk Management Framework / Show leadership by making a commitment to risk management
Ask them to ensure that risk management systems are implemented.
To Do
5. Risk Management Framework / Show leadership by making a commitment to risk management
Ask them to ensure that risk management systems are operating effectively.
To Do
5. Risk Management Framework / Show leadership by making a commitment to risk management
Ask them to ensure that risk is properly managed when achieving objectives.
To Do
5. Risk Management Framework / Show leadership by making a commitment to risk management
Ask top management to align risk management with the organization's culture.
To Do
Notes
After the acquisition, there's a need to reinforce this.
5. Risk Management Framework / Show leadership by making a commitment to risk management
Ask managers to communicate the value of risk management to the organization.
To Do
5. Risk Management Framework / Show leadership by making a commitment to risk management
Ask managers to communicate the value of risk management to stakeholders.
To Do
5. Risk Management Framework / Show leadership by making a commitment to risk management
Ask them to prepare a general risk management plan of action.
To Do
Notes
Will remind them to do so.
5. Risk Management Framework / Show leadership by making a commitment to risk management
Ask them to ensure that it remains appropriate to the organization's context.
To Do
Notes
Will remind them to take into consideration the new acquired business.
5. Risk Management Framework / Make your organization’s personnel responsible for managing risk
Make risk management an integral part of your organization's culture.
To Do
Notes
It already is but needs reinforcement across the board - both core and acquired business.
5. Risk Management Framework / Make your organization’s personnel responsible for managing risk
Ask everyone in your organization to be responsible for managing risk.
To Do
5. Risk Management Framework / Make your organization’s personnel responsible for managing risk
Use iterative methods to build risk management into your organization.
To Do
Notes
I need to highlight this key point of ISO 31000:2018 to the dedicated team.
5. Risk Management Framework / Make your organization’s personnel responsible for managing risk
Make sure that your iterative methods meet your organization's needs.
To Do
5. Risk Management Framework / Make your organization’s personnel responsible for managing risk
Make sure that your organization's methods are compatible with its culture.
To Do
Notes
Need to stress this.
5. Risk Management Framework / Design your organization's unique risk management framework
Examine and understand external stakeholder perceptions.
To Do
Notes
Need to check this on both sides of the business.
5. Risk Management Framework / Design your organization's unique risk management framework
Examine and understand external stakeholder expectations.
To Do
5. Risk Management Framework
23
76.29%
Plan the establishment of your Risk Management Framework
5
70.59%
Ask stakeholders to support the establishment of a framework.
Done
Ask top management to support the establishment of a framework.
Done
Evaluate your existing risk management practices and processes.
To Do
Notes
Will need to verify if the dedicated team already has all the old documents.
Identify gaps in your risk management practices and processes.
To Do
Notes
Can begin working on this once the documents are found. If not found, will still proceed beginning third week of the month.
Establish a framework that meets your organization's unique needs.
To Do
Establish a framework that fills the gaps in existing practices and processes.
To Do
Consider how you intend to develop your risk management framework.
Done
Notes
New ISO 31000:2018 has changes from previous 2009 version. Will still review if current process way can be adjusted to adapt to new ISO.
Consider how you're going to design your risk management framework.
Done
Notes
The same dedicated team will lead this project,
Consider how you're going to fill gaps in your existing practices and procedures.
Done
Consider how you're going to make risk management part of your organization.
Done
Notes
It already is but I admit we need to reinforce after we closed the acquisition of our new business last quarter.
Consider how you're going to integrate risk management into all significant activities
Done
Consider how you're going to build risk management into all decision making activities
Done
Consider how you're going to integrate risk management into all significant functions.
Done
Consider how you're going to build risk management into all governance functions.
Done
Consider how you're going to implement your risk management framework.
Done
Consider how you're going to evaluate your risk management framework.
To Do
Notes
Our new business has new risk management practice in place and we will work closely to integrate our processes.
Consider how you're going to improve your risk management framework.
Done
Show leadership by making a commitment to risk management
11
77.55%
Ask your leaders to support a risk management framework.
Done
Ask your leaders to make a commitment to risk management.
Done
Notes
All leaders from core business and new acquisition shows commitment to this endeavor.
Ask oversight bodies to make a commitment to risk management.
Done
Ask oversight bodies to align risk management with the organization's strategy.
Done
Ask oversight bodies to align risk management with the organization's culture.
Done
Ask oversight bodies to align risk management with organizational objectives.
Done
Ask oversight bodies to align risk management with organizational obligations.
Done
Ask oversight bodies to align risk management with voluntary commitments.
Done
Ask oversight bodies to be accountable for overseeing risk management.
Done
Ask them to ensure that risks are understood throughout the organization.
Done
Ask them to ensure that risks are communicated throughout the organization.
To Do
Notes
Will need to verify if this has been communicated across the board.
Ask them to ensure that risk management methods are communicated.
To Do
Notes
Will need to verify also if this has been communicated across the board.
Ask them to ensure that risk management is integrated into all activities.
To Do
Ask them to ensure that risk management systems are implemented.
To Do
Ask them to ensure that risk management systems are operating effectively.
To Do
Ask them to ensure that risk is properly evaluated when setting objectives.
Done
Ask them to ensure that risk is properly managed when achieving objectives.
To Do
Ask oversight bodies to communicate the value of risk management.
Done
Notes
Will remind the dedicated team will send a communication.
Ask them to communicate the value of risk management to the organization.
Done
Ask them to communicate the value of risk management to stakeholders.
Done
Ask top management to make a commitment to risk management.
Done
Ask top management to align risk management with the organization's strategy.
Done
Ask top management to align risk management with the organization's culture.
To Do
Notes
After the acquisition, there's a need to reinforce this.
Ask top management to align risk management with organizational objectives.
Done
Ask top management to align risk management with organizational obligations.
Done
Ask top management to align risk management with voluntary commitments.
Done
Ask top management to ensure that appropriate risk criteria are developed.
Done
Ask them to ensure that risk criteria are communicated throughout the organization.
Done
Ask them to ensure that risk criteria are communicated to all relevant stakeholders.
Done
Ask top management to communicate the value of risk management.
Done
Ask managers to communicate the value of risk management to the organization.
To Do
Ask managers to communicate the value of risk management to stakeholders.
To Do
Ask top management to be accountable for managing risk management.
Done
Ask them to ensure that risk management is integrated into all activities.
Done
Ask top management to monitor the unique risks facing their organization.
Done
Ask top management to encourage personnel to systematically monitor risks.
Done
Ask your leaders to establish a risk management framework.
Done
Ask them to develop a framework that meets the organization's needs.
Done
Ask them to prepare a general risk management policy statement.
Done
Ask them to define their general approach to risk management.
Done
Ask them to prepare a general risk management plan of action.
To Do
Notes
Will remind them to do so.
Ask them to make people accountable for managing risk.
Done
Ask them to assign risk management responsibilities.
Done
Ask them to assign responsibilities at all appropriate levels.
Done
Ask them to delegate risk management authorities.
Done
Ask them to delegate authorities at all appropriate levels.
Done
Ask them to allocate all required risk management resources.
Done
Ask them to monitor the application of their risk management framework.
Done
Ask them to ensure that it remains appropriate to the organization's context.
To Do
Notes
Will remind them to take into consideration the new acquired business.
Make your organization’s personnel responsible for managing risk
5
77.27%
Make risk management an integral part of your organization's culture.
To Do
Notes
It already is but needs reinforcement across the board - both core and acquired business.
Ask everyone in your organization to be responsible for managing risk.
To Do
Ask your governance personnel to be responsible for managing risk.
Done
Ask them to be responsible for making risk management part of governance.
Done
Ask them to be responsible for making it part of the organization's purpose.
Done
Ask them to be responsible for making it part of the organization's direction.
Done
Ask them to be responsible for making it part of the organization's strategy.
Done
Ask them to be responsible for making risk management part of management.
Done
Ask them to make management accountable for implementing risk management.
Done
Ask your management personnel to be responsible for managing risk.
Done
Ask them to be responsible for making risk management part of management.
Done
Ask them to make risk management part of the organization's roles.
Done
Ask them to make risk management part of the organization's policies.
Done
Ask them to make risk management part of the organization's objectives.
Done
Ask them to make risk management part of the organization's operations.
Done
Ask them to make risk management part of the organization's processes.
Done
Ask them to make risk management part of the organization's practices.
Done
Ask them to make risk management part of the organization's rules.
Done
Ask your rank-and-file personnel to be responsible for managing risk.
Done
Use iterative methods to build risk management into your organization.
To Do
Notes
I need to highlight this key point of ISO 31000:2018 to the dedicated team.
Make sure that your iterative methods meet your organization's needs.
To Do
Make sure that your organization's methods are compatible with its culture.
To Do
Notes
Need to stress this.
Design your organization's unique risk management framework
2
77.78%
Consider your context when you develop your framework
Consider your organization’s context as you design your framework.
Done
Examine and understand your organization’s external context.
Done
Consider external influences during framework design.
Done
Consider external stakeholders during framework design.
Done
Examine and understand external stakeholder needs.
Done
Examine and understand external stakeholder values.
Done
Examine and understand external stakeholder perceptions.
To Do
Notes
Need to check this on both sides of the business.
Examine and understand external stakeholder expectations.
To Do
Examine and understand external stakeholder relationships.
Done
Completion
General comments and observations
We are in the process of reviewing everything considering the 2018 update of ISO 31000 and the business acquisition. We have a lot of work to do at this stage. The project will be lead by our dedicated team.
Sign off
Michael de la Torre
9th Nov, 2018 4:29 PM +08