Presentado por: POMPEYO ROJAS MESCCOANTONY KEVIN MEDINA ARCELIZ ELIZABETH SOTO DE LA CRUZ31000

Riesgo est presente en todo lo que hacemos.ISO 31000, la norma internacional sobre la gestin del riesgo, lo define de esta manera:Riesgo = el efecto de la incertidumbre en sus objetivos.El riesgo puede ser una amenaza o una oportunidad

Qu es el RIESGO" ?Cualquier cosa que pueda daar, prevenir, retrasar o mejorar su capacidad para alcanzar sus objetivos = riesgo

Por qu necesitamos gestionar el riesgo?El propsito de la gestin del riesgo es aumentar la probabilidad de que una organizacin alcance sus objetivos estando en una posicin en la que pueda manejar las amenazas y situaciones adversas y estar listo para aprovechar las oportunidades que puedan surgir.

Orientacin Nacionalpara la implementacin de la norma ISO 31000: 2009

ISO (Organizacin Internacional de Normalizacin) es el desarrollador ms grande del mundo y editor de las normas internacionales.

Establecida en 1947, la ISO es una red de los institutos nacionales de estndares de 159 pases, un miembro por pas, con una Secretara Central en Ginebra, Suiza, que coordina el sistema.

All EU CountriesDirectives on GovernanceNetherlandsCode TabaksblattUKCadburyTurnbullGreenbury RptBS 31100 RMFranceVienot Com.Mrini ReportLevy-Long Com.ItalyDraghi CommissionAustralia/New ZealAS/NZS 4360:2004Stock Exchange ListingNew Accounting StandardsBest Practice Stmt MgmtUSBusiness Round TableNYSE listing RequirementsBlue Ribbon CommissionSarbanes Oxley ActCOSO ERM FrameworkCanadaToronto Stock Exchange CommitteeCanadian Securities CommitteeAllen committee ReportCOCOSouth AfricaCode of Best PracticeKing Report I, II, IIIStakeholder CommunicationPublic Finance Mgmt ActJapanCorporate Governance Forum of JapanJ-SOXGermanyBill on The Control and Transparency of organizationsKon TraG BillINTERNATIONAL - Basel I & II; ISO 31000Modelos Globales de Gobierno Corporativo

HISTORIA DE LA ISO 31000

Australia, Nueva Zelanda y Japn iniciaron su creacin - basado en AS / NZ 436030 pases participaron6 reuniones durante varios aosAdoptada en noviembre de 2009, ahora oficialmente la primera Norma Internacional de Gestin de RiesgosGua 73 e ISO 31010 siguieron rpidamenteLa Norma Americana sobre RM - ANSI / ASSE / ISO 31000

BSI 31100 - Actualizado Cdigo de buenas prcticasCSA - gua de implementacin de CanadGua de implementacin de Irlanda - NSAIAustria - tres directrices: la incorporacin de la gestin de riesgos, evaluacin de riesgos y que vinculan a los procesos de continuidad de negocioAustralia y Nueva Zelanda - manuales emitidosJapn - gua creada (en japons)

2011: PC 262 formada para crear la ISO 31004Grupo de trabajo internacional de re-contratado para crear una gua de implementacin de la norma ISO 31000Dos reuniones hasta ahora - esperar dos ms cada ao hasta finalizadoFecha de publicacin del 2015? - Puede coincidir con la prxima actualizacin de la norma ISO 31000

mbito de aplicacin de la norma ISO 31000Esta norma internacional proporciona principios y directrices genricas sobre la gestin de riesgos que pueden ser utilizados por cualquier pblico, la empresa privada o de la comunidad, asociacin, grupo o individuo. Por lo tanto, esta norma no es especfica para cualquier industria o sector.

Los componentes crticos de la norma ISO 31000

Los principios son la base para describir las cualidades de la gestin eficaz de los riesgos en una organizacin

El marco gestiona el proceso global y su plena integracin en la organizacin

El proceso de gestin de riesgos se centra en personas o grupos de riesgos, su identificacin, anlisis, evaluacin y tratamientoMonitoreo y revisin, la mejora continua y la comunicacin se producen en todoDe ANSI/ASSE/ISO 31000

PrincipiosCompromiso de la DireccionDiseo del marco estructura soporteEstructura Proceso de Gestion de RiegoImplementar la gestion del marcoSeguimiento y revision del marcoMejorar continuamente el marcoEstablecer el contextoComunicacion y consultaSeguimiento y RevisionIdentificacin del riesgoAnlisis de riesgoTratamiento del riesgoevaluar el riesgoEVALUACIN DE RIESGOS

Crea ValorParte integral de los procesos de organizacinForma parte de la toma de decisionesAborda explcitamente la incertidumbreEs sistemtica, estructurada y oportunaEsta basada sobre la mejor informacin disponibleEs adaptableToma factores humanos y culturales en cuentaTransparente e inclusivaDinmico, iterativo y sensible al cambioFacilita la mejora continua de la organizacion

La comprensin de la organizacin y su contextoEl establecimiento de la poltica de RMResponsabilidad y AutoridadLa integracin en los procesos de organizacinLa determinacin de los recursos adecuadosEl establecimiento de la comunicacin interna y los mecanismos de informacinEl establecimiento de la comunicacin externa y los mecanismos de informacinISO 31000:2009Gestin de riesgo - Principios y directricesComponentes del Marco

Marco Ejemplo: ContextoContexto externoEntorno social, cultural, poltico, jurdico, normativo, financiero, tecnolgico, econmico, natural y competitivoConductores y tendencias clave que tendrn un impacto en su organizacinLas relaciones con los y las percepciones y valores de los grupos de inters externosContexto internoGobernabilidad, estructura organizacional, roles y responsabilidadesLas polticas, objetivos y estrategiaCapacidades y recursossistemas de Informacincultura organizacionalrelaciones contractualesLas relaciones con, percepciones y valores de los grupos de inters internosISO 31000:2009Gestin de riesgo - Principios y directrices

Marco Ejemplo: BeneficiosAumenta la probabilidad de logro de objetivosFomentar una gestin proactivaSea consciente de la necesidad de identificar y tratar los riesgos en toda la organizacinMejorar la identificacin de oportunidades y amenazasEfectivamente asignar y utilizar los recursosCumplir con los requisitos legales y reglamentarios pertinentes y las normas internacionalesMejorar la notificacin obligatoria y voluntariaMejorar la confianza de las partes interesadas y la confianzaEstablecer una base fiable para la toma de decisiones y la planificacinMejorar los controlesMejorar la gobernanza

Encuesta Mundial sobre la norma ISO 31000Llev a cabo a mediados de octubre a mediados de diciembre de 2011Sitio web de LinkedIn en la norma ISO 31000, con> 6.500 miembros desde marzo de 2009Llegado a ms de 100 asociaciones, participaron miembros de 74 asociaciones1823 respuestas de 111 pasesMayor Nmero de participantes de los Estados Unidos (20%), Reino Unido (10%) y Australia (10%)Profesiones primarias: la gestin de riesgos y de TI

Encuesta participantes

Resultados seleccionados 65% - familiarizado con o conocedores de la norma ISO 3100093% de los encuestados de Australia67% de los encuestados del Reino Unido47% de los encuestados estadounidenses35% - ningn conocimiento7% de los encuestados de Australia33% de los encuestados del Reino Unido53% de los encuestados estadounidenses

Los pases con mayor nivel de conciencia de la norma ISO 31000Australia (65%)Nueva Zelanda (47%)Canad (42%)Emiratos rabes Unidos (37%)Brasil (28%)Sudfrica (26%)

Espaa (21%)Pases Bajos (21%)Reino Unido (21%)Finlandia (18%)Italia (14%)Francia (13%)EE.UU. (11%)"Entender completamente 31000 ISO"

Cmo se utiliza la Gestin de Riesgos en su organizacin?Todas las decisiones (40%)Auditora / cumplimiento (21%)Seguridad / seguridad (18%)Rendimiento Informe (9%)Seguros (7%)No se utiliza en nuestra organizacin (5%)

Qu norma utiliza su Organizacin?Nuestra propia versin (40%)31000 ISO (36%)27005 ISO (20%)COSO (18%)PMBOK (17%)Gua de 73 (16%)AUS / NZ 4360 (13%)31010 ISO (13%)

Risk is defined very broadly. Here is one example of the affect of uncertainty on an objective:

Imagine that a community college wants developed new curriculum for an emerging business operation (such as stem cell research or within a culinary arts program, a program that trains butchers). That is the objective. What uncertainties might affect the objective?Will there be enough students to justify the new program? If so, the college risks paying for the expenses and salaries for teachers and staff without enough income to justify offering courses.Conversely, is there a risk that the college may lose students and tuition dollars if it doesnt offer the new curriculum? Would students leave to take the class somewhere else? Thats uncertain.If it is uncertain whether qualified staff and facilities are available, then there is a risk that the college might not be able to create a high-quality program.If the college is the first in the area to offer this new curriculum, and it draws new students to campus, this could improve the colleges financial stability and reputation as a forward thinking institution. The new curriculum could support business and economic opportunity, which could translate to partnerships, scholarships and internships with local businesses.

If we talk through the uncertainties and risks, we will position ourselves to make the best decision possible. The goal of ERM is to support decision-making and then manage both threats and opportunities.

We need a process to understand the risks associated with our goals and objectives. We need a process that is broad enough to consider the opportunities that are present when we take a risk and the potential harm, or threat, as well.*This approach links what is most important to an organization key objectives, mission and strategy to the management of risk, which increases the likelihood that well succeed and achieve our objectives.

Optional/additional info:

NSAI = National Standards Association of Ireland. This standards body created an implementation guide to ISO 31000.

There is an international work group that is drafting an implementation guide to ISO 31000. It is due to be published in 2014. In the mean time, there are a few resources that are helpful from Ireland, Canada and Australia/New Zealand. This is an excerpt from one of them.**ISO is a non-governmental organization that forms a bridge between the public and private sectors. On the one hand, many of its member institutes are part of the governmental structure of their countries, or are mandated by their government. On the other hand, other members have their roots uniquely in the private sector, having been set up by national partnerships of industry associations. Therefore, ISO enables a consensus to be reached on solutions that meet both the requirements of business and the broader needs of society.Because "International Organization for Standardization" would have different acronyms in different languages ("IOS" in English, "OIN" in French for Organisation internationale de normalisation), its founders decided to give it also a short, all-purpose name. They chose "ISO", derived from the Greek isos, meaning "equal". Whatever the country, whatever the language, the short form of the organization's name is always ISO.***The ISO Standard has three interdependent components.

PrinciplesWe understand why were doing this by understanding the principles. This helps us understand its importance. (The principles are all listed on the next slide.)

FrameworkThe framework tells us how were going to do this, who is going to be part of the process, how much it will cost, how long it will take and the structure for how we will accomplish the assessment and management of risk. We build this on a process of continual improvement, so that we will learn and adapt as we go to assure that we make this a successful process.

ProcessThe risk management process can apply to individual risks, projects, a specific opportunity or a portfolio of risks (such as HR risks or IT risks). The same process is followed each time and documented to build consistency in an organizations approach to managing risk. Thorough discussion of the context before each risk assessment is a critical component because internal and external circumstances are constantly changing.*Here are the details of the three components directly from the standard itself.

There are 11 key principles. If we do not adhere to these principles, then we are not creating value for the organization. The management of risk is not an activity unto itself; it serves the purpose of supporting business and operational objectives.

The framework determines tone, communication and the overall process for implementing risk management in an organization. It includes things like risk management policy, determination of a common language of risk, making plans for training and communication and data management. The framework is set up in a continual improvement model.

The RM process will be familiar to many. It is the process we use to identify, analyze and manage (or treat) risks. The critical activities of monitoring and communicating should occur throughout the process.These are the activities that should be addressed by a risk advisory council and approved by senior leaders (and possibly governing boards).*Describing the context of operations is key to the activity of creating the framework for the process. It is also important to review before each risk assessment process.*The benefits of effective risk management are quite comprehensive across all organizational activities. These benefits should be front and center as any organization proceeds to implement a broader approach to risk management and referred to often as information about the process is communicated to stakeholders.*