Your search keyword '"iso 31000"' showing total 580 results

51. A conceptual model for enterprise risk management

Author

Almeida, Rafael, Teixeira, José Miguel, Mira da Silva, Miguel, and Faroleiro, Paulo

Published

2019

52. Projektkockázatok és kockázatos projektek

Author

Pál Michelberger and Ágnes Kemendi

Subjects

projekt, kockázat, bizonytalanság, kockázatkezelés, ISO 31000, Technology, Industries. Land use. Labor, HD28-9999

Abstract

A projektek a szervezeti változás kulcsfontosságú mozgatórugói; a kudarcuk vagy a sikereik egyaránt jelentős hatással lehetnek a szervezeti teljesítményre. Kockázatok a projekt teljes életciklusa során jelentkezhetnek. Ezeknek és a projekt-tervezés kezdeti bizonytalanságainak kezelése a projektmenedzsment fontos feladatai. A tanulmány korszerű projekt- és kockázatkezelési szabványok és ajánlások alapján ismerteti a hagyományos projektmenedzsment eszközök és módszerek kockázatelemzésben, -értékelésben és -kezelésben történő alkalmazását. A szerzők vizsgálják a klasszikus projektmenedzsment célkitűzések (átfutási idő – erőforrás - célok) és a kockázatalapú döntéshozatal közötti kapcsolatot is. A különböző méretű és hatókörű projektek kockázatai valamint az azokra adott kockázatkezelési eljárások eltérőek lehetnek. A tanulmány rávilágít az ISO 31000-es kockázatkezelési szabványcsomag lehetséges szerepére a projektek kockázatmenedzsmentjében. A szerzők szakirodalmi feldolgozás alapján elemzik a különböző projektek kockázatmenedzsmentjét beleértve a projekt érintettek kockázatokhoz való viszonyát is. A K+F és agilis projekteknek valamint a projektportfolióknak sajátos és összetett kockázati kitettségük van, de projektmenedzsmentjük több rejtett kockázatelemző és -kezelő funkciót is tud biztosítani.

Published

2021

53. Analisis Risiko dan Kontrol Perlindungan Data Pribadi pada Sistem Informasi Administrasi Kependudukan

Author

Iqbal Santosa and Raras Yusvinindya

Subjects

data pribadi, iso 31000, perlindungan data pribadi, sistem informasi administrasi kependudukan, siak, Systems engineering, TA168, Information technology, T58.5-58.64

Abstract

Sistem Informasi Administrasi Kependudukan (SIAK) is an application used in managing personal data of residents in all cities/districts in Indonesia. Personal data becomes the public attention because if it is not managed properly it will have an impact on one's legal protection and non-compliance with regulations, i.e. Permenkominfo Nomor 20 tahun 2016 about Protection of Personal Data in the Electronic System. Risk analysis and control of personal data protection on SIAK applications are needed so that the personal data management can be carried out properly and comply with regulatory requirements. Data collected for this study are primary data, sourced from direct observations on the application, interview about assets related to SIAK along with possible risks, and also internal organizations documents. Data analysis was performed with a risk analysis using the ISO 31000: 2018 risk management process approach, where the identification of relevant risks refers to the Generic Risk Scenarios COBIT 5 For Risk, and the determination of relevant controls refers to the Department of Defense Instruction 8500.2 and NIST 800-53. This research involves the Head of Department and employees of Disdukcapil XYZ City that are related to the strategic and operational aspects of SIAK. The results of this study are the identification of 23 possible risks that are spread over 5 processes of personal data protection that classified into the medium-high risk level, and proposed risk control consisting of 19 preventive controls, 6 detective controls, and 2 corrective control.

Published

2019

54. A framework for risk analysis of the shellfish aquaculture: The case of the Mediterranean mussel farming in Greece

Author

Ioannis Tzovenis and John A. Theodorou

Subjects

Risk analysis, Ecology, business.industry, Commodity, Aquatic Science, Product (business), Work (electrical), ISO 31000, Agriculture, business, Risk assessment, Environmental planning, Ecology, Evolution, Behavior and Systematics, Risk management

Abstract

Mediterranean mussel farming in Greece developed considerably during the last 40 years reaching a gross commodity product up to the limits of the country's production capacity (35–40,000 tonnes/year). Despite the achievements in the sector's growth, little or no effort has been attributed yet to risk assessment and moreover to risk management of the activity. The present effort aims at developing a working framework for the shellfish aquaculture of Greece to be used as a tool by the sector's decision makers to advance strategies for risk elimination or avoidance. The work was based on a generic risk management standard tool, the Joint Australian and New Zealand Risk Management Standard AS/NZS ISO 31000:2009 that has been adapted to the specific national characteristics of all levels of the mussel farming business -activities and the industry function. The framework supported by data sets regarding development, production, profits and losses, retrieved by surveys through distributed questionnaires or interviews during site-visits, as well as by collecting data from national and international authorities. Data input covered technology, farm size, farmer risk-attitude, risk-management strategies, risk-perceptions and socioeconomic profiles. Major risks and risk management options were identified providing aid for remediation risk policies to the stakeholders.

Published

2023

55. Assessing risk management in Brazilian social projects: a path towards sustainable development.

Author

Moraes, Layse F. B, Rampasso, Izabela Simon, Anholon, Rosley, Lima, Gilson B. A, Santa-Eulalia, Luis A, Mosconi, Elaine, and Yparraguirre, Ivany T. R

Subjects

*SUSTAINABLE development, *SUSTAINABLE urban development, *PROJECT managers, *SOCIAL problems, *PROJECT management, *SOCIAL context

Abstract

Social projects are an important mean to reduce social problems and they have an increased relevance in contexts of high social inequalities, as it is the case of Brazil. However, the existence of these projects may not be enough, they need to be properly managed, including projects risks. In this context, this paper aims to evaluate the application of risk management in social projects in Brazil. A survey was performed with social project managers and data was analyzed through TOPSIS (Technique for Order of Preference by Similarity to Ideal Solution), to rank the items application levels, according to the ISO 31,000's guidelines. Results provide an overview of Brazilian situation. According to the findings presented, the items related to projects context analysis, and responsibility assignments in the projects were the items better applied, while the items related to the understanding of team members regarding risks in social projects and to the amplitude of risk management in the projects were the items with the worst rank positions. The findings presented here contribute to expand the debates on the subject. [ABSTRACT FROM AUTHOR]

Published

2021

56. National disaster risk assessments in Europe. How comparable are they and why?

Author

Pursiainen, Christer and Rød, Bjarte

Subjects

RISK assessment, DISASTERS

Abstract

Copyright of Risk, Hazards & Crisis in Public Policy is the property of Wiley-Blackwell and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2021

57. A performance-based tabular approach for joint systematic improvement of risk control and resilience applied to telecommunication grid, gas network, and ultrasound localization system.

Author

Häring, Ivo, Fehling-Kaschek, Mirjam, Miller, Natalie, Faist, Katja, Ganter, Sebastian, Srivastava, Kushal, Jain, Aishvarya Kumar, Fischer, Georg, Fischer, Kai, Finger, Jörg, Stolz, Alexander, Leismann, Tobias, Hiermaier, Stefan, Carli, Marco, Battisti, Federica, Makri, Rodoula, Celozzi, Giuseppe, Belesioti, Maria, Sfakianakis, Evangelos, and Agrafioti, Evita

Subjects

LOSS control, ULTRASONIC imaging, SOCIOTECHNICAL systems, TELECOMMUNICATION, GAS distribution

Abstract

Organizational and technical approaches have proven successful in increasing the performance and preventing risks at socio-technical systems at all scales. Nevertheless, damaging events are often unavoidable due to a wide and dynamic threat landscape and enabled by the increasing complexity of modern systems. For overall performance and risk control at the system level, resilience can be a versatile option, in particular for reducing resources needed for system development, maintenance, reuse, or disposal. This paper presents a framework for a resilience assessment and management process that builds on existing risk management practice before, during, and after potential and real events. It leverages tabular and matrix correlation methods similar as standardized in the field of risk analysis to fulfill the step-wise resilience assessment and management for critical functions of complex systems. We present data needs for the method implementation and output generation, in particular regarding the assessment of threats and the effects of counter measures. Also included is a discussion of how the results contribute to the advancement of functional risk control and resilience enhancement at system level as well as related practical implications for its efficient implementation. The approach is applied in the domains telecommunication, gas networks, and indoor localization systems. Results and implications are further discussed. [ABSTRACT FROM AUTHOR]

Published

2021

58. How to Evaluate Supply Chain Risks, Including Sustainable Aspects? A Case Study from the German Industry.

Author

Medina-Serrano, Rubén, González-Ramírez, Reyes, Gasco-Gasco, Jose, and Llopis-Taverner, Juan

Subjects

*SUPPLY chains, *FAILURE mode & effects analysis, *SUPPLY chain management, *SUPPLY chain disruptions, *CASE studies

Abstract

Purpose: Outsourcing transactions have been arisen and evolved in the last years and purchase managers want to know if a Failure Mode Effects and Analysis (FMEA) is an effective qualitative technique to analyze supply chain risks (SCR) in a proper way. The aim of this study is to address this question developing a practicable risk management process based on the guidelines of the ISO 31000 for upstream Supply Chain Risk Management (SCRM) linking risk assessment, risk identification, risk analysis, risk evaluation, risk treatment and validate the process empirically through a case study. Design/methodology/approach: After a review of the literature on Sustainable Supply Chain Risk Management (SSCRM), a case study based on a leading manufacturer of electrical products, collects evidences of SSCRM implementation. Findings: Supply chain disruptions are one of the most critical issues which can negatively influence on firm's performance. Avoiding and mitigating disruptions in the supply chain is one of the main challenges for supply chain managers. Originality/value: This paper identifies the ISO 31000, the ISO 9001 and the use of an FMEA to analyze supply chain risks in a structured manner and to outline future research opportunities in the field of SCRM. [ABSTRACT FROM AUTHOR]

Published

2021

59. Projektkockázatok és kockázatos projektek.

Author

MICHELBERGER, P. and KEMENDI, A.

Abstract

Copyright of International Journal of Engineering & Management Sciences (2498-700X) / Műszaki és Menedzsment Tudományi Közlemények is the property of University of Debrecen and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2021

60. The Link Between Asset Risk Management and Maintenance Performance: A Study of Industrial Manufacturing Companies

Author

Damjan Maletič, Hana Pačaiová, Anna Nagyová, and Matjaž Maletič

Subjects

risk management, maintenance performance, physical assets, ISO 31000, Management. Industrial management, HD28-70, Business, HF5001-6182

Abstract

Purpose: The purpose of this paper is to examine risk management practices and their impact on performance. Specifically, the study aimed to examine risk management practices as part of physical asset management and their impact on maintenance management and its performance. Methodology/Approach: The empirical data were obtained from 76 manufacturing companies. Partial Least Squares Path Modeling (PLS-PM) was applied to evaluate the measurement and structural model. Findings: The results emphasized the importance of integrating risk management practices into asset management processes in order to improve performance outcomes. Research Limitation/Implication: This study contributes to a better understanding of how companies could achieve higher performance results by implementing risk management practices. The results of this study can help managers identify key asset risk management practices. Despite the important implications that can be derived from this study, further research that would extend the model to include additional performance measures and/or asset management dimensions would be of great importance. Originality/Value of paper: By analyzing the interrelationships between asset risk management practices and their direct and indirect effects on maintenance performance, the study provides important insights for the development of strategies to promote the novel and important discipline of asset management.

Published

2020

61. Enterprise Risk Management in Healthcare

Author

Levett, James M., Fasone, James M., Smith, Anngail Levick, Labovitz, Stanley S., Labovitz, Jennifer, Mellott, Susan, Dotan, Douglas B., Sanchez, Juan A., editor, Barach, Paul, editor, Johnson, Julie K., editor, and Jacobs, Jeffrey P., editor

Published

2017

62. Risk management. A case study of a Colombian public sector company.

Author

Jurado-Zambrano, Diego and Villanueva, Eduart

Subjects

PUBLIC sector, PUBLIC companies, SENIOR leadership teams, INTERNAL auditing, RESOURCE allocation

Abstract

Copyright of Cuadernos de Contabilidad is the property of Pontificia Universidad Javeriana and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2021

63. Metodología para gestionar riesgos en la autoevaluación de las maestrías del Instituto de Farmacia y Alimentos de la Universidad de La Habana.

Author

Suárez Pérez, Yania and Nieto Acosta, Olga María

Subjects

*MASTER'S degree, *EDUCATIONAL programs

Abstract

With the purpose of maintaining the success in the quality of educational services, in this work it was designed a methodology to manage risks associated to the self-evaluation processes of the master's programs offered in the Institute of Pharmacy and Food (IFAL) of the University of Havana. It was adopted the thought based on risk promoted by ISO standards, the general stages of the process described in ISO 31000 and the combination of different quality tools. It was given special attention to the planning of the process, the selection and training of the work team, the identification and consensus on the criteria established to classify the identified risks, as well as their weighting for their treatment and control. The proposed methodology can be generalized as it is flexible and applicable to similar contexts. [ABSTRACT FROM AUTHOR]

Published

2020

64. The Link Between Asset Risk Management and Maintenance Performance: A Study of Industrial Manufacturing Companies.

Author

Maletič, Damjan, Pačaiová, Hana, Nagyová, Anna, and Maletič, Matjaž

Subjects

ASSET management, PERFORMANCE management, PERFORMANCE theory, STRUCTURAL models, MANUFACTURING processes

Abstract

Purpose: The purpose of this paper is to examine risk management practices and their impact on performance. Specifically, the study aimed to examine risk management practices as part of physical asset management and their impact on maintenance management and its performance. Methodology/Approach: The empirical data were obtained from 76 manufacturing companies. Partial Least Squares Path Modeling (PLS-PM) was applied to evaluate the measurement and structural model. Findings: The results emphasized the importance of integrating risk management practices into asset management processes in order to improve performance outcomes. Research Limitation/Implication: This study contributes to a better understanding of how companies could achieve higher performance results by implementing risk management practices. The results of this study can help managers identify key asset risk management practices. Despite the important implications that can be derived from this study, further research that would extend the model to include additional performance measures and/or asset management dimensions would be of great importance. Originality/Value of paper: By analyzing the interrelationships between asset risk management practices and their direct and indirect effects on maintenance performance, the study provides important insights for the development of strategies to promote the novel and important discipline of asset management. [ABSTRACT FROM AUTHOR]

Published

2020

65. From Risk Management to Resilience Management in Critical Infrastructure.

Author

Rød, Bjarte, Lange, David, Theocharidou, Marianthi, and Pursiainen, Christer

Abstract

This article discusses critical infrastructure resilience in terms of how it could be incorporated into the existing safety and security practices, namely the ISO 31000 risk management standard. The article starts by outlining the resilience discourse, focusing on the organizational, technological, and societal domains of resilience. It goes on to present an approach to how the risk management standard can be extended to a critical infrastructure resilience management framework. Focusing in particular on the organizational and technological resilience domains, which are considered those that can most readily be controlled by critical infrastructure operators, the article presents one of the resilience assessment techniques in some detail to operationalize the overall management framework. In so doing, the article proposes a prestandardization input for critical infrastructure resilience management, tested in an operational environment. The article concludes with five maxims for this objective: no duplicate practices; tailorability; plurality of assessment techniques; measurability; and relative ease of use. [ABSTRACT FROM AUTHOR]

Published

2020

66. Risk management standards and the active management of malicious intent in artificial superintelligence.

Author

Bradley, Patrick

Subjects

*RISK management in business, *RECIDIVISTS, *POLITICAL systems

Abstract

The likely near future creation of artificial superintelligence carries significant risks to humanity. These risks are difficult to conceptualise and quantify, but malicious use of existing artificial intelligence by criminals and state actors is already occurring and poses risks to digital security, physical security and integrity of political systems. These risks will increase as artificial intelligence moves closer to superintelligence. While there is little research on risk management tools used in artificial intelligence development, the current global standard for risk management, ISO 31000:2018, is likely used extensively by developers of artificial intelligence technologies. This paper argues that risk management has a common set of vulnerabilities when applied to artificial superintelligence which cannot be resolved within the existing framework and alternative approaches must be developed. Some vulnerabilities are similar to issues posed by malicious threat actors such as professional criminals and terrorists. Like these malicious actors, artificial superintelligence will be capable of rendering mitigation ineffective by working against countermeasures or attacking in ways not anticipated by the risk management process. Criminal threat management recognises this vulnerability and seeks to guide and block the intent of malicious threat actors as an alternative to risk management. An artificial intelligence treachery threat model that acknowledges the failings of risk management and leverages the concepts of criminal threat management and artificial stupidity is proposed. This model identifies emergent malicious behaviour and allows intervention against negative outcomes at the moment of artificial intelligence's greatest vulnerability. [ABSTRACT FROM AUTHOR]

Published

2020

67. Export and exports risks of small and medium enterprises during the COVID-19 pandemic

Author

Heinzová, Romana, Hoke, Eva, Urbánek, Tomáš, Taraba, Pavel, Heinzová, Romana, Hoke, Eva, Urbánek, Tomáš, and Taraba, Pavel

Abstract

COVID-19 has created an entirely new unknown environment with new risks. Various restrictive national measures seeking to protect health took precedence over economic measures. Moreover, a large number of businesses are entirely dependent on international trade and exports. The aim of this paper is to map and analyze the development of small and medium enterprises’ exports during the COVID-19 pandemic in the Czech Republic. Moreover, it identifies the most significant export risks and their perception by small and medium enterprises. The chi-square test, Cramer’s coefficient, and exact binomial test were used to verify the statistical dependencies of research questions and hypotheses. Empirically, the statistically significant impact of the COVID-19 pandemic on the decline in small and medium enterprises’ exports was confirmed. In connection with the effectiveness of risk management, it was found that less than 50% of enterprises in the research sample are not ISO 31000-certified. The study concluded that the most significant export risks confirmed by statistical testing were COVID-19 risks and payment morale of foreign trading partners. © Romana Heinzova, Eva Hoke, Tomas Urbanek, Pavel Taraba, 2023.

Published

2023

68. Information Technology Risk Management in Educational Institutions Using ISO 31000 Framework

Author

Putri, Niken Lusia and Papilaya, Frederik Samuel

Subjects

information technology, ISO 31000, risk management, educational institution

Abstract

Currently, educational institutions in Indonesia have implemented information technology as a support in running their daily business processes, such as the use of various application systems in schools. The integration of information technology in educational institutions has been increasing rapidly in recent years, including in Indonesia. This integration has provided many benefits such as increased efficiency, effectiveness, and accessibility to information. However, in its implementation, it cannot be denied that there are various information technology risks that can occur and disrupt the business processes of the organization. Therefore, an analysis of information technology risk management is needed in an educational institution in Indonesia using the ISO 31000 framework to minimize the possibility of risks occurring and the impact of these risks. Through this research, information is obtained on risk assessment, risk analysis, risk evaluation, and risk treatment for each possible information technology risk in the educational institution. The results of this research are expected to be used by the educational institution in identifying possible risks in the organization, and can be used as a reference in formulating policies on how to deal with risks so that the organization can minimize the possibility of information technology risks occurring and their impact in the future. Saat ini, lembaga pendidikan di Indonesia telah menerapkan teknologi informasi sebagai pendukung dalam menjalankan proses bisnis sehari-hari mereka, seperti penggunaan berbagai sistem aplikasi di sekolah. Integrasi teknologi informasi di lembaga pendidikan telah meningkat dengan pesat dalam beberapa tahun terakhir, termasuk di Indonesia. Integrasi ini memberikan banyak manfaat seperti peningkatan efisiensi, efektivitas, dan aksesibilitas informasi. Namun dalam implementasinya, tidak dapat dipungkiri bahwa terdapat berbagai risiko teknologi informasi yang dapat terjadi dan mengganggu proses bisnis organisasi. Oleh karena itu, diperlukan analisis manajemen risiko teknologi informasi pada salah satu lembaga pendidikan di Indonesia dengan menggunakan kerangka kerja ISO 31000 untuk meminimalkan kemungkinan risiko terjadi dan dampak dari risiko tersebut. Melalui penelitian ini, diperoleh informasi mengenai penilaian risiko, analisis risiko, evaluasi risiko, dan penanganan risiko untuk setiap kemungkinan risiko teknologi informasi pada lembaga pendidikan. Hasil penelitian ini diharapkan dapat digunakan oleh lembaga pendidikan dalam mengidentifikasi kemungkinan risiko di organisasi, serta dapat digunakan sebagai referensi dalam menentukan kebijakan mengenai bagaimana mengatasi risiko sehingga organisasi dapat meminimalkan kemungkinan risiko teknologi informasi terjadi dan dampaknya di masa mendatang.

Published

2023

69. Information System Engineering Promotes Enterprise Risk Management

Author

Stoll, Margareth, Laner, Dietmar, Sobh, Tarek, editor, and Elleithy, Khaled, editor

Published

2015

70. From Information Security Management to Enterprise Risk Management

Author

Stoll, Margareth, Sobh, Tarek, editor, and Elleithy, Khaled, editor

Published

2015

71. Determinación del nivel de confianza en el punto de equilibrio de un proceso.

Author

Lara Escamilla, Samuel, Aguirre Gutiérrez, Jorge, and Cervantes Valencia, Isabel

Abstract

Copyright of Congreso Internacional de Investigacion Academia Journals is the property of PDHTech, LLC and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2018

72. Incorporation of international risk management standards into federal regulations.

Author

Rezende Nunes de Souza, Flávio Sergio, de Azevedo Braga, Marcus Vinícius, Moreira da Cunha, Armando Santos, and Bosco de Sales, Patrick Del

Subjects

*RISK management in business, *PUBLIC administration, *QUALITATIVE research, *CONTENT analysis, *INTERNATIONAL organization

Abstract

The issue of risk management has gained attention in the field of administration due to the dissemination of international frameworks. In Brazilian federal public administration, risk management is a recent and expanding practice. This research analyzes how international corporate risk management frameworks have been adopted by the federal government through regulations and guidelines. The study adopts the concepts of coercive, normative, and mimetic forces from the neo-institutional theory, and examines the presence of international norms in the Brazilian regulations. Through a qualitative approach, content analysis in documents, norms, interviews, and seminars was used to identify traits of the COSO ERM and ISO 31000/2009 frameworks, which were chosen based on relevance. Results identify important actors pushing for the use of international frameworks, such as international organizations, professional associations, and public agencies, especially those related to government audits. Despite the strong international influence, the Brazilian norms are adapted to the organizations' context and allowing the maintenance of national autonomy. [ABSTRACT FROM AUTHOR]

Published

2020

73. Identificación de factores de riesgo operativo en el sector metalmecánico manufacturero.

Author

LEÓN, Rocío G., SCACCO, Edison B., and GALIANO, Nelly E.

Abstract

Copyright of Revista Espacios is the property of Talleres de Impresos Oma and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2019

74. Managing Risk of Refinery Megaproject based on ISO 31000 and PMBOK.

Author

Wisianto, Arie

Subjects

RISK management information systems, RISK management in business, RISK assessment, PROJECT management, REAL property acquisition

Abstract

In order to improve national energy security and the competitiveness of the refinery industry, PT Pertamina (Persero) implements the Refinery Development Master Plan (RDMP), which is consist of revamping 4 units of existing refineries and building 2 units of new grass root refinery. In this paper we will discuss risk management for the RDMP project based PMBOK and ISO 31000 RDMP. RDMP Project management is divided into two stages, namely project development and project execution, risk management has been implemented since the project initiation until commissioning startup. The process of risk management referring to PMBOK are plan risk management, identify risks, qualitative risk analysis, quantitative risk analysis, plan risk responses, implement risk responses and monitor risks. We determined risk limit for project 5% of investment costs, while the ongoing stage is 5% of the current year's budget, those number represented our risk appetite. Furthermore, the risk identification stage followed by qualitative risk analysis obtained 170 risk events with 21% in the categories of strategy & planning aspect, 4% compliance aspect and the remaining 54% operations / infrastructure aspect. This is in line with the theory that stated at the project development stage having higher risk than at the execution stage, and the top risk category is related to business strategy risk, namely the business scheme (tolling or merchant), getting the right partner, project financing, land acquisition, most of the top risk are risk owned by Project Development Department. The quantitative risk analysis (QRA) stage has two tasks, namely numerical simulation of project economics and numerical simulation of cost & schedule. Once of the overall project risks can be seen from the QRA results, probability of completed project duration P80 for RDMP Balikpapan project is 58 months while P50 is 57 months and P90 is 59 months. To assess the effectiveness of risk management and project management, a maturity assessment has been carried out with results of level 2.65 of scale 5 for project management and 3.3 of scale 5 for project risk management. When implementing project risk management, we use for both PMBOK and also ISO 31000 frame work, this feels very complementary. As an example the need for risk maturity as a review of risk management implementation, mandate & commitment and the existence of a Risk Management Policy, the principles and risk management framework of ISO 31000 are very beneficial. On the other hand, emphasizing positive and negative risks, links with the knowledge areas and other process groups by PMBOK are very helpful in integrating project risk. When conducting risk management Pertamina equipped with web-based Enterprise Risk Management System (ERMS) to facilitate data and communication processes. From the discussion it can be concluded that ISO 31000 and PMBOK complement each other in carrying out project risk management, quantitative risk analysis can describe overall risk of the project, maturity assessment helps measuring the effectiveness of risk management and gap analysis, risk management information system is very necessary in carrying out risk management. [ABSTRACT FROM AUTHOR]

Published

2019

75. APPLYING A RISK MANAGEMENT MODEL IN INTELLECTUAL PROPERTY MANAGEMENT.

Author

BERCOVICI, Adrian, GOTESMAN BERCOVICI, Elisa, and MAFTEI, Mihaela

Subjects

RISK management in business, MANAGEMENT of intellectual property, PATENT management, PATENTS

Abstract

The purpose of this paper is to determine how a Risk Management Model could be applied in Intellectual Property Management (IPR) or Patent Management. Implementing the Risk Management in IPR Management is the challenge that we intend to research in this paper. In this order, authors are using ISO 31000:2018 Risk Management Model, having in mind that it is easier to integrat it in organizations that have already implemented other ISO managament systems (quality, environment, energy, anti-bribery). Firstly the paper presents the necessity of using a Risk Management process in Merging & Acquisitions departments when Intellectual Property Rights are important in transations. Then there are presented Risk Management Model according ISO 31000, with emphasis on integrating Risk Management into a strategic and operational management system, Risk Management process stages: risk assessment, treatment and recording and reporting and examples of Risk Management Model implementation. In the future research it will be important to prepare the structure of the IPR Management so that the introduction of the Risk Management to be consistent with ISO 31000. [ABSTRACT FROM AUTHOR]

Published

2019

76. METODOLOGÍA DE INTEGRACIÓN: ISO 9001, ISO 31000 Y SIX SIGMA.

Author

Blasco Torregrosa, Marta, Gisbert Soler, Víctor, and Perez-Bernabeu, Elena

Abstract

Copyright of 3C Empresa is the property of Area de Innovacion y Desarrollo, SL and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2019

77. Manajemen Risiko Teknologi Informasi Menggunakan Framework ISO 31000:2018 Pada PT. Trust Lerinvital Timur

Author

Andika, Diky, Yudha and Chernovita, Hanna, Prillysca

Subjects

analisis risiko, manajemen risiko, ISO 31000, ERP

Abstract

Peranan teknologi informasi begitu penting bagi kemajuan suatu perusahaan, dengan menggunakan teknologi informasi pasti selalu terdapat kemungkinan risiko baik itu yang sudah ada maupun risiko risiko yang beum teridentifikasi. PT. Trust Lerinvital Timur merupakan salah satu perusahaan transportasi yang menyadari betapa pentingnya pengelolaan risiko dalam suatu perusahaan. Dalam menunjang proses bisnis yang berjalan di perusahaan, perusahaan memiliki aplikasi ERP yang membantu jalanya proses bisnis. Aplikasi ini merupakan aplikasi yang saling terintregasi antar divisi, seperti penggajian, stok kendaraan, data pemasok, dan lain sebagainya. Namun tidak dapat dipungkiri banyak kemungkinan risiko yang menggangu jalannya aplikasi ERP ini, salah satunya seperti internet service yang sering tiba-tiba mati. Dengan menggunakan framework ISO 31000:2018, diharapkan dapat meminimalisir kemungkinan risiko SI/TI perusahaan, sehingga hasil dari penelitian ini berupa rekomendasi-rekomendasi dari analisis risiko untuk melakukan pengendalian risiko. Sehingga usulan tindakan risiko yang sesuai dapat membantu perusahaan dalam menjaga kualitas perusahaan dari segi SI/TI perusahaan.

Published

2023

78. Parameterization, Analysis, and Risk Management in a Comprehensive Management System with Emphasis on Energy and Performance (ISO 50001: 2018)

Author

P. Pablo Poveda-Orjuela, J. Carlos García-Díaz, Alexander Pulido-Rojano, and Germán Cañón-Zabala

Subjects

risks and opportunities management, comprehensive management system, parameterization, vulnerability, energy efficiency, ISO 31000, Technology

Abstract

The future of business development relies on the effective management of risks, opportunities, and energy and water resources. Here, we evaluate the application of best practices to identify, analyze, address, monitor, and control risks and opportunities (R/O) according to ISO 31000 and 50000. Furthermore, we shed light on tools, templates, ISO guides, and international documents that contribute to classifying, identifying, formulating control, and managing R/O parameterization in a comprehensive management system model, namely CMS QHSE3+, which consists of quality (Q), health and safety (HS), environmental management (E), energy efficiency (E2), and other risk components (+) that include comprehensive biosecurity and biosafety. By focusing on the deployment of R/O-based thinking (ROBT) at strategic and operational levels, we show vulnerability reduction in CMS QHSE3+ by managing energy, efficiency, and sustainability.

Published

2020

79. Gestión Integral de Riesgos y Antisoborno: Un enfoque operacional desde la perspectiva iso 31000 e iso 37001Risk Management and Anti-Bribery: An Operational Approach from the Perspective of iso 31000 and iso 37001

Author

Edmundo R Lizarzaburu Bolaños, Gabriela Barriga, and Eduardo Noriega

Subjects

riesgo operacional, matriz de riesgo, iso 31000, iso 37001, gestión de riesgos, Commerce, HF1-6182, Business, HF5001-6182

Abstract

This paper seeks to explain how companies can apply risk management from an operational approach and the necessary guidelines to carry out an efficient management of it (Bromiley et al., 2015). Therefore, we first work out the risk in operations and explain the types of events, the factors that cause it, and details measurement tools such as severity. Then, the theory about management standards related to risk management, such as iso 37001, iso 31000 and COSO, in their latest versions, is reviewed. The research paper proposes an application in the area of risks, through a proposal of a general risk scheme and a structure of risk management for organizations. Finally, new aspects are developed to consider the case of cybernetic risk.

Published

2018

80. Improvement the Competences of the Specialists Engaged with the Cultural and Scientific Heritage Digitization in the Information Security and Risk Management Systems: ISTRA Approach

Author

Yanislav Zhelev

Subjects

ISO/IEC 27000, ISO 31000, standardization, VET, C-VET, digitalization, Information technology, T58.5-58.64

Abstract

The standards are crucial part of any activity on nowadays life. The necessity of education about standardization is already recognized at European level. As the culture sector evolves and changes, so do the skills required of individuals active in the sector. These changes can only be met by relevant and demand sensitive vocational and continuous vocational education and training (VET and C-VET). Application of the standards for information security and risk management systems in the digitization of cultural and scientific heritage and its preservation and relevant presentation is an issue of key importance. The current paper presents the main outcomes and results achieved so far in the framework of the Erasmus+ Project “International Standards training in VET for promotion of market relevant education” – ISTRA No 2016-1-BG01-KA202-023738 aiming at the development and piloting of innovative training approaches and contents for VET and C-VET training on two widely applicable series of standards - ISO/IEC 27000 and ISO 31000.

Published

2018

81. Emotional Intelligence and Risk Leadership on the Effectiveness of ISO 31000 Implementation in Organisation

Author

Aldi Ardilo

Subjects

ISO 31000, Emotional intelligence, Applied psychology, Psychology

Abstract

ISO 31000 indicates that risk management is a science in which competencies are embedded in the individuals. It also emphasises the importance of having proper leadership while demonstrating the commitment towards the risk management implementation. Humans are emotional creatures—we could sometimes be influenced by the force of feelings, rather than rational discussion. This paper describes the dynamics of emotional intelligence and risk leadership in implementing risk management. The research used a qualitative-descriptive design with the verification strategy of case study. It used a non-probability sampling to individuals in the top management position. The findings suggest that without a proper level of emotional intelligence, it is difficult for leaders to cultivate an effective risk culture. These findings may equip decision makers on the interrelationships between emotional intelligence, risk culture, and organisation’s risk management maturity.

Published

2021

82. Risk Analysis of Microfinance Conversion Based on ISO 31000 PT. Bank BRI Syariah. Tbk Aceh

Author

Ayomi Dita Rarasati and Wa Ode Norlita

Subjects

Risk analysis, Microfinance, law, business.industry, ISO 31000, Accounting, Business, law.invention

Abstract

Aceh government issued Aceh Qanun No. 11 of 2018 about Sharia Financial Institutions, which demands that all financial contracts in Aceh adhere to Sharia principles. This regulation has an impact on the Aceh region's financial business. PT Bank BRI Tbk Aceh has decided to conversion entire financing and funding portfolio to one of its sharia-compliant subsidiaries, PT Bank BRIsyariah Tbk. microfinance portfolio is bigger than other segments. By constructing a risk analysis based on ISO 31000, this study assesses the business risk associated with converting PT Bank BRIsyariah Tbk's microfinance segment in the Aceh region. The results indicate that twenty risks have been identified and evaluated. Risk can be classified into five broad categories: operational, reputational, strategic, credit, and compliance. The risk analysis results indicate that the risk is significant and requires immediate attention. Operational risk is associated with differences in data capacity, servers, the core banking system, and financing applications, whereas strategic risk is associated with differences in financial analysis, guarantee provisions, and regulations.

Published

2021

83. Integrated Management System: The Integration of ISO 9001, ISO 14001, OHSAS 18001 and ISO 31000.

Author

Muzaimi, Hafizzudin, Boon Cheong Chew, and Hamid, Syaiful Rizal

Subjects

*ISO 14001 Standard, *ISO 9001 Standard, *SUSTAINABILITY, *RISK management in business, *STAKEHOLDERS

Abstract

The implementation of integrated management system (IMS) for better quality management has become a preference for many organizations. This can be seen as many organizations used the combination of quality ISO 9001, an environment ISO 14001 and occupational health and safety management system OHSAS 18001 as a core for the IMS that largely implemented. Besides, the linked between quality management with risk management system need to be identified as the management system that enhance the effectiveness of IMS. Therefore, the risk management system ISO 31000 also presented as a part of integration. In nowadays competitive environment, the increasing pressure and needs from customer or stakeholders make it compulsory for the organization to propose the new system and standards. This paper presents and discusses about the benefit of integration, the management system components that can be converged and the implementation approach. A series of interview was conducted through in-depth interviews with 8 experts in this field, while data collected were analyzed qualitatively. The results consist of 16 factors of IMS implementation that have been identified and the use of PDCA approach for an effective implementation of IMS. As a conclusion, the paper proposes the integration of four management systems (ISO 9001, ISO 14001, OHSAS 18001 and ISO 31000) and on how the IMS can be used to structure the process of management for quality management towards sustainability practices in the organization. [ABSTRACT FROM AUTHOR]

Published

2017

84. مساهمة التدقيق الداخلي في إدارة المخاطر المصرفية في ظل المعايير الدولية للتدقيق الداخلي وقواعد السلوك المهني - دراسة ميدانية للبنوك الج ا زئرية

Author

حاج قويدر قورين, أبو بكر الصديق قيداو, and عمر عبو

Abstract

Copyright of El-Bahith is the property of University of Kasdi Merbah Ouargla and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2019

85. Risk Management, Challenge or Good Practice?

Author

POPA, Firică and GULIE, Nicoleta

Subjects

RISK management in business, FINANCIAL planning, MARKETING effectiveness, BUSINESS expansion

Abstract

Using referential ISO standards of management systems, the author makes a succinct and schematic commentary on the issue of risk management as a challenge or good practice. The article is illustrated with a flow chart for the application of risk and opportunity-based thinking and a scheme that includes the stages of risk-based and opportunity-based thinking. In conclusion, a risk-management plan is presented that solves the implementation stages of risk-based thinking, such as: establishing treatment actions, planning for the integration and implementation of actions, implementing actions and assessing their effectiveness. [ABSTRACT FROM AUTHOR]

Published

2018

86. Integration of Risk Engineering by ISO 31000 and Safety Engineering: A Case Study in a Production Floor of Sport Footwear Industry in Indonesia.

Author

Sukapto, Paulus, J. D. H., Desena, Ariningsih, Paulina K., and Susanto, Sani

Subjects

RISK assessment, FOOTWEAR, INDUSTRIAL safety

Abstract

ISO 31000 has become essential for the practical implication of risk engineering to industry in Indonesia. The National Standardization Body has decided to make ISO 31000 the National standard for the principle and guidance of risk engineering in industry. Meanwhile, the reference for implementating ISO 31000 is very limited, especially in the footwear industry which has significant volume in Indonesian industry. This article gives a description of the implementation and impact of ISO 31000 with respect to a company's risk engineering strategy on the production floor in the footwear industry. The implementation of risk engineering begins with establishing a context to determine any analysis consideration. The next step is the execution of the risk engineering process, which consists of four major steps: risk identification, risk analysis, risk evaluation and risk treatment. Some techniques used in the risk engineering process are semi-structured interview, root cause analysis, consequence/probability matrix, and cost benefit analysis. Fourty five risks are identified from the company studied. From the risk evaluation, 14 risks are identified as risks that require special treatments. Those risks shall become the priority of management. The process of risk engineering discovered risk in safety. Therefore, safety engineering was implemented to improve the system. [ABSTRACT FROM AUTHOR]

Published

2018

87. MODELO DE GESTÃO DE RISCOS EM LAVANDERIAS DE BENEFICIAMENTO NO ARRANJO PRODUTIVO LOCAL (APL) TÊXTIL E DE CONFECÇÕES DE PERNAMBUCO, BRASIL.

Author

Lorena, Emmanuelle M. G., Lorena, Cynthia M. G., Medeiros, Raimundo M., El-Deir, Soraya G., Holanda, Romildo M., and Araújo, Vinícius D.

Abstract

Copyright of Revista Producao Online is the property of Associacao Brasileira de Engenharia de Producao and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2018

88. Analisis Risiko dengan Metode ISO 31000 pada Disperinnaker Kota Salatiga Bidang Industri

Author

Lela Dina Berliana and Andeka Rocky Tanamaah

Subjects

Risk analysis, Government, Risk analysis (engineering), ISO 31000, Order (business), Secondary sector of the economy, Agency (sociology), Business, Risk assessment

Abstract

Setiap instansi pemerintah, pasti memiliki aset administrasi dan sistem aplikasi yang digunakan, begitu juga dengan bidang industri Disperinnaker Kota Salatiga. Dari setiap aktivitas tersebut, pasti memiliki ancaman dan risiko. Untuk meminimalisirnya, diperlukan suatu analisis risiko agar dapat melakukan pencegahan, penangan, serta perbaikan terhadap risiko yang terjadi. Analisis risiko ini menggunakan metode ISO 31000. Metode ISO 31000 lebih perspektif dan konseptual dibandingkan dengan metode ISO lainnya. Terdapat 2 tahapan dalam analisis risiko ini, yaitu penilaian risiko dan perlakuan risiko. Tujuan dilakukan analisis risiko dengan metode ISO 31000 agar dapat mengidentifikasi kemungkinan risiko yang muncul serta mengetahui level dampak dari risiko tersebut dan memunculkan usulan tindakan atau upaya yang dilakukan untuk meminimalisir risiko yang terjadi, baik terhadap aset maupun aplikasi yang digunakan pada bidang industri Disperinnaker Kota Salatiga, sehingga aktivitas dapat berjalan secara optimal.

Published

2021

89. Analisis Risiko Teknologi Informasi Aplikasi CATTER PDAM Kota Salatiga Menggunakan ISO 31000

Author

Enik Muryanti and Kristoko Dwi Hartomo

Subjects

Risk analysis, ISO 31000, Risk identification, Metre, Operations management, Business, Recording system, Risk assessment, Risk evaluation

Abstract

Catat Meter (CATTER) merupakan sistem pencatatan stand meter air pelanggan pada PDAM Kota Salatiga. Aplikasi Catat Meter membantu perusahaan dalam proses memasukan data stand meter air pelanggan pada setiap harinya dan memepermudah dalam pelaporan tagihan air warga Kota Salatiga. Penelitian dilakukan dengan menggunakan metode ISO 31000 yang merupakan sebuah framework yang digunakan sebagai pedoman penerapan manajemen analisis risiko yang memilki beberapa tahapan yaitu tahap pertama penilaian risiko (risk assessment) yang terdiri dari 3 tahapan yaitu identifikasi risiko (risk identification), analisis risiko (risk analyst), evaluasi risiko (risk evaluation). Tahapan selanjutnya adalah perlakuan risiko (risk threatment). Terdapat 4 kemungkinan risiko yang termasuk dalam tingkatan high, 13 kemungkinan yang termasuk dalam tingkatan medium, dan 9 kemungkinan risiko yang termasuk dalam tingkatan low. Permasalahan yang muncul adalah kurangnya proses maintenance pada asset yang dimiliki oleh aplikasi Catat Meter yang belum dilakukan secara optimal. Dengan menerapkan risk reduction perusahaan mampu meminimalisir kemungkinan risiko dan dampak yang ada.

Published

2021

90. ANALYSIS OF INFORMATION TECHNOLOGY RISK MANAGEMENT IN RAJA COMPUTER BALIKPAPAN BRANCH USING ISO 31000 FRAMEWORK

Author

Rezvina Auliyah and Ilda

Subjects

Risk analysis, IT risk, Raja, biology, ISO 31000, Operations management, Business, Business activities, biology.organism_classification, Stock (geology)

Abstract

Raja Computer Balikpapan Branch is a store that is engaged in selling computers, the store already uses IS/IT in supporting every business activity it carries out. The store uses the Ipost application which is used to support computer sales, record stock of goods, and can be used to record daily contests needed by the store. However, in the world of management, there is always the possibility of risks that may occur and can interfere with business activities in using the system. Thus, an analysis is needed of the IS/IT resources contained in the computer shop. Therefore, it is hoped that using ISO 31000 can help minimize every risk contained in the Ipost application. The results of this risk analysis are in the form of an analysis of possible risks, can group possible risks based on applications that can generate offers and risks that exist in Ipost, so the computer shop can treat existing risks according to the priority level of risk and be able to prevent and minimize disrupting business activities at Raja Computer store Balikpapan branch.

Published

2021

91. Risk management methodology in the supply chain: a case study applied

Author

J. Garzón-Moreno and Manuel Jesús Hermoso-Orzáez

Subjects

Supply chain risk management, Risk analysis (engineering), Work (electrical), business.industry, ISO 31000, Computer science, International standard, Supply chain, General Decision Sciences, Context (language use), Management Science and Operations Research, business, Risk management

Abstract

This work provides a general risk management procedure applied to synchronized supply chains. After conducting a literature review and taking the international standard ISO 28000 and ISO 31000 as a reference. The most important steps that enable organizations to carry out supply chain risk management are described. Steps such as defining the context, identifying and analyzing risks or avoiding them, controlling them and mitigating them are some of the main points of this work. On the other hand, we carried out a practical case in which the execution of this procedure is carried out in a real supply chain located in the city of Jaén. In this specific case study, the most important risks and those that require early treatment will be discussed. In addition, a series of suggestions and ideas will be established, by way of conclusions, that allow said organization to improve the results that we have obtained in risk management.

Published

2021

92. Managing the corruption risk at the operation and maintenance stage in the construction projects in Iraq

Author

Alani, Semaa Hazim Najim

Published

2022

93. ANALISIS PETA RISIKO PENGEBORAN DI WILAYAH ASSET 5 PT PERTAMINA EP

Author

Gondo Irawan and Berto Mulia Wibawa

Subjects

Risk management, drilling operations, ISO 31000, Business, HF5001-6182

Abstract

The purposes of this study were to analyze problem maps in drilling activity, iden­tifying and mapping drilling risks, and analyze risk management strategy which should be prepared for drilling activity. The re­search was conducted at the TJG-HZ1 wells, Asset 5 Region PT Pertamina EP, South Kalimantan. The tools used measurement and map­ping risks according to Godfrey (1996). Data collection con­sisted of five stages: obser­vation, interview, questionnaire, literature review, and focus group discussion. The results showed there are 24 identified risks which were divided into four risk categories which is financial, strategic, operational, and hazard. From the 24 risks, there were eight risks in the extreme level, five risks in the high level, five risks in the medium level, and six risks in the low le­vel.

Published

2015

94. ASSESMEN RISIKO BERDASARKAN MANAJEMEN RISIKO KORPORAT TERINTEGRASI (MRKT) BAGI PT XYZ 2015-2017

Author

Christy Dwita Mariana

Subjects

iso 31000, low cost carrier, manajemen risiko korporat terintegrasi, Business, HF5001-6182

Abstract

Industri penerbangan LCC (Low Cost Carrier) merupakan salah satu industri yang diminati di Indonesia. Walaupun demikian, setiap perusahaan yang bergerak di industri penerbangan khususnya LCC (salah satunya PT XYZ) perlu untuk menerapkan suatu sistematisasi formulasi manajemen risiko, salah satunya berbasis ISO 31000. Penelitian ini dilaksanakan sesuai dengan basis yang tertera pada Manajemen Risiko Korporat Terintegrasi menurut ISO 31000. Hasil dari penelitian ini ditemukan 52 kejadian risiko dengan 11 divisi pada perusahaan yang terpapar risiko-risiko terkait. Selain itu, penelitian ini pun menghasilkan pemetaan risiko-risiko pada perusahaan. Risiko-risiko krusial pada perusahaan meliputi risiko fluktuasi nilai tukar rupiah dan USD serta risiko fluktuasi harga avtur. The aviation industry LCC (Low Cost Carrier) is one of the industries that highly demanded in Indonesia. However, every company engaged in the aviation industry in particular LCC (one of which is PT Citilink Indonesia) need to implement a systematizing formulation of risk management, one of them based on ISO 31000. This research was conducted by reference Integrated Enterprise Risk Management according to ISO 31000. The results of this study found 52 occurrences of risk with 11 divisions in company that are exposed to risks associated. In addition, this study also resulted in risk mapping of the company risks. The main risks of company are financial risks, such as the risk of fluctuation in eschange rate of IDR and USD also the risk of fuel price fluctuation.

Published

2017

95. RANCANGAN PENINGKATAN EFEKTIVITAS MANAJEMEN RISIKO OPERASIONAL DI DIVISI KREDIT PADA KEGIATAN PEMBIAYAAN KONSUMEN SEPEDA MOTOR PT XYZ

Author

Tineke Tineke

Subjects

operational risk management, credit division, iso 31000, Business, HF5001-6182

Abstract

Terbatasnya sumber dana formal yang mampu mengatasi kebutuhan kredit masyarakat lapisan bawah yang berpenghasilan rendah merupakan alasan pendorong berkembangnya perusahaan pembiayaan konsumen. Melalui sistem pembiayaan konsumen, masyarakat lapisan bawah berpenghasilan rendah dapat memenuhi kebutuhan hidup layak yang sesuai dengan tingkat kemampuannya. Sepeda motor adalah salah satu kontribusi pertumbuhan perusahaan pembiayaan konsumen tersebut. Kemudahan dalam memperoleh pembiayaan untuk pembelian sepeda motor secara kredit menjadi salah satu penyebab peningkatan penjualan sepeda motor di Indonesia yang dapat menimbulkan potensi risiko bagi perusahaan pembiayaan, tidak terkecuali dengan PT XYZ. Dalam kurun waktu 2010 sampai tahun 2011 PT XYZ mengalami penurunan kualitas kesehatan khususnya dari sisi pembiayaan dimana terjadi peningkatan Non Performing Loan (NPL) dari tahun ke tahun. Tujuan dari penelitian ini adalah untuk mengidentifikasi, menganalisa, merumuskan dan menyusun rencana implementasi peningkatan efektivitas manajemen risiko operasional di divisi kredit PT XYZ. Dalam penelitian ini pendekatan yang dilakukan dengan pendekatan kualitatif dan mengacu pada ISO 31000 tahun 2009. Berdasarkan hasil analisa manajemen risiko operasional divisi kredit PT XYZ yang teridentifikasi dari penelitian ini memiliki 8 risiko, yang paling tinggi dari dampak dan kemungkinan yang terjadi ada 2 risiko, yaitu : turnover Direksi dan key employee dalam Divisi Kredit serta keterlambatan dalam penarikan data yang diperlukan untuk laporan reguler setiap bulan.

Published

2017

96. Audit of risk-management methods in respect of their acceptance of analysis medical activity

Author

V. S. Biryukov

Subjects

ISO 31000, 2009 standard, risk management, medicine, quality management, Education, Sports, GV557-1198.995, Medicine

Abstract

The work is devoted to the analysis of accessibility, usefulness and the possibilities of introducing a number of risk management methods into medical institutions on the basis of the choice of heads medical institutions, after getting to know them with the main methods, proposed by the ISO 31000: 2009 standard. The conducted research has shown advantages of methods of "brainstorming" and the analysis of cause-effect relations by heads of medical institutions.

Published

2017

97. Processo de Monitorização Integrada do Risco no Sistema de Gestão da Qualidade

Author

Silvério, Jorge Manuel Nobre Fazenda da Conceição and Pestana, Gabriel

Subjects

Matriz de risco, Context-awareness, Indicadores de Risco, ISO 31000, Gestão do risco, Ciências Sociais::Economia e Gestão [Domínio/Área Científica]

Abstract

Contexto: A transformação digital tem conduzido a uma maior competitividade do mercado, permitindo às organizações disporem de vantagens competitivas face a grandes players instalados. Todavia, levou a uma maior exposição das organizações a novas ameaças, o que veio reforçar a necessidade de efetuarem uma monitorização integrada do risco com maior cuidado e rigor. Esta abordagem é particularmente relevante quando a implementação do Sistema de Gestão da Qualidade (SGQ) pela norma ISO 9001:2015 requer a integração da Gestão do Risco (GR) nos processos de negócio da organização. Esta Tese analisa e demonstra empiricamente que o tecido empresarial em Portugal não aplica a abordagem de gestão integrada do risco no SGQ com o rigor que deveria. A Tese apresenta o Modelo de Monitorização Integrada do Risco (MMIR), desenvolvido de acordo com a norma ISO 31000 de GR, dispondo de mecanismo de alerta sobre os riscos na organização. Metodologia: Para estudar a problemática de investigação, foi realizada uma pesquisa bibliográfica através do método Systematic Literature Review (SLR), que teve como fontes de dados a base de dados B-on (www.b-on.pt) e o motor de busca Google Scholar. Com base nos resultados da SLR, foi adotada uma metodologia quantitativa. O método de recolha de dados consistiu na realização de um inquérito através de uma pesquisa online, baseada em questionários, com o intuito de recolher informação sobre a perceção de risco pela organização. O questionário foi enviado, por correio eletrónico, a 3599 organizações certificadas em Portugal pela ISO 9001:2015. Resultados: Os resultados da pesquisa online indiciam que as organizações certificadas em Portugal pela ISO 9001:2015 não estão sensibilizadas para a adoção de um processo de monitorização integrada do risco no SGQ. As lacunas das organizações são sentidas sobretudo na conexão entre a GR estratégica e a GR operacional, e vão aumentando à medida que os procedimentos de GR se tornam mais operacionais e orientados para o uso de ferramentas de visualização e comunicação dos Key Risk Indicators (KRI) com os decisores. Originalidade / Valor: Esta investigação visa contribuir para o corpo de conhecimento da ISO 9001:2015, mapeando as dificuldades do tecido empresarial português em utilizar um processo de monitorização integrada do risco no SGQ. Espera-se que estes resultados possam contribuir para fomentar, numa escala nacional, o uso de modelos de GR, como o MMIR, de modo a maximizar a realização dos benefícios da ISO 9001:2015. O MMIR proporciona uma abordagem agnóstica face ao setor de atividade e dimensão da organização, integrando um processo de GR com diferentes técnicas de GR (estratégicas e operacionais) e considerando um conjunto de KRI de referência ao SGQ. Context: The digital transformation has led to higher market competitiveness, allowing organisations to have competitive advantages over prominent installed players. However, it led to greater organisations' exposure to new threats, reinforcing the need for integrated risk monitoring with greater care and rigour. This approach has particular significance when the Quality Management System (QMS) implementation of the ISO 9001:2015 standard requires integrating Risk Management (RM) into the organisation's business processes. This Thesis empirically analyses and demonstrates that the business fabric in Portugal does not apply the integrated risk management approach in the QMS with the rigour it should. The Thesis presents the Model of the Integrated Risk Monitoring (MMIR), a model developed according to ISO 31000 standard of RM, having an alert mechanism in the face of risk in organisations. Methodology: To study the problem, a bibliographic research was carried out using the Systematic Literature Review (SLR) method, which had as data sources the B-on database (www.b-on.pt) and the search engine Google Scholar. Based on the SLR results, a quantitative methodology was used. The data collection method consisted of carrying out an online survey based on questionnaires to collect information about the organisation's perception of risk. The questionnaire was sent, by email, to 3599 organisations certified in Portugal under the ISO 9001:2015 standard. Findings: The results of the online survey show that organisations certified in Portugal by ISO 9001:2015 are not aware of the adoption of an integrated risk monitoring process in the QMS. The gaps in organisations are felt mainly in the connection between strategic RM and operational RM, and they increase as RM procedures become more operational and oriented toward using tools for visualization and communication of Key Risk Indicators (KRI) with decision-makers. Originality / Value: This research aims to contribute to the body of knowledge of ISO 9001:2015, mapping the difficulties of the Portuguese business fabric in using an integrated risk monitoring process in the QMS. It is hoped that these results can contribute to promoting, on a national scale, the use of RM models, such as the MMIR, to maximize the realization of the benefits of ISO 9001:2015. MMIR provides an agnostic approach to the market activity in which the organisation operates, integrating the RM process with different RM techniques (strategic and operational) and considering a set of reference KRI for QMS.

Published

2022

98. Information Technology Risk Management Analysis Using ISO: 31000 at PT. XYZ

Author

Putri, Vania Rizqita and Bangkalang, Dwi Hosanna

Subjects

Risk Management, ISO 31000, Information Technology

Abstract

PT. XYZ is one of the branch offices of banking subsidiaries in Indonesia that focuses on providing leasing facilities, investment and working capital. As a company, PT. XYZ is inseparable in the use of information technology which gives rise to various possible risks that exist. Therefore, it is necessary to have an analysis of information technology risk management in PT. XYZ. Through this research, it is hoped that it can help PT. XYZ in identifying possible risks that occur to the company, as well as actions that must be taken in the face of such risks. The framework used in this study is the ISO 31000 framework. Based on the results of this study, 13 possible risks that have low risk levels (R01, R02, R03, R04, R05, R07, R08, R12, R13, R15, R16, R20 and R21 ), 6 possible risks that have medium risk levels (R06, R09, R10, R11, R14and R18), as well as 2 possible risks that have high risk levels (R17 and R19). In addition, a risk treatment proposal was produced that can be used as a reference by PT. XYZ to minimize losses caused by these risks.

Published

2022

99. Integración de la gestión del riesgo para el cumplimiento de altos estándares de calidad en el sector salud en Colombia

Author

Gloria Milena Vanegas Rodríguez

Subjects

gestión del riesgo, integración de sistemas de gestión, ISO 31000, Sistema Obligatorio de Garantía de la Calidad en Salud, Business, HF5001-6182

Abstract

Las Instituciones Prestadoras de Servicios de Salud (IPS) en Colombia están reglamentadas por el Sistema Obligatorio de Garantía de la Calidad (SOGC). El componente de Acreditación en Salud de este sistema contempla que se adelanten acciones para gestionar los riesgos asistenciales de las IPS, pero también que se integre el manejo de los riesgos derivados de los procesos administrativos; para gestionar estos últimos, las empresas del sector público deben cumplir con lo establecido por el Modelo Estándar de Control Interno (MECI) y la Norma Técnica de Calidad de la Gestión Pública (NTCGP 1000), con el fin que las Instituciones mejoren continuamente su desempeño y realicen un control razonable de su gestión. Esta investigación propone una herramienta de gestión o matriz de control, que a través del enfoque de un sistema de gestión del riesgo, contribuye a: identificar y valorar los riesgos (positivos y negativos), establecer un plan de acción por áreas de la organización, controlar el seguimiento y evaluación de las acciones encaminadas a cumplir altos estándares de calidad, lo cual propicia la optimización de recursos en la IPS, identifica riesgos antes invisibles y facilita la implementación de los diferentes estándares. La recolección de la información para poner a prueba la hipótesis de investigación se realizó mediante encuestas, análisis de documentación y revisión de referencias bibliográficas relacionadas con el sistema obligatorio de garantía de la calidad en salud y la gestión del riesgo según se establece en la norma técnica ISO 31000:2009.

Published

2014

100. Definición y clasificación de los eventos adversos en ortodoncia, desde la perspectiva de la norma técnica Gestión del riesgo ISO 31000

Author

Martha Patricia Castañeda Villamizar and Aitza Vivian Castañeda Solano

Subjects

evento adverso, gestión del riesgo, ISO 31000, ortodoncia, seguridad del paciente, Business, HF5001-6182

Abstract

La seguridad del paciente ha cobrado gran importancia durante los últimos años, en razón a que los daños causados durante la prestación de servicios asistenciales impactan la calidad de vida de las personas y generan sobrecostos en los sistemas de salud. Estos daños pueden ser prevenidos dependiendo de la importancia que las instituciones y sus profesionales den a la gestión del riesgo. El reporte de los eventos adversos en áreas ambulatorias como la odontología debe cobrar mayor importancia, ya que el gran número de pacientes y la extensa duración de los tratamientos exponen a los pacientes a la materialización de un riesgo, representado en un evento adverso. El presente estudio determina los eventos adversos en ortodoncia desde la perspectiva de la norma técnica ISO 31000 (ICONTEC, 2011) y proporciona un listado que facilita su identificación y sirve para estimular el reporte y promover la gestión del riesgo durante el ratamiento de ortodoncia. Se utilizó la técnica de grupos focales, con 4 grupos de expertos. La información fue codificada cualitativamente, con saturación de categorías y reducción de ítems. La clasificación de los riesgos se realizó según la International Classification for Patient Safety 1.0 de la Alianza mundial para la seguridad del paciente de la OMS, adaptada a Colombia. Se evidenció el desconocimiento de los conceptos de riesgo y evento adverso entre los profesionales de ortodoncia, así como de un sistema de gestión. Se consolidó un listado preliminar de 154 eventos adversos que se clasificaron en 24 categorías.

Published

2014