The coincidence in time of the business, of assuming the transition to the 2015 version of the ISO SG standards, with its explicit focus on risk, as well as the implementation of the SCI (R / 60/2011), has generated doubts and not a few contradictions in meeting the demands and expectations of the stakeholders involved.
transition-iso-sg-2015-cubaThe present work has the purpose of sharing some experiences extracted from the work practice in different companies, in the interest of contributing modestly to a better and effective risk management in the business environment.
- Methods and applied technologies
To carry out this work, the following were used as fundamental tools:
- INTERNAL CONTROL REGULATED BY R / 60/2011 ISO SG 2015 Standards
III. Development
OBJECTIVE
- Arguing the incidence of certain factors in the effectiveness of risk management in the business environment
TOPICS
- Most common problems in risk management in the business environment Basic concepts Parallel between NC-ISO SG: 2015 and R / 60/2011 on SCI Considerations and suggestions
- MOST COMMON PROBLEMS IN RISK MANAGEMENT IN THE BUSINESS AREA
- Parallel and differentiated risk management to satisfy the requirements of ISO 2015 and R / 60/2011 (NO INTEGRATION). Risks that affect business objectives are avoided. Inconsistency in the interrelation of the different elements that make up the business management system (PROCESSES, ACTIVITIES) and non-observance of traceability Confusion between the concepts of risk and the sources that originate it.
- BASIC CONCEPTS
Some basic elements and concepts necessary for the proper identification of Risks
In the identification, evaluation and prevention of Risks, it is important to analyze some meanings of risk (danger = risk factors = sources of risk), which can be confused in their meaning in the context of risk management.
Source of risk: Element that, alone or in combination with others, has the intrinsic potential to generate a risk
Risk is defined :
- The possibility or probability of damage. It expresses the ability to update (occurrence of the event in time) of a situation to generate damage. It depends on the probability of occurrence; as well as the importance of the damage that could occur.
From the analysis of the above definitions, some conclusions can be reached:
If someone calls something they can see or feel Risk, they are perceiving something else.
What can be obtained directly from the observation of situations is more related to RISK FACTORS, which has also been called DANGERS and which is nothing other than SOURCES OF RISK.
From the analysis of the above definitions, some conclusions can be reached:
Thus
DANGER ( sources of risk) : Factors that explain the existence of Risk, that is, technical, human, organizational, environmental factors, etc.
Wrong example
| EXERCISE | RISK |
| Preparation of topics for the Annual Training Plan | Proposal of topics that do not adjust to knowledge gaps and training needs |
Correct example
| EXERCISE | RISK |
| Determination of competencies and preparation of the training plan | Ineffective training |
- PARALLEL BETWEEN ISO SG: 2015 AND R / 60/2011 ON SCI
| ISO 2015 | R / 60/2011 |
| 6.1 Actions to address risks and opportunities
The organization must establish, implement and maintain the necessary processes to ensure that the organization is capable of achieving the expected results (BUSINESS OBJECTIVES AND PURPOSES) of its business management system, prevent or reduce undesired effects and achieve continuous improvement. The organization |
ARTICLE 3. Internal control is the process integrated into operations with a continuous improvement approach, extended to all activities inherent to management, carried out by management and other staff; It is implemented through an integrated system of rules and procedures, which contribute to anticipating and limiting internal and external risks, provides reasonable security for the achievement of the INSTITUTIONAL OBJECTIVES, and an adequate rendering of |
| You can ensure this by determining the risks and opportunities you need to address, and planning the actions to address them. | accounts.
|
| Common aspects: In both cases the risks affecting the Objectives are being addressed
Business |
| ISO 2015 | R / 60/2011 |
| 0 Introduction
0.1 General This International Standard uses the process approach, which incorporates the Plan-Do-Check-Act (PHVA) cycle and risk-based thinking. |
ARTICLE 7. The Internal Control System designed by the organs, agencies, organizations and other entities, has the following general characteristics:
to. Integral. It considers the totality of the processes, activities and operations with a systemic and participatory approach of all workers. b. Flexible. It responds to its own characteristics and conditions, allowing its adaptation, harmonization and periodic updating…. |
| Common aspects: In both cases there is a systemic and process approach and they are characterized by their comprehensiveness and flexibility |
| ISO 2015 | R / 60/2011 |
| 6.1 Actions to address risks and opportunities
The organization must establish, implement and maintain the necessary processes to ensure that the organization is capable of achieving the expected results. (OBJECTIVES AND PURPOSES BUSINESS) of your business management system….. |
ARTICLE 11….
a) Identification of risks and detection of change: in the identification of risks, all those that may affect the fulfillment of the objectives are typified. The identification of risks is nourished by the experience derived from events that have occurred, as well as those that may be foreseen in the future, and are determined for each process, activity and operation to be carried out. |
| Common aspects: In both cases ALL risks that may affect the |
Accomplishment of the goals
| ISO 2015 | R / 60/2011 |
| External factors
a) environmental conditions related to climate, air quality, water quality, land use, existing pollution, availability of resources….; b) the cultural, social, political, legal, regulatory, financial, technological, economic, natural and competitive external context; Internal factors c) the internal characteristics or conditions of the organization, such as its activities, products and services, strategic direction, culture and capabilities (that is, people, knowledge, processes, systems). |
ARTICLE 11.
Factors external include economic - financial, environmental, political, social and technological and internal include the organizational structure, composition of human resources, productive processes or services and technology, among others. |
| Common aspects: In both cases similar internal and external factors are taken into account |
| ISO 2015 | R / 60/2011 |
| 5.1 Leadership and commitment
Top management must ensure that the requirements of the management system (quality, environmental) are integrated into the organization's business processes. |
ARTICLE 18 (R / 60/2011).
The organs, agencies, organizations and other entities that have implemented management systems, integrate these into the Internal Control System |
| Common aspects: In both cases, INTEGRATION is advocated |
Some common elements of the 2015 ISO standards and R / 60/2011
- Focused on risk management that may affect the fulfillment of institutional objectives Process focus Systemic and participatory approach of all staff They share the currency of continuous improvement They identify the same external and internal factors that may be related to risks Flexibility Integrity (for all processes and activities) Integration (they advocate the integration of the different elements and systems that make up business management. Conclusions. CONSIDERATIONS AND SUGGESTIONS
Problem # 1. Parallel and differentiated risk management to satisfy the requirements of ISO 2015 and R / 60/2011 (NO INTEGRATION).
How it usually manifests itself: Double documentation in order to show the interested parties, taking the real management to the background. Risks are divided: those that will be shown to IC auditors and those that will be shown to SG auditors.
Consequences: It works more, but not better. Documentation is duplicated. Real and effective risk management becomes more complex. Reality is distorted and confused.
Suggestion: Integrate the 2015 ISO standards and R / 60/2011 into the risk management process, taking care to satisfy the particular requirements and requirements of each one.
Problem # 2. Risks that affect business objectives are avoided.
How it is usually manifested: Preponderance of risks linked to misappropriation and corruption, and another range of existing risks is omitted.
Consequences: Other risks with negative impact on the management of the company are no longer managed.
Tip: The risks associated with negative behaviors (corruption) deserve the most attention in business management, but the risks associated with other causes and events should not be ignored or treated with impairment.
Note: Managing the risks that may affect the achievement of business objectives (strategic and specific) presupposes first of all an adequate identification and elaboration of these objectives, which cover all the relevant edges of the key results areas aligned to the mission. and vision. It is obvious that any deficit or inconsistency in this regard will have a negative impact (presumably by omission) on the proper identification and management of risks.
Problem # 3. Inconsistency in the interrelation of the different elements that make up the business management system (PROCESSES, ACTIVITIES) and non-observance of traceability
How it is usually manifested: Processes and activities are usually invented when identifying RISKS, regardless of what the organization has identified (with a map of processes, activities, files, interrelationships, evaluations, etc. included) and which are supposed to be the foundation of your management system.
Consequences: An existing and proven structure is wasted and worse, distortions are introduced that in the end hinder effective business management and undermine its credibility.
Suggestion: Knowledge and willingness to apply the process approach to identify the risks associated with them and the activities that comprise it.
Problem # 4. Confusion between the concepts of risk and the sources that originate it.
How it usually manifests: Risks are identified that really are not.
Consequences: An inevitable consequence of this confusion to which we refer, is the one that derives in practice, in the identification of an overwhelming number of risks that in reality are not, typifying as such the sources that originate them.
Suggestion: Any procedure or manual for risk management should help ensure that this initial stage of the risk identification process is effective and ensures adequate traceability and that the sources of risk related to the different risks are duly registered.
Note: The concept of risk identification according to ISO Guide 73: 2015 and NC-ISO 31000: 2015 implies, in the first place, the identification of the sources of risk, which has also been called “danger” or “risk factors” but which are ultimately the causes that can lead to an unwanted event. In practice, these elements (tangible or intangible) are what people perceive through their senses, knowledge and experience and alert us to the possibility of an unwanted event manifesting and therefore recognizing the risk related to said Causes.
IDENTIFICATION AND INVENTORY OF RISKS Not necessarily to show the IC, but
ORGANIZATIONAL UNIT: UEB X essential for traceability and more effective risk management
PROCESS: Human Capital Management (1)
No No Activity / Area (2) Sources of Risk (4) Possible targets affected Result Area
(UO) (P) Risk (3) (5) Key (ARC) (6)
Determination of - Training is not determined and General Strategic Objective Capital Management competencies and training needs No.5: Update and implement Human / staff training, the Integrated Capital Training System is ineffective and
associated with the Human aspects in tune with the new environmental competition, and risks in the labor legal regulatory model
(1) - Process map, (2) - Process sheet (activities flow chart), (3) and (4) - They are determined after the team's internal and external context knowledge in sessions where it can be used the “brainstorming” tool, (5) -
Strategic planning and deployment of business and UEB objectives, (6) - Strategic planning.
IDENTIFICATION AND INVENTORY OF RISKS
ORGANIZATIONAL UNIT: UEB X
| Annex II R / 60/2011 |
PROCESS: Human Capital Management (1)
| Not. | Activity / Area | Risks | Possible negative manifestations
(consequences) |
Means to apply (Preventive actions) | Responsable | Performer | Compliance date |
| one | Determination of competencies and training | Ineffective education and training | Personnel with knowledge gaps, uncovered levels of competencies that will negatively affect the performance of the organization | Modify section 7.1 of Instruction xxx to expand the range of competencies to topics MA and RL | J RH | Tec RH | 8/30/16 |
| Carry out a new survey of training needs according to the changes introduced in Instruction xxx | J RH | Tec RH | 9/5/16 | ||||
| The proposal of training topics must be validated by the specialists of the subjects in question before their approval and delivery | J RH | Specialists | Before the approval of the
training topics |
Summary: In our opinion, for an effective risk management process, the following must be taken as fundamental premises:
- Determination and knowledge of the internal and external context of the organization.Knowledge and clarity by the staff of the concepts of risk and risk sourcesitself. Knowledge and willingness to apply the approach to processes to identify the risks associated with them and the activities that comprise it. Knowledge of the organizational structure and processes. Adequate strategic planning and knowledge by staff of its fundamental elements: key results areas, strategic directions, strategic objectives. Adequate deployment of the objectives in each organizational area and knowledge by the staff of the same. Avoid improvisation and use the data and real information available to ensure the consistency and traceability of the process.Integrate in the risk management process the ISO standards of 2015 and R / 60/2011 taking care to satisfy the requirements and particular requirements of each one of them. Formation of qualified work teams.
Finally we must take into account the following:
Resolution 60/2011 does not explain the issue of opportunities in the text of the document, so it does not appear to be a relevant element in the priorities of the interested party (Comptroller General), however it is important in business management and high priority in the ISO standards of management systems version 2015 that give it a specific and differentiated treatment
Example
IDENTIFICATION AND INVENTORY OF OPPORTUNITIES
ORGANIZATIONAL UNIT: UEB X
PROCESS: Electric Power Generation
| No (UO) | Not
(P) |
Activity / Area | Sources of
the Opportunity |
Opportunity | Possible targets affected | Area of
Outcome Key (ARC) |
| eleven | 9 | Waste management
liquids / system Treatment of Residuals (STR) |
Rehabilitation project and
STR modernization |
Reduction of
significance of the environmental aspect and minimization of impact associated (pollution of soil and marine waters) |
General strategic objective No. 6: Improve the performance of the
Integrated System Management of Company,… decreasing accidents, minimizing…. he adverse effect of significant environmental impacts…. (Associated with Guidelines No. 133, 135, 138, 216 and 218.) Specific goal No.1 Reduce the significance of Environmental aspects Significant by 5% in 2016 compared to 2015 |
Management
Generation/ Technological planning |
| Not. | Activity / Area | Opportunity | Possible manifestations
positive (consequently ias) |
Stockings to apply
(Enhancement actions) |
Responsable | Run nte | Completion date |
| 9 | Liquid waste management / If
Treatment of Residual (STR) |
Reduction of
significance of appearance environmental and minimization of impact associated (contamination of soil and marine waters |
- Benefits to the natural environment
- Compliance with legal requirements and satisfaction of parts requirements interested (regulatory bodies CITMA) - Avoid penalties legal - Best corporate image |
Process transfer of funds from
project to company account |
Managing Director | director
Economic |
Before 7/30/16 |
| Prepare and process the documentation
and permission of the project |
J
Investment is |
Tec Inv | Before 8/30/16 | ||||
| Carry out procedures for contracting a construction company | J
Investment is |
Tec Inv | 9/5/16 |
References
- INTERNAL CONTROL REGULATED BY R / 60/2011 ISO SG 2015 Standards
