金融風暴、全球暖化危機、颱風、缺水、H1N1等,企業無時無刻不在面臨經營時的風險,ISO有鑑於此,之前參考BSi的風險管理,於2009年11月 13日發佈 ISO 31000:2009風險管理-原則與指導綱要(Risk management - Principles and guidelines)。
ISO 31000強調可於任何組織使用,透過戴明博士的PDCA管理循環的模式(計畫PLAN-執行DO-查核CHECK-行動ACTION),進行風險管理管理工作。
企業在評鑑自己面臨之風險時,可以參考此文件,設計系統化的方法論,建立風險管理溝通的模式,將角色、責任、計畫標的、績效量測、資源及風險管理指標等進 行溝通與宣導。 並透過監督與審查機制,以持續改善風險管理的機制,將預防的觀念,深入企業文化,以減少面臨各種風險所帶來的傷害。
以下是ISO對於此標準的簡介:
ISO 31000:2009 provides principles and generic guidelines on risk management.
ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any industry or sector.
ISO 31000:2009 can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.
ISO 31000:2009 can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.
Although ISO 31000:2009 provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.
It is intended that ISO 31000:2009 be utilized to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards.
ISO 31000:2009 is not intended for the purpose of certification.
沒有留言:
張貼留言