《07-30153955-DC.pdf》由会员分享,可在线阅读,更多相关《07-30153955-DC.pdf(44页珍藏版)》请在三一文库上搜索。
1、1 Date: 01 June 2007 Origin: National Latest date for receipt of comments: 31 JULY 2007 Project no.: 2006/02075 Responsible committee: RM/1 Risk management Interested committees: BCM/1 Business continuity Title: Draft BS 31100 Code of practice for risk management Please note that this is a draft and
2、 not a typeset document. Editorial comments are welcomed, but persons commenting on this draft are advised not to comment on detailed matters of typography and layout. Supersession information: If this document is published as a standard, the UK implementation of it will supersede NONE and partially
3、 supersede NONE . WARNING: THIS IS A DRAFT AND MUST NOT BE REGARDED OR USED AS A BRITISH STANDARD. THIS DRAFT IS NOT CURRENT BEYOND 31 JULY 2007. This draft is issued to allow comments from interested parties; all comments will be given consideration prior to publication. No acknowledgement will nor
4、mally be sent. See overleaf for information on commenting. No copying is allowed, in any form, without prior written permission from BSI except as permitted under the Copyright, Designs and Patent Act 1988 or for circulation within a nominating organization for briefing purposes. Electronic circulat
5、ion is limited to dissemination by e-mail within such an organization by committee members. Further copies of this draft may be purchased from BSI Customer Services, Tel: +44(0) 20 8996 9001 or email ordersbsi-. British, International and foreign standards are also available from BSI Customer Servic
6、es. British Standards on CD or Online are available from British Standards Publishing Sales Limited. Tel: 01344 404409 or email bsonlinetechindex.co.uk. Information on the co-operating organizations represented on the committees referenced above may be obtained from the responsible committee secreta
7、ry. Cross-references The British Standards which implement International or European publications referred to in this draft may be found via the British Standards Online Service on the BSI web site http:/www.bsi-. Direct tel: 0208 996 7492 Responsible Committee Secretary: Mr Kevin Laverty E-mail: ke
8、vin.lavertybsi- Draft for Public Comment Head Office 389 Chiswick High Road London W4 4AL Telephone: +44(0)20 8996 9000 Fax: +44(0)20 8996 7001 www.bsi- Form 36 DPC: 07/30153955 DC Licensed Copy: London South Bank University, London South Bank University, Sun Jun 17 06:57:11 GMT+00:00 2007, Uncontro
9、lled Copy, (c) BSI 2 Introduction Your comments on this draft are welcome and will assist in the preparation of the consequent British Standard. If no comments are received to the contrary, this draft may be implemented unchanged as a British Standard. Submission The guidance given below is intended
10、 to ensure that all comments receive efficient and appropriate attention by the responsible BSI committee. Annotated drafts are not acceptable and will be rejected. All comments must be submitted, preferably electronically, to Kevin Laverty at the address given on the front cover. Comments should be
11、 compatible with Version 2003 of Microsoft Word for Windows, if possible; otherwise comments in ASCII text format are acceptable. Any comments not submitted electronically should still adhere to these format requirements. All comments submitted should be presented as given in the example below, pref
12、erably using an electronic version of the comment form available from the BSI web site at: www.bsi- Template for comments and secretariat observations Date: xx/xx/200x Document: ISO/DIS xxxxx 1 2 (3) 4 5 (6) (7) M B Clause No./ Subclause No./ Annex (e.g. 3.1) Paragraph/ Figure/Table/N ote (e.g. Tab
13、le 1) Type of com- ment Comment (justification for change) by the MB Proposed change by the MB Secretariat observations on each comment submitted 3.1 Definition 1 ed Definition is ambiguous and needs clarifying. Amend to read . so that the mains connector to which no connection . 6.4 Paragraph 2 te
14、The use of the UV photometer as an alternative cannot be supported as serious problems have been encountered in its use in the UK. Delete reference to UV photometer. Microsoft and MS-DOS are registered trademarks, and Windows is a trademark of Microsoft Corporation. 1 Licensed Copy: London South Ban
15、k University, London South Bank University, Sun Jun 17 06:57:11 GMT+00:00 2007, Uncontrolled Copy, (c) BSI BS 31100 BS 31100 DPC 3 2 3 4 5 6 7 8 BS 31100, Code of practice for risk management 9 10 11 Licensed Copy: London South Bank University, London South Bank University, Sun Jun 17 06:57:11 GMT+0
16、0:00 2007, Uncontrolled Copy, (c) BSI BS 31100 BS 31100 DPC 4 Contents 12 Foreword 5 13 Introduction 6 14 1 Scope 7 15 2 Risk management principles 7 16 3 Risk management model 10 17 4 Risk management framework 13 18 5 Risk management process 27 19 6 Implementing risk management 35 20 Annexes 21 Ann
17、ex A (informative) Risk management tools 40 22 Glossary 41 23 List of figures 24 Figure 1 Risk management model 11 25 Figure 2 Risk management framework 13 26 Figure 3 The risk management process 29 27 List of tables 28 Table A.1 Summary table 40 29 30 31 Licensed Copy: London South Bank University,
18、 London South Bank University, Sun Jun 17 06:57:11 GMT+00:00 2007, Uncontrolled Copy, (c) BSI BS 31100 BS 31100 DPC 5 Foreword 32 Publishing information 33 This British Standard was published by BSI and came into effect on DATE. It was prepared 34 by Technical Committee RM/1, Risk management. A list
19、 of organizations represented on this 35 committee can be obtained on request to its secretary. 36 This British Standard has been developed by practitioners throughout the risk management 37 community, drawing upon their considerable academic, technical and practical experiences of 38 risk managemen
20、t. 39 Use of this document 40 As a code of practice, this British Standard takes the form of guidance and recommendations. 41 It should not be quoted as if it were a specification and particular care should be taken to 42 ensure that claims of compliance are not misleading. 43 Any user claiming comp
21、liance with this British Standard is expected to be able to justify any 44 course of action that deviates from its recommendations. 45 Presentational conventions 46 The word “should” is used to express the recommendations of this standard, with which the 47 user has to comply in order to comply with
22、 the standard. The word “may” is used in the text 48 to express permissibility, e.g. as an alternative to the primary recommendation of the clause. 49 The word “can” is used to express possibility, e.g. a consequence of an action or an event. 50 Contractual and legal considerations 51 This publicati
23、on does not purport to include all the necessary provisions of a contract. Users 52 are responsible for its correct application. 53 Compliance with a British Standard cannot confer immunity from legal obligations. 54 Licensed Copy: London South Bank University, London South Bank University, Sun Jun
24、17 06:57:11 GMT+00:00 2007, Uncontrolled Copy, (c) BSI BS 31100 BS 31100 DPC 6 Introduction 55 Effective risk management brings substantial benefits to organizations, including improved 56 governance and performance in the short and long term. 57 Organizations of all types and sizes face a range of
25、risks affecting the achievement of their 58 objectives and influencing all decision-making. Risk management supports intelligent and 59 effective decision-making in order optimize the level of calculated risk taken and recognize 60 opportunities where taking risks might benefit the organization. Man
26、aging risks increases the 61 likelihood of success and reduces the likelihood of failure. In essence, good risk management 62 is good management. 63 The benefits of good risk management (and the downsides of bad risk management) will be 64 felt by an organizations staff, management, shareholders, cu
27、stomers and other stakeholders. 65 Risk management is continuous, systematically addressing the risks surrounding an 66 organizations activities, and wholly integrated into the culture of the organization. 67 Risk management applies at all levels of an organization and to all activities. 68 This sta
28、ndard provides definitions of risk management terms and a guide to risk management 69 principles, models, framework and processes. Its purpose is to assist organizations to achieve 70 their objectives through effective risk management. 71 Licensed Copy: London South Bank University, London South Ban
29、k University, Sun Jun 17 06:57:11 GMT+00:00 2007, Uncontrolled Copy, (c) BSI BS 31100 BS 31100 DPC 7 1 Scope 72 This British Standard provides a basis for understanding, developing, implementing and 73 maintaining risk management within any organization, in order to enhance an organizations 74 likel
30、ihood of successfully achieving its objectives. This British Standard establishes the 75 principles and terminology for risk management, and gives recommendations for the model, 76 framework, process and implementation of risk management. 77 NOTE A glossary gives the definitions of the risk manageme
31、nt terms most commonly used in this Standard, 78 with the first instance of each term being highlighted in bold to indicate that it is included in the glossary. 79 The recommendations of this standard are generic and intended to be applicable and scalable 80 to all organizations (or parts thereof) a
32、cross the public and private sector, regardless of type, 81 size and nature. How recommendations are implemented will depend on an organizations 82 operating environment and complexity. 83 This Standard is intended for use by anyone with responsibility for: 84 ensuring that an organization manages t
33、o achieve its objectives; 85 ensuring risks are managed in specific areas or activities; 86 overseeing risk management in an organization; 87 providing assurance on an organizations risk management. 88 2 Risk management principles 89 2.1 General 90 The organization should base its risk management pr
34、actices on a series of well defined risk 91 management principles. These principles should be derived from experience, best practice 92 and corporate governance principles. The principles are essential for the development of 93 good risk management practice. They should not be prescriptive but provi
35、de supportive 94 guidance to enable the organization to develop its own practices. 95 The way the principles are applied might need to change over time to reflect changes in 96 circumstances. The organization should therefore innovate and adapt its risk management 97 practices to remain competitive
36、in a changing and uncertain world, so that it can respond to 98 and exploit new opportunities. Additionally, adopted risk management principles should 99 support scalable risk management practices to reflect the organizations size and the extent of 100 its operations and services. Collectively, the
37、principles are aimed at providing a foundation 101 for effective risk management which contributes to the improvement of organizational 102 performance. 103 There are 10 key risk management principles: 104 Systematic and structured risk management; 105 Evidence-based risk management; 106 Addressing
38、uncertainty and its causes; 107 Risk management as part of decision-making; 108 Human factors and behaviour; 109 Licensed Copy: London South Bank University, London South Bank University, Sun Jun 17 06:57:11 GMT+00:00 2007, Uncontrolled Copy, (c) BSI BS 31100 BS 31100 DPC 8 Adding benefit and value;
39、 110 Tailoring risk management; 111 Transparency and inclusion of stakeholders; 112 Responding to change; 113 Enterprise-wide risk management. 114 These are intended to be high level and universally applicable guidelines for aiding and 115 guiding risk management practices. 116 2.2 Systematic and st
40、ructured risk management 117 Risk management should involve recognized processes and activities in a systematic, 118 methodical way that ensures, where practicable, that the results are reliable, robust and 119 comparable, and that decision makers can adopt them with confidence. These processes 120
41、should reflect best practice and be supported by appropriate tools and techniques. They 121 should also reflect in their implementation the context of the activity under examination and 122 the objectives of the stakeholders and their power to influence the outcome. 123 2.3 Evidence-based risk manag
42、ement 124 The inputs to the process of managing risk should be based on historical data (where 125 available), experience, subject knowledge, expert judgment and future projections. In 126 industries or government departments where historical data are not available, the input and 127 contribution of
43、 subject matter experts is both invaluable and essential. Care should be taken 128 to ensure that all appropriate subject matter experts (involved in the organizational activity 129 under examination) are included in the risk management process and that they address all 130 major sources of risk. To
44、 this end, prior to the risk management process, a lessons-learned 131 study should be conducted of similar, previously completed activities. Steps should be taken 132 to ensure, as far as practicable, that risk assessments are not subject to bias. Appropriate 133 techniques should be used to identi
45、fy the major sources of risk and thereby facilitate risk 134 identification. 135 2.4 Addressing uncertainty and its causes 136 The purpose of risk management is to deal with those aspects of decision making that are 137 uncertain. In managing uncertainty, a clear distinction should be made between “
46、cause“, 138 “risk“ and “effect“ with the provision of examples to aid understanding. Where effects are 139 cited as risks (such as budget overrun), it is impossible to derive meaningful and productive 140 risk response actions. The true benefit of risk management is the selection and 141 implementat
47、ion of well considered and specific (and, where possible, SMART specific, 142 measurable, accurate, realistic and timely) risk response actions to remove or reduce the 143 risks, or, where appropriate, transfer them to a third party or accept them. Implementation is 144 dependent on assigning the ac
48、tions to individuals who have the knowledge, aptitude and 145 authority to carry them out. 146 2.5 Risk management as part of decision-making 147 Organizational growth and improved performance depend on informed decision making and 148 the optimum use of scarce resources. By making risk explicit and
49、 readily communicable, the 149 risk management process can assist with the selection of the best option from alternative 150 courses of action. Risk management should inform decision making by making as clear as 151 Licensed Copy: London South Bank University, London South Bank University, Sun Jun 17 06:57:11 GMT+00:00 2007, Uncontrolled Copy, (c) BSI BS 31100 BS 31100 DPC 9 possible (using the best available information) the risk/ reward balance of different options. 1
链接地址:https://www.31doc.com/p-3726536.html