Quality Control and Assurance

...

1.1.3 ISO 31000

Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty.

ISO 31000:2009, Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment. However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programmes. Organizations using it can compare their risk management practices with an internationally recognised benchmark, providing sound principles for effective management and corporate governance.

The 11 Principles of risk management

- Creates and protects value

Good risk management contributes to the achievement of an organisation’s objectives through the continuous review of its processes and systems.

- Be an integral part of organisational processes

Risk management needs to be integrated with an organisation’s governance framework and become a part of its planning processes, at both the operational and strategic level.

- Be part of decision making

The process of risk management assists decision makers to make informed choices, identify priorities and select the most appropriate action.

- Explicitly address uncertainty

By identifying potential risks, organisations can implement controls and treatments to maximise the chance of gain while minimising the chance of loss.

- Be systematic, structured and timely

The process of risk management should be consistent across an organisation to ensure efficiency, consistency and the reliability of results.

- Based on the best available information

To effectively manage risk it is important to understand and consider all available information relevant to an activity and to be aware that there may be limitations on that information. It is then important to understand how all this information informs the risk management process.

- Be tailored

An organisation’s risk management framework needs to include its risk profile, as well as take into consideration its internal and external operating environment.

- Take into account human and cultural factors

Risk management needs to recognise the contribution that people and culture have on achieving an organisation’s objectives.

- Be transparent and inclusive

Engaging stakeholders, both internal and external, throughout the risk management process recognises that communication and consultation is key to identifying, analysing and monitoring risk.

- Be dynamic, iterative and responsive to change

The process of managing risk needs to be flexible. The challenging environment we operate in requires organisations to consider the context for managing risk as well as continuing to identify new risks that emerge, and make allowances for those risks that no longer exist.

- Facilitate the continual improvement of organisations

Organisations with a mature risk management culture are those that have invested resources over time and are able to demonstrate the continual achievement of their objectives.

[pic 1]

[pic 2][pic 3][pic 4]

[pic 5]

Figure: Risk Management Framework

---------------------------------------------------------------

1.1.4 PRINCE 2

PRINCE stands for “PRojects IN Controlled Environments”. It is a methodology covering organisation management and control of projects. PRINCE2 is recognised by thousands of organisation across the globe as best practice for project management. It is a project management method that can be applied to different types of projects and projects of different sizes.

PRINCE2 overview:[pic 6]

[pic 7][pic 8][pic 9][pic 10][pic 11][pic 12]

[pic 13]

[pic 14][pic 15][pic 16][pic 17][pic 18][pic 19][pic 20]

[pic 21][pic 22][pic 23][pic 24][pic 25][pic 26][pic 27]

[pic 28][pic 29][pic 30]

[pic 31][pic 32][pic 33][pic 34]

[pic 35]

[pic 36]

Figure: PRINCE2 overview

Processes of PRINCE2: There are seven processes of PRINCE2 that describe responsibilities. In simple words- these process tell who will do what and when.

Seven processes of PRINCE2 are:

- Starting up a project

- Initialisation of a project

- Direction of a project

- Controlling a stage

- Management of product delivery

- Management of stage boundaries

- Closures of a project

Themes of PRINCE2: There are seven themes of PRINCE2 that define those areas of project management needed to be addressed continuously till the closure of the project.

Following are the 7 themes defined in PRINCE2:

- Business case: Before starting any project, it is essential to know that if the project