Proses Manajemen Risiko ISO 31000: Penetapan Ruang Lingkup, Konteks, dan Kriteria

CRMS Indonesia

10 Oct 202305:25

Summary

TLDRThis video discusses risk management processes based on ISO 31000 standards, highlighting how risk management is already a part of daily life. It introduces the structured, systematic, and comprehensive approach to risk management that ISO 31000 offers. The video focuses on setting the scope, context, and risk criteria, using examples such as a single 30-year-old male named Pak Ali and a FMCG company aiming to increase sales by 50% by the end of 2023. It explains internal and external contexts, and how to establish risk criteria for evaluation and decision-making, including consequences, likelihood, control effectiveness, and risk ranking.

Takeaways

📚 The video discusses risk management processes based on ISO 31000 standards.
🌟 Risk management is a part of everyday life, making the ISO 31000 standard relatable and applicable.
🏢 The ISO 31000 standard helps structure, systematize, and make risk management comprehensive.
📈 The risk management process includes activities such as scope definition, context and criteria, risk assessment, risk treatment, and reporting.
📍 The script focuses on the 'scope definition' part of the risk management process.
👤 An example of internal context is given with a character named Pak Ali, providing personal details to illustrate context.
🚗 External context examples include distance from home to office and transportation methods like taxis and trains.
📈 A company's external context is exemplified with a FMCG company aiming to increase sales by 50% by the end of 2023.
🔍 Criteria for risk are established to evaluate the significance of risks and support decision-making processes.
📊 Risk criteria can be divided into analysis criteria and evaluation criteria, covering aspects like consequences, likelihood, control effectiveness, and risk ranking.
🚦 The criteria help determine risk appetite, tolerance, and priority, which are crucial for managing risks effectively.

Q & A

What is the main topic discussed in the video?
-The main topic discussed in the video is the process of risk management based on ISO 31000.
What does ISO 31000 aim to achieve in risk management?
-ISO 31000 aims to provide a structured, systematic, and comprehensive approach to risk management.
What are the components of the risk management process according to ISO 31000?
-The components include establishing the context and criteria, risk assessment, risk treatment, and reporting.
What is meant by 'establishing the context' in risk management?
-Establishing the context involves understanding the internal and external conditions relevant to the risk management process.
Can you provide an example of internal context mentioned in the video?
-An example of internal context is the condition of Pak Ali, a 30-year-old single male who is less sensitive to noise when asleep and lives alone.
What is an example of external context given in the video?
-An example of external context is the distance between home and office, transportation options like taxis and trains, and road conditions.
What is the role of criteria in risk management?
-Criteria are used to evaluate the significance of risks and support the decision-making process in risk management.
What are the types of criteria mentioned for risk analysis?
-The types of criteria include consequences, likelihood of occurrence, effectiveness of risk controls, and risk ranking.
What does 'consequences' refer to in the context of risk analysis criteria?
-Consequences refer to the impact on revenue, budget, cost, profit, time, and other factors.
How are 'likelihood of occurrence' and 'effectiveness of risk controls' evaluated?
-Likelihood of occurrence is evaluated based on frequency, number of occurrences within a certain time period, or percentage. Effectiveness of risk controls is evaluated based on whether existing controls are effective in design and function to prevent or mitigate risk impacts.
What is the purpose of risk ranking criteria?
-Risk ranking criteria combine consequences and likelihood of occurrence to understand the risk's impact on achieving objectives.
What are the elements of risk evaluation criteria?
-Risk evaluation criteria include risk appetite, risk tolerance, and risk priority.
How are risk appetite and risk tolerance used in decision-making?
-Risk appetite refers to the amount and type of risk an organization is willing to pursue or retain, while risk tolerance is the degree to which variability in the achievement of objectives is acceptable.

Outlines

00:00

📈 Introduction to Risk Management Process

This paragraph introduces the concept of risk management as per ISO 31000 standards and its application in everyday life. It emphasizes that risk management is not a daunting task but a part of daily activities. ISO 31000 is presented as a standard that helps structure, systematize, and make risk management comprehensive. The paragraph outlines the risk management process, which includes activities such as defining the scope, context, and criteria for communication and consultation, risk assessment, risk treatment, and reporting. An example is given to illustrate the process of defining the scope and context for risk management, using a personal scenario involving a man named Pak Ali who is 30 years old, single, and lives alone. The internal context includes his health and sensitivity to noise, while the external context includes the distance between his house and office, transportation options, and road conditions. Another example is provided for an organization, such as an FMCG company aiming to increase sales by 50% by the end of 2023, with its scope encompassing product, marketing, and innovation divisions. The internal context here includes employees and executives, while the external context involves consumers, raw material suppliers, distributors, competitors, regulators, and non-profit organizations. The paragraph also discusses the criteria for risk assessment, which should be flexible, aligned with organizational goals and resources, and consistent with risk management policies. The criteria for risk analysis include consequences, likelihood of occurrence, effectiveness of risk controls, and the criteria for evaluating risk, which combines the impact and probability of occurrence to understand the risk's influence on achieving objectives.

05:00

🔍 Continuation of Risk Management Process

This paragraph serves as a teaser for the continuation of the risk management process in subsequent videos. It mentions that the upcoming video will cover the rest of the risk management process, indicating that this is part of a series. The paragraph ends with a musical cue, signaling the end of this segment and anticipation for the next installment.

Mindmap

Keywords

💡ISO 31000

ISO 31000 is an international standard for risk management that provides guidelines for managing risks in a structured, systematic, and comprehensive way. In the video, it is emphasized as the main framework used for risk management, ensuring that risk management processes are well-organized and effective. The video explains how this standard can be applied both in everyday life and in organizations.

💡Risk Management

Risk management is the process of identifying, evaluating, and mitigating risks to achieve organizational objectives. The video mentions that risk management is something people naturally engage in, even in daily life, and that ISO 31000 provides a more formalized structure for this process. Examples given include managing risks in commuting or in business settings.

💡Scope

Scope in risk management refers to the boundaries and areas covered by the risk assessment process. The video discusses setting the scope as the first step in risk management, focusing on what areas (internal and external) need to be assessed. For example, in a company aiming to increase sales, the scope includes the product division, marketing, and innovation teams.

💡Context

Context refers to the internal and external environment in which risks occur. The video explains the importance of understanding both internal and external contexts to tailor the risk management process to specific situations. Internal contexts include factors like a person's health, while external contexts might include transportation or market competition for an organization.

💡Risk Criteria

Risk criteria are the standards used to evaluate the significance of a risk, supporting decision-making. The video explains that criteria should reflect the organization's values, objectives, and resources. These criteria help assess whether a risk is acceptable or needs further action, such as in a company evaluating risks based on profit or consumer impact.

💡Consequence

Consequence refers to the outcome or impact of a risk if it materializes. The video mentions how risk criteria include consequences such as potential effects on revenue, budget, or time. Understanding consequences helps organizations gauge the seriousness of each risk and prioritize their response.

💡Likelihood

Likelihood is the probability that a particular risk will occur. The video describes how risk criteria include assessing the likelihood of an event happening, based on historical data or estimates. For example, the likelihood of being late to work might be based on past experiences with transportation delays.

💡Control Effectiveness

Control effectiveness refers to how well existing measures prevent or mitigate a risk. The video highlights that evaluating control effectiveness is key to understanding whether current risk management practices are working. This might involve assessing whether a company’s procedures are adequate to handle potential risks.

💡Risk Appetite

Risk appetite is the amount of risk that an organization is willing to accept in pursuit of its objectives. The video explains that risk appetite helps set boundaries for decision-making, determining which risks are tolerable and which require action. For example, an organization might have a low appetite for financial risk but tolerate some operational risks.

💡Risk Tolerance

Risk tolerance is the specific level of risk an organization can endure before action is required. The video explains that risk tolerance is defined after determining the organization’s risk appetite and helps prioritize which risks need immediate control or monitoring. For example, an organization might not tolerate any risks that significantly impact customer satisfaction.

Highlights

Introduction to risk management process based on ISO 31000.

Risk management is a part of daily life, making it relatable and less daunting.

ISO 31000 serves as a standard to structure, systematize, and make risk management comprehensive.

Risk management process includes defining scope, context, and criteria.

Explanation of internal context with an example of a single male named Pak Ali.

External context factors such as distance to work and transportation methods are discussed.

Example of a company's internal context includes employees and executives.

External context for a company might involve consumers, suppliers, distributors, competitors, regulators, and non-profit organizations.

Risk criteria are established to evaluate the significance of risks and support decision-making.

Criteria for risk analysis include consequences, likelihood, effectiveness of risk controls, and risk ranking.

Risk evaluation criteria consist of risk tolerance, appetite, and priority.

High-level risks require immediate control actions and cannot be tolerated.

Tolerable risks need to be reassessed and their treatment reconsidered.

The criteria will serve as a basis for setting risk evaluation criteria for determining risk appetite and tolerance limits.

The video will continue to discuss other processes of risk management in subsequent episodes.

Encouragement to watch the next video for further exploration of risk management processes.