Importance and benefits of the ISO 31000 standard for Risk Management

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this is a video of a presentation from the issw 2013 in Grenoble France Alan Jones is an avalanche consultant and I'm an avalanche researcher who does some consulting I'm going to talk about applying ISO 31000 to Havelange mitigation projects and this is just first impressions neither of us are authorities on ISO 31000 there are three parts to this talk first we'll present the ISO 31000 risk management standard just a quick overview of it then we'll apply it to a hypothetical case study involving a haul road to a new mine and last we'll look at an existing risk management process for roads and see how it compares to ISO 31000 and this is just first impressions only so ISO is the international standards organization and they're based in Geneva they're the world's largest developer of voluntary international standards ISO 31000 was published in 2009 based on a working group from 29 countries most of whom ratified and agreed to this risk management standard it's not certifiable like ISO 9000 but it does provide guidance on best practice the goal is to achieve consistency and reliability and risk management by creating a standard that would be applicable to a wide variety of forms of risk it's really quite a general ion umbrella standard and it leaves lots of room for more specific standards to be developed underneath it to date there are three documents published for the ISO 31000 risk management standard use the principles there are the principles and guidelines the risk assessment techniques and an implementation guide and you can download these for a fee this talk is just an overview on ISO 31000 and these documents are a good starting point to learn more about ISO 31000 in our traditional definition of risk that we've used in natural hazards we combine the probability and severity of an adverse effect on health property or the environment in ISO 31000 we define risk us the effect of uncertainty on our objectives so we have a very different definition of risk and that changes a lot of things and ISO 31000 uncertainty arises from the factors that an organization doesn't control what they may cause an organization to be late in achieving its objectives or fail to achieve its objectives risk is neither positive to negative the consequences that is the effect on our objectives may vary from loss and detriment to gain and benefit some of the new things with ISO 31000 well we have this new definition of risk which is quite a important change and it provides one vocabulary for all organizations and departments so this is pretty advantageous if we can talk the same language up and down through an organization across departments how the same language when I was talking to the lawyers the insurers the board of directors etc I also requires that there's a clearly defined risk owner to take ownership of risk and the emphasis is now on our new definition of risk on the positive and negative effects on our organisational objectives and so risk treatment is concerned with the cheating a net increase in benefit so here's the ISO 31000 risk management process first you establish the context you identify the risks analyze the risks evaluate them against some external level and then you can continue to treat the risks or if the evaluation suggests the risks who nuts in the right range you can cycle back through make changes we identify the risks analyze it and again until finally you come up with your risk treatment now we're going to apply these stages to a hypothetical mining road to a new mind in which the mind is off this side and the smelter and the worker housing is off to this side so the haul trucks as well as the miners have to travel back and forth on this road which is exposed to avalanches so in our context here we've got this new mind we've got the haul road and only the haul road is exposed to avalanches the etc service buildings are not exposed to avalanches our context includes the number of trucks per day the number of workers traveling on it their day miners the haul trucks everything needs to be considered as to what's exposed and everything is going to be assessed here in terms of the mining company's objectives so they must be clearly identified in that case its profit positive relations with the workers and the communities and environmental stewardship when we identify the risks there's a long list of risks that need to be considered is coming out of our stakeholder consultation the ones at the top in blue most relate to the avalanches that is worker safety reputation the legal liability the Avalanche protection for the road some of these have highly uncertain you don't know whether the costs are going to be large or small related to them therefore they're considered risks we also have insurance and labor as well as our prices which can fluctuate and financial returns from the other mind that could affect the mining company's objectives here we're going to concentrate on the top four in blue because they most directly relate to how the lynches the Avalanche consultant comes up with the cost-benefit analysis of two options the benefit being risk reduction because that affects the organizational objectives the consultant comes up with two risk matrices one for the outset risk before mitigation and one for the residual risk after mitigation these bears some similarities to an analysis of event risk but under ISO 31000 everything must be related to the organizational objectives so emphasized D when Avalanche had no effect on the organizational objectives it would be not considered if a size d4 and d5 avalanches had the same effect on organizational objectives they would be grouped together for the analysis and the consultant comes back to the mining company recommending a combination of a deflection dike for the really busy path it's going to hit the road most frequently and a small forecasting and control program for the other pass this all-too-common the mining company rejects the recommendation because they realize that the deflection dike is going to seriously affect the creek and fish fish habitat is in many jurisdictions so the organizational objective was not reflected in the contract terms these intangibles that were intangible to the Avalanche consultants have been written about going as far back as Peter share in the 1960s so they were they're very well known we have two options to solve this issue one the Avalanche consultant could work more closely with the management team to the contract could be broadened to include environmental issues and ISO 31000 is certainly too general to specify which of these to be taken there so we go back out to the Avalanche consultant for a second contract and he comes back recommending a major forecasting control program without a deflection Dyk our risk treatment and again things are related to the organizational objectives here is we have a more major forecasting control program without a dyke we have an expanded workers safety program because the workers are exposed to the road and then expand insurance coverage including the cost of delayed or shipments that there's long closures on the road this insurance come be quite valuable an expanded legal services contract and an expanded Community Relations program because for example the if there's a closure late in the day the workers might be up at the mine overnight and you need to communicate with the the families and the communities that both the closure so in part three of this talk we'll look at how this is different from a traditional risk management for an avalanche prone Road here we see a flowchart developed by Stefan Margrethe and colleagues in 2003 this is a full flowchart it's quite specific first we define our problem we look at the winter conditions including the number of vehicles on the road and then we look at the avalanches the pass their frequency that they hit the road then initially before we do any mitigation we do then analyze the risks and we see if that's acceptable if the risk is acceptable we're done if not we need to propose a mitigation plan look at its effectiveness and reassess here at this time we're going to come back through we've got our mitigation plan and we come into a risk analysis and we can cycle through in here until we come up with effective mitigation and the risk is acceptable and then we can go ahead and implement our mitigation ISO 31000 changes first and foremost some terminology but is obvious here these first two boxes fall under establishing the context this box here is considered risk identification no change in terminology for the risk analysis here's the risk evaluation here and then the mitigation plan is an optional risk treatment we're going to review that and come back through and reassess and cycle through here until finally we come up with our final risk treatment in which the risk is acceptable so you know it's two things here first this is a very specific risk mitigation whereas ISO 31000 is quite general and broad and second we have some new terminology here so in summary iso 31000 gives us a general framework for diverse organizations and projects to manage their risk we have a new definition of risks which has quite important changes that can be have positive or negative effects on the organizational objectives we have new terminology already in Canada we're finding it's popular with financial institutions boards of directors upper level level management and in time that will hopefully trickle down to the frontline managers and workers ISO 31000 is not without its detractors grant Purdy in an article 2010 article in the risk analysis Journal points out that some worker safety organizations have questioned why worker safety and achieving zero risk to workers is not the ultimate goal in ISO 31000 but in fact ISO 31000 is very broad and it allows individual organizations to apply whatever objectives is appropriate to their circumstance so the impression that Alan and I have is that so 31,000 works for avalanche mitigation projects but it's just a broad general framework for a risk management that leaves lots of room for more specific risk management standards to be developed underneath it that provides a consistent terminology that can be used throughout an organization and requires that a risk owner if he clearly identified so it has a number of advantages thank you

Info

Channel: undefined

Views: 14,127

Rating: 4.8356166 out of 5

Keywords: Risk Management (Industry), ISO 31000, International Organization For Standardization (Award Winner), Risk (Quotation Subject), Management (Field Of Study)

Id: _BwSWJhVGQY

Channel Id: undefined

Length: 11min 29sec (689 seconds)

Published: Fri Sep 11 2015