Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 1 of 30
Change Log Form
GENERAL INFORMATION
Course Developer Manager** Donika Mucolli
Department* Training Department
Date* 2017-10-31
Course details*
Course name: Language: Current Version: Previous Version:
ISO 31000 Risk Manager English 4.7 4.6.1
Day 1:
Slide Number
Slide Description:
Modifications: Comments Current version
Previous version
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 2 of 30
No. 1 No. 1 First slide
The sections for the Day 1 have changed
From:
Section 1: Course objective and structure
Section 2: Concept and definitions related to risk management
Section 3: Risk management standards, frameworks and methodologies
Section 4: Implementation of a risk management framework
Section 5: Understanding the organization and its context
To:
Section 01: Course objectives and structure
Section 02: Standards and regulatory frameworks
Section 03: Introduction to ISO 31000 concepts and principles
Section 04: Risk management framework
Section 05: Initiating the risk management process implementation
The course version has been updated from 4.6.1 to 4.7
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 3 of 30
No. 2 No. 18 Schedule of the Training
The slide containing the schedule of the training has been repositioned from slide 18 in the old version, to slide 2 in the new version.
The titles for each day of the training have been modified as in the following:
Day 1:
From: Introduction to ISO 31000 and initiation of risk management programme
To: Introduction to the principles and framework of ISO 31000
Day 2:
From: Risk identification and assessment, risk evaluation, treatment, acceptance, monitoring and communication
To: Risk management process based on ISO 31000
Day 3:
From: Risk assessment methodologies according to IEC/ISO 31010 and Exam
To: Risk Assessment techniques based on IEC/ISO 31010
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 4 of 30
No. 3 No. 3 Normative references used in this training
The following standard has been added to the list of
main standards cited:
• ISO/TR 31004:2013, Guidance for the
implementation of ISO 31000
The following have been removed from Other
standard references:
• ISO 14001:2015, Environmental
management systems – Requirements with
guidance for use
• OHSAS 18001:2007, Occupational Health
and Safety Management Systems –
Requirements
• ISO/IEC 20000-1:2011, Information
Technology — Service Management.
Information technology — Part 1: Service
management system requirements.
• ISO/IEC 20000-2:2012, Information
technology — Service management —
Part 2: Guidance on the application of
service management systems.
• ISO 22301:2012, Societal security —
Business continuity management systems
— Requirements.
• ISO 28000:2007, Specification for security
management systems for the supply chain.
Standards that haven’t been referenced in the training have been removed
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 5 of 30
No. 4 No. 4 List of acronyms and abbreviations used in this training
The following acronyms and abbreviations used in the training have been listed
AS/NZS: Australia Standard/New Zealand Standard
CMS: Content Management System
COSO: Committee of Sponsoring Organizations of the Treadway Commission
CPD: Continuing Professional Development
DMS: Document Management System
EDM: Electronic Document Management System
ERM: Enterprise Risk Management
IAS: International Accreditation Service
ISO: International Standards Organization
NIST: National Institute of Standards and Technology
PDCA: Plan-Do-Check-Act
PECB: Professional Evaluation and Certification Board
ROI: Return on Investment
ROSI: Return on Security Investment
RM: Risk Management
The acronyms and abbreviations that were not used in the are removed
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 6 of 30
No.8 No.8 Training Objectives
The training objectives of this course have been changed from:
• Understand the basic concepts of risk related to risk management
• Explain the goal, content and correlation between ISO 31000 and ISO 31010 and other standards and regulatory frameworks
• Explain the function of a risk management system according to ISO 31000 and its key processes
To:
• Understand the fundamental concepts and processes of Risk Management
• Acknowledge the correlation between ISO 31000, IEC/ISO 31010 and other standards and regulatory frameworks
• Comprehend the approaches, methods and techniques used to manage risk within an organization
• Learn how to interpret the principles and guidelines of ISO 31000
No. 9 No. 10 Educational Approach
Slide tittle has been changed from “Course Structure” to “Educational Approach”
Both the content in the slide and in the notes has been updated
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 7 of 30
No. 10 No. 11 Examination
The competency domains have been updated from:
1. Fundamental principles and concepts in
risk management
2. Management of a risk programme
3. Risk assessment
4. Risk treatment options
5. Risk communication, monitoring and
improvement
To:
1. Fundamental principles and concepts of
Risk Management
2. Risk Management framework and process
3. Risk assessment techniques based on
IEC/ISO 31010
The content in the notes has been updated as well.
No. 11 No. 12 Certified 31000 Risk Manager The content in the notes has been updated
No. 12 No. 13 Certificate The certificate sample and the notes have been
updated
No. 13&14
No. 14 What is PECB? The notes are split into two slides
No. 15 No. 15 Certification Bodies for Persons The notes have been updated
No. 16 No. 16 Why become a Certified Manager?
The following typo from the slide tittle has been
corrected
From:
Why becoming Certified Manager?
To:
Why become a Certified Manager
No. n/a No. 17 Customer Service This slide has been deleted
No. 17 No. 19 Questions? The section summary has been deleted
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 8 of 30
No. 18 No. 39 Standards and regulatory frameworks
In the old version of the training, this section was
section 3, in the new version it is repositioned as
section 2. The tittle of this sections has been
slightly modified from “Standard and Regulatory
Framework” to “Standards and regulatory
frameworks” and contains the following sub-
sections:
a. Standard and methodology
b. ISO 31000, ISO/TR 31004 and IEC/ISO
31010
c. History of the development of risk
management standards and best practices
d. NIST 800-30
e. AS/NZS 4360
f. COSO ERM Framework
g. COSO ERM and ISO 31000
No. 21 No. n/a ISO/TR: Guidance for the Implementation of ISO 31000
This slide containing a brief summary of ISO/TR
31004 has been added
No. 22 No. 44 IEC/ISO 31010: Risk Assessment Techniques
This slide has been repositioned from slide 44 in
the old version to the slide 22 in the new version of
the course.
The scope of the standard has been added in the
notes
No. 23 No. 47
History of the Development of Risk Management Standards and Best Practices
The tittle of the slide has been changed to “History
of the Development of Risk Management Standards
and Best Practices”
The following text has been added in the notes:
“Note: The subsequent slides will further explain
the following standards, guidelines and frameworks:
• NIST 800-20;
• AS/NZS 4360; and
• COSO ERM.”
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 9 of 30
No. 24 No. 48&49
NIST 800-30
The tittle of the slide has been modified from “NIST
800-30:2002” to “NIST 800-30”
Slide 48&49 are merged and re-designed.
The following content has been added in the notes:
“NIST 800-30 has been developed by NIST
(National Institute of Science and Technology) and
was published in July 2002. “
No. 26 No. 51 NIST 800-30 Slide has been re-designed
No. 27 No. 52 AS/NZS 4360 Slide has been re-designed
No. 28 No. 53 AS/NZS 4360 Slide has been re-designed
No. 29 No. 54&55
AS/NZS 4360 Slide 54 and 55 of the old version of the training
has been merged into slide 29 in the new version.
No. 30 No. 56 COSO ERM
Slide has been re-designed.
The following content has been added in the notes:
“The Committee of Sponsoring Organizations
(COSO) is a voluntary private-sector organization
that provides guidance to executive management
and governance entities towards the establishment
of more effective, efficient, and ethical business
operations on a global basis.
The Committee of Sponsoring Organizations
(COSO) ongoing mission is to: provide thought
leadership through the development of
comprehensive frameworks and guidance on
enterprise risk management, internal control and
fraud deterrence designed to improve
organizational performance and governance, and to
reduce the extent of fraud in organizations.
Source: www.coso.org”
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 10 of 30
No. 31 No. 57 COSO ERM Framework The source of the content has been added
No. 32 No. 58 COSO ERM Framework
The colors in the figure in slide have been modified.
The following content is added in the notes:
1. Internal environment: Provides the
attitude of the organization regarding the
determination of risk appetite, risk
management approach and ethical values
2. Objective setting: The organization’s
board determines the objectives, which are
aligned with the organization’s risk appetite,
in order to approve the organization’s
mission
3. Event identification: The organization
should recognize internal and external
events that influence the performance of
the organization’s objectives
4. Risk Assessment: The possibility and
impact of risks are evaluated as a basis for
deciding how to manage them
5. Risk Response: Essential actions are
taken by management to regulate risks
with risk tolerance and risk appetite
6. Control activities: To establish that risk
responses are effective policies and
procedures
7. Information and Communication:
Information systems have to make sure
that data is identified, communicated and
secure in a way that allows managers and
employees carry out their responsibilities
8. Monitoring: The management system has
to be monitored and modified
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 11 of 30
No. 33 No. 59 COSO ERM Framework
The following content has been added in the slide:
“Why COSO ERM?
COSO ERM objectives can be viewed in the
context of four categories:
Strategic
Operations
Reporting Compliance”
No. 34 No. n/a COSO ERM Framework and ISO 31000
This slide has been added
No. 35 No. 60 Comparison Between ISO 31000 and COSO ERM
A table containing a more detailed comparison of
ISO 31000 and COSO ERM has been added.
The notes contain new content as well.
No. 37 No. 20 Introduction to ISO 31000 concepts and principles
In the old version of the training this section was
named “Concepts and Definitions of Risk” and was
positioned as the second section. In the new
version the name of the section has been modified
to “Introduction to ISO 31000 concepts and
principles” and has been repositioned as the third
section of Day 1.
This section contains the following sub-sections:
a. Underlying concepts and principles
b. Risk management principles and their
application
c. Advantages of risk management
d. Risk types
No. 38 No. n/a Underlying Concepts and Principles
This slide has been added
No. n/a No. 22 Concepts of Risk This slide has been deleted
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 12 of 30
No. 39 No. 23 Risk
The first paragraph in the notes has been slightly
modified to:
“The concept of risk is associated with different
considerations like: Probability of a harmful event
and eventuality that a threat exists which is more or
less predictable and which may affect the
objectives of an organization (the event is
evaluated as negative, the threat, its likelihood of
occurrence and/ or impact).”
No. n/a No. 24 Common Definition of the word Risk
This slide has been deleted
No. n/a No. 25 Risk and Threats This slide has been deleted
No. n/a No. 26 Scientific Definition of Risk This slide has been deleted
No. n/a No. 27 The Calculation of Risk This slide has been deleted
No. n/a No. 28 Risk and Statistics This slide has been deleted
No. n/a No. 29 Opportunities of Risk This slide has been deleted
No. 40 No. 30 Risk Management Strategy
The following sentence has been deleted from the
notes:
“With a weak risk management, an organization is
undergoing the risks. However, an effective risk
management allows foreseeing the risks and taking
the risks related to opportunities. “
No. n/a No. 31 The Perception of Risk This slide has been deleted
No. n/a No. 32 Definition of Risk This slide has been deleted
No. 41 No. n/a Uncertainty This slide has been added
No. 42 No. n/a Risk Treatment and Control This slide has been added
No. 43 No. n/a Risk Management Framework This slide has been added
No. 44 No. n/a Risk Criteria This slide has been added
No. 45 No. n/a Management, Risk Management and Managing Risk
This slide has been added
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 13 of 30
No.46 No. n/a Risk Management Principles and Their Application
This slide has been added
No.47 to 59
No. 33, 34 & 35
Risk Management Principles
The old version of this training slides 33, 34 and 35
contained only briefly mentioned principles of risk
management.
In the new version, from slide 47 to slide 59, each
principle has been properly elaborated, a “How to
apply?” paragraph is added both in the slide and in
the notes.
No. 60 No. 36 Advantages of Risk Management Advantages of risk management from ISO 31000
introduction have been added.
No. 62 to 77
No. n/a Risk Types Risk Types, from Slide 62 to 77 have been added
to the training The old version of the training does not contain such slides
No. n/a No. 61 ISO 27005 This slide has been deleted
No. n/a No.67 to 72
The History of Risk These slides have been deleted
No. 79 No. 74 Risk management framework
The name of the section has been modified from
“Implementing a Risk Management Framework” to
“Risk management framework”
This section contains the following sub-sections
a. ISO 31000 recommendations
b. Risk management framework
c. Obtaining a mandate and commitment of
management
d. Design of a framework for managing risk
e. Implementing risk management
f. Risk Management Process According to
ISO 31000
g. Relationship Between the Rm Principles,
Framework and Process
h. Monitoring and review of the framework
i. Continual improvement of the framework
No. 80 No. n/a ISO 31000 Recommendations This slide has been added
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 14 of 30
No. 81 No. n/a Risk Management Framework This slide has been added
No.82 No. 77 Obtaining a Mandate and Commitment of Management
This slide has been removed as an activity in the
risk management process
Content from ISO/TR 31004, C.1 General and
ISO/TR 31004, C.2 Methods for expressing
mandate and commitment has been added in the
notes
No.83 No. n/a **Slide notes extension** An example has been added
No. 84 No. n/a Design of a Framework for Managing Risk
This slide has been added
No. 85 No. n/a Implementing Risk Management This slide has been added
No. 86 No. 62 Risk Management Process According to ISO 31000
This slide has been repositioned from slide 62 in
the old version of this training, to slide 86 in the new
version
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 15 of 30
No. 87 No. 42 Relationship Between the RM Principles, Framework and Process
This slide has been repositioned from slide 42 in
the old version of this training, to slide 87 in the new
version.
The name of the slide has been changed from
“Structure of ISO 31000” to “Relationship Between
the RM Principles, Framework and Process”
The following content in the notes has been added:
“ISO 31000 standard provides principles, a risk
management framework and a risk management
process. For the risk management to be effective
an organization should comply with the 11
principles provided by ISO 31000 at all levels.
Besides complying with the 11 principles of risk
management, organizations should implement a
management framework as well.
The success of the risk management will depend
on the effectiveness of the management framework
providing the foundations and arrangements that
will embed it throughout the organization (at all
levels). The management framework assists in
effectively managing risk through the application of
the risk management process at varying levels and
within the specific context of the organization. “
No. 88 No. n/a Monitoring and Review of the Framework
This slide has been added
No. 89 No. 66 Continual Improvement of the Framework
This slide has been repositioned from slide 66 in
the old version of the training, to slide 89 in the new
version.
The name of the slide has been modified from “Risk
Management: a Continuous Process” to “Continual
Improvement of the Framework”
Clause 4.6 Continual improvement of the
framework from ISO 31000 has been added in the
notes
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 16 of 30
No. 92 No.94 Initiating the risk management process implementation
Section 5 in the new version of the course has been
renamed to “Initiating the Risk management
process implementation” and contains the following
sub-sections
a. Understanding the organization and its
context
b. Establishing risk management policy
c. Accountability
d. Integration into organizational processes
e. Resources
f. Establishing internal communication and
reporting mechanisms
g. Establishing external communication and
reporting mechanisms
h. Choosing the RM process to implement
No.93 No.95 PECB Risk Management Process
The “PECB Risk Management Framework” has
been modified to “PECB Risk Management
Process”
The steps and design of the PECB Risk
Management Process has been modified
In the notes, clause 4.4.2 Implementing the risk
management process from ISO 31000 has been
added
No. n/a No. 96 **Slide Notes Extension** This slide has been deleted
No. 94 No. n/a Understanding the Organization and its Context
This slide has been added
No. 95 No. 83 Establishing Risk Management Policy
This slide has been renamed from “1.5.
Establishing a Risk Management Policy” to
“Establishing a Risk Management Policy” and
repositioned from slide 83 to slide 95
No. 96 No. 82 Accountability
This slide has been renamed from “1.4 Ensuring
Accountability” to “Accountability” and has been
repositioned from slide 82 to slide 96.
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 17 of 30
No. 97 No. 79 Defining Roles and Responsibilities
The slide has been renamed from “1.3 Defining
Responsibilities of Principal Stakeholders” to
“Defining Roles and Responsibilities” and has been
repositioned from slide 79 to slide 97
No. 98 No.78 Appointing a Risk Manager Responsible
The slide has been renamed from “1.2 Appointing a
Risk Management Responsible” to “Appointing a
Risk Manager Responsible” and has been
repositioned from slide 78 to slide 98.
Both the content in the notes and the slide has
been modified
No. 99 No. n/a Skills and Knowledge Required for a Risk Manager
Slide has been added
No. 100 No. n/a Work Styles for a Risk Manager Slide has been added
No. 101 No. n/a Common Mistakes of Risk Managers
Slide has been added
No. 102 No. 84 Integration into Organizational Processes
Slide has been renamed from “1.6. Development
and Implementation of a Risk Management Process
Embedded into Organizational Processes” to
“Integration into Organizational Processes” and has
been repositioned from slide 84 to slide 102
Slide has been redesigned
No. 103 No. 91 Resources
Slide has been renamed from “1.10. Provision of
Resources” to “Resources” and has been
repositioned from slide 91 in the old version of the
training to slide 103
No. 104 No. n/a Establishing Internal Communication and Reporting Mechanisms
Slide has been added
No. 105 No. n/a Establishing External Communication and Reporting Mechanisms
Slide has been added
No. 106 No. n/a Choosing the Risk Management Process to Implement
Slide has been added
No. 107 No. 85 Selecting a Risk Analysis Approach Slide has been repositioned from No.85 to No. 107
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 18 of 30
No. 108 No. 86 Qualitative Risk Assessment
Slide 86 in the old version of the training has been
split into separate slides for Qualitative Risk
Assessment.
New content has been added both in the slide and
the notes
No. 109 No. 86 Quantitative Risk Assessment
Slide 86 in the old version of the training has been
split into separate slide for Quantitative Risk
Assessment.
New content has been added both in the slide and
the notes
Recap of the changes in Day 1
Examination domains have been updated. New ISO 31000 RM version now contains 3 examination domains
Training objectives have been updated based on course content
Information form ISO/TR 31004: Guidance for the Implementation of ISO 31000 has been added
Comparison between COSO ERM Framework and ISO 31000 standard has been updated
Risk management concepts have been updated
Risk management advantages have been added
The following risk types have been added:
o Operational risk
o Financial risk – financial risk types
o Credit risk
o Information technology risk
o Integration risk
o Security risk
o Legal risk
o Compliance risk
o Work related risks
The 11 Risk management principles are elaborated and contain information on how these principles can be applied.
A section containing information related to risk management framework as specified by ISO 31000 standard is integrated on the training material
PECB Risk Management framework has been updated to PECB Risk Management Process
List of activities are involved in each phase of the risk management process
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 19 of 30
Day 2:
Slide Number
Slide Description:
Modifications: Comments Current version
Previous version
No.1 No.1 First slide
The schedule for Day 2 of the training has been updated as in the following: Section 06: Context establishment Section 07: Risk identification Section 08: Risk analysis Section 09: Risk evaluation Section 10: Risk treatment Section 11: Risk acceptance Section 12: Risk communication and consultation Section 13: Risk monitoring and review The version number has been updated from 4.6.1 to 4.7
No. 2 No. 94 Day 1
Section 6/ Context Establishment This section has been repositioned from Day 1 of this course to the Day 2
No. 3 No. 95 Day 1
1. Context Establishment Risk management process updated Added the main objectives of the step & clause 5.3.1 from ISO 31000
No. 4 No. 96 Day 1
**Slide Notes Extension** Repositioned slide from Day 1 No. 96, to Day 2 No. 4
No. 5 No. 97
Day 1 1. Context Establishment
List of activities updated accordingly. Inputs, activities and outputs added in the notes.
No. 6 No.98
Day 1
1.1. Mission, Objectives, Values and Strategies of the Organization
Slide numbering has changed from “2.1.” to “1.1.” “Clause 4.2 Mandate and commitment from ISO 31000” added in the notes
No. 7 No. 99
Day 1 1.2. Establishing the External
Context Slide numbering has changed from “2.2.” to “1.2.” The notes have been updated accordingly
No. 9 No. 101
Day 1 1.3. Establishing the Internal
Context Slide numbering has changed from “2.3.” to “1.3.” The notes have been updated accordingly
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 20 of 30
No. 11 No.103 Day 1
1.4. Identification and Analysis of Stakeholders
Slide numbering has changed from “2.4.” to “1.4.” The slide is slightly modified in its design The notes are updated accordingly
No. 12 No.104 Day 1
1.5. Identification and Analysis of Requirements Related to Risk Management
Slide numbering has changed from “2.5.” to “1.5.”
No. 13 No. 105 Day 1
1.6. Determine Objective
Slide numbering has changed from “2.6.” to “1.6.” The slide tittle has been modified from “Determination of the Objectives” to “Determine Objectives”
No. 14 No. 106 Day 1
1.7. Determine Risk Criteria
Slide numbering has changed from “2.7.” to “1.7.” The slide tittle has been modified from “Determination of the Basic Criteria” to “Determine Risk Criteria”
No. 15 No. 107 Day 1
Defining Risk Criteria Slide has been updated Clause 5.3.5 Defining risk criteria from ISO 31000 has been added in the notes.
No. 16 No. 110
Day 1 1.8. Defining the Scope and
Boundaries Slide numbering has changed from “2.8.” to “1.8.”
No. 17 No. 111
Day 1 Constraints Affecting the Scope
Slide has been updated and redesigned accordingly
No. 18 No. n/a Exercise 4 Exercise has been updated
No. 20
No. 2
Day 2 (from here after)
Section 7/ Risk identification
The sub-sections have been updated as in the following:
a. ISO 31000 recommendations b. Identification of assets c. Identification of risk sources d. Identification of risk events e. Identification of existing measures f. Identification of consequences
Clause 5.4.2 Risk identification from ISO 31000 has been deleted from the notes
No. 21 No. 3 2. Risk Identification Risk management process
No. 22 No. n/a ISO 31000 Recommendations Notes from slide 2 of the old version have been added as information in the slide and notes.
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 21 of 30
No. 23 No. n/a 2. Risk Identification List of activities added, with inputs, activities and outputs in the notes.
No. 24 No. n/a 2.1. Identification of Assets Slide added
No. 25 No. n/a Asset Slide added
No. 26 No. n/a Identification of Supporting Assets Slide added
No. 27 No. 10 2.2. Identification of Risk
Sources
Slide numbering has changed from “3.1” to “2.2” Content in the slide has been updated Clause 5.4.2 Risk identification from ISO 31000 has been added in the notes
No. 28 No. 12 Identify Sources of Risk Content in the slide has been modified. Slide redesigned
No. 29 No. 21 2.3. Identification of Risk
Events Content in the slide has been updated
No. 30 No. n/a Identification of Risk Events based on COSO ERM
Slide added
No. 31 No. n/a 2.4. Identification of Existing
Measures Slide added
No. 32 No. 17 Identification of the Level of Maturity
This slide has been repositioned from slide 17 in the old version of the training, to slide 32 in the current version.
No. 33 No. 18 2.5. Identification of
Consequences The content in the slide has been updated
No. 34 No. 19 Identification of Consequence The content in the slide has been updated
No. 37 No. 24 Section 8/ Risk Analysis
In the old version, Risk analysis and Risk evaluation were in the same section, in the current version, they are split into two sections Sub-sections have been updated as in the following:
a. ISO 31000 and ISO 31010 recommendations
b. Assessment of consequences c. Assessment of incident likelihood d. Level of risk determination
No.38 No. 25 3. Risk Analysis Risk management process updated accordingly
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 22 of 30
No. 39 No. n/a ISO 31000 Recommendations Slide added
No. 40 No. 27 Risk Analysis Design updated Notes updated
No. 41 No. n/a 3. Risk Analysis List of activities added, together with inputs, activities and outputs in the notes
No. 42 No. 28 3.1. Assessment of
Consequences
Slide updated Clause 5.3.5 Consequence analysis from IEC/ISO 31010 added in the notes
No. 43 No. 29 Consequence Analysis
The name of the slide changed from “4.1. Assessment of Consequences” to “Consequence Analysis” Content in the slide updated Clause 5.4.3 Risk analysis from ISO 31000 added in the notes
No. 44 No. 31 3.2. Assessment of Incident
Likelihood
Numbering of the slide changed from “4.2.” to “3.2.” Clause 5.3.4 Likelihood analysis and probability estimation from IEC/ISO 31010 added in the notes
No. 45 No. 32 Likelihood – Definition Slide & notes updated
No. 47 No. n/a 3.3. Level of Risk
Determination Slide added
No. 48 No. 34 Level of Risk – Definition Slide & notes updated
No. n/a No. 35 Example of a Risk Determination Matrix
Slide deleted
No. 49 No. n/a Exercise 5 Exercise added
No. 51 No. n/a Section 9/ Risk evaluation
In the old version, Risk analysis and Risk evaluation were in the same section, in the current version, they are split into two sections The sub-sections of Risk evaluation are as in the following:
a. ISO 31000 recommendations b. Evaluation of Levels of Risk based on Risk
Evaluation Criteria c. Prioritization of risk
No.52 No. n/a 4. Risk Evaluation Risk management process added
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 23 of 30
No. 53 No. n/a ISO 31000 Recommendations Slide added
No. 54 No. n/a 4. Risk evaluation Slide containing list of activities, together with notes with inputs, activities and outputs added
No.55 No. 37 4.1. Evaluation of Levels of
Risk based on Risk Evaluation Criteria
The slide name & numbering changed from “5.1. Risk Evaluation” to “4.1. Evaluation of Levels of Risk based on Risk Evaluation Criteria” Content in the slide & notes updated
No. 56 No.38 Risk Evaluation
Slide name changed from “Guidance on Risk Evaluation” to “Risk Evaluation” Slide redesigned Reference to IEC/ISO 31010, clause 5.4 given both in the slide and the notes
No. n/a No. 39 Example of a Risk Evaluation Slide deleted
No. 57 No. n/a Risk Evaluation Slide added
No. 58 No. 40 Prioritization of Risks Content in the slide updated Content added in the notes
No. 60 No. 42 Questions? Section summary deleted
No. 61 No. 44 Section 10/ Risk Treatment
Sub-section of Risk treatment have been updated as in the following:
a. ISO 31000 recommendations b. Risk treatment activities c. Risk treatment options d. Risk treatment plan e. Evaluation of residual risk
No. 62 No. n/a 5. Risk Treatment Risk management process added
No. 63 No. n/a ISO 31000 Recommendations Slide added
No. 65 No. n/a Risk Treatment Activities Slide added
No. 66 No. n/a **Slide Notes Extension** Slide added
No.67 No. n/a 5. Risk Treatment Slide containing list of activities added, together with inputs, activities and outputs in the note
No. 68 No. n/a 5.1. Risk Treatment Options Slide added
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 24 of 30
No. 69 No. 47 Risk Treatment Options Content in the slide has changed Notes are added
No. n/a No. 48-56 Slides deleted
No. 70 No. 57&58
5.2. Risk Treatment Plan Content in the slides 57&58 of the previous version of the training have been merged
No. 71 No. 64 5.3. Evaluation of Residual
Risk
No. 72 No. n/a Evaluation of Residual Risk Slide added
No. 73 No. n/a Exercise 6 Exercise added
No. 75 to 85
No. n/a Section 11/ Risk acceptance The whole section has been updated
No. 86 No. 68 Section 12/ Risk communication and consultation
The sub-sections for this section are as in the following:
a. ISO 31000 recommendations b. Communication and consultation c. Risk communication objectives d. Communication plan e. Establishing internal and external
communication and reporting mechanisms f. Records of decisions & communication
No. 87 No. 69 7. Risk Communication and Consultation
Risk management process updated
No. 88 No. n/a ISO 31000 Recommendations Slide added
No. 89 No. n/a Communication and consultation Slide added
No. 90 No. 70 7. Risk Communication and Consultation
List of activities updated Inputs, activities and outputs added in the notes.
No. 91 No. 72 7.1. Defining Risk Communication Objectives
Content in the slide has been modified New content is added in the notes
No. 92 No. 74 7.2. Establishing a Risk Communication Plan
Content in the slide & notes updated
No. 93 No. 74 (notes)
Continual Communications
The content if the slide is made of the notes from slide 74 of the previous version of the training, based on Annex A, A.3.4 Continual Communications, ISO 31000
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 25 of 30
No. 94 No.75 7.3. Establishing Internal Communication and Reporting Mechanisms
Content from Clause 4.3.6 Establishing internal communication and reporting mechanisms from ISO 31000 added in the notes
No. 95 No. n/a Internal Communication Slide added
No. 96 No. 76 Effective Communication with Stakeholders
Clause 4.3.2 Communication and consultation from IEC/ISO 31010 added in the notes
No. 97 No.77 7.4. Establishing External Communication and Reporting Mechanisms
Clause 4.3.7 Establishing external communication and reporting mechanisms from ISO 31000 added in the notes
No. 98 No. n/a External Communication Slide added
No. 99 No. 81 & 82
7.5. Recording of Decisions & Communications
Slide 81 & 82 in the old version have been merged into slide 99 of the new version of the course
No.101 No. 85 Section 13/ Risk monitoring and review
Sub-sections of section 13 are listed as in the following:
a. ISO 31000 recommendations b. Monitoring and review of the framework c. Monitoring and review of the process d. Set improvement objectives e. Risk management continual improvement f. Recording the risk
No. 102 No. 86 8. Risk Monitoring and Review Risk management process has been updated
No. 103 No. n/a ISO 31000 Recommendations Slide added
No. 104 No. 87 Risk Monitoring and Review
The title of the slide has been modified from “Risk Management Monitoring, Review and Improvement” to “Risk Monitoring and Review” New content added in the notes
No. 105-107
No. n/a Risk Monitoring and Review Slides added
No. 108 No. n/a 8. Risk Monitoring and Review List of activities, together with input, activities and outputs added
No. 109 to 113
No. n/a Slides added
No. 114 & 115
No. 90 8.3. Set Improvement
Objectives Design of the slide updated Notes modified
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 26 of 30
No. 116 No. 91 8.4 Risk Management Continual Improvement
Content in the slide & notes updated
No. 117 No. 92 & 93
8.5. Recording the risk Slides 92 & 93 in the old versions merged into slide 117 in the new version
No. 118 No. n/a Maintenance and Improvement of the RM Process
Slide added
No. 119 No. n/a Exercise 7 Exercise added
Recap of the changes in Day 2
Each section contains added information from ISO 31000 before the list of activities is presented
COSO ERM framework is integrated on the risk identification phase
Updated RM process phases including:
o Context establishment
o Risk identification
o Risk analysis
o Risk evaluation
o Risk treatment
o Risk acceptance
o Risk communication and consultation
o Risk monitoring and review
Risk treatment options have been updated
Principles of an effective communication with stakeholders are now integrated on the training material
New information regarding to risk monitoring and review is integrated on the training material. All the information is based on ISO 31000 annex
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 27 of 30
Day 3:
Slide Number
Slide Description:
Modifications: Comments Current Version
Previous version
No. 1 No. 1 First slide
Section 12: Risk management methodologies (part 1) & Section 13: Risk management methodologies (part 2) have been merged into one section in day 3:
Section 14: Risk assessment techniques based on IEC/ISO/ 31010
The sub-sections of this section are as in the following:
a. IEC/ISO 31010 risk assessment techniques
b. Brainstorming
c. Decision tree analysis
d. Bow tie analysis
e. Root cause analysis
f. Business impact analysis
g. Scenario analysis
h. FMEA and FMECA
i. Cause and effect analysis
j. Consequence/probability matrix
The following risk assessment techniques are no longer included in the current version of the training:
1. DELPHI Technique
2. HAZOP – Hazard & Operability Analysis
3. HACCP – Hazard Analysis Critical Control Point
4. FTA – Fault Tree Analysis
The version number of the training has been updated from “4.6.1” to “4.7”
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 28 of 30
No. 3 & 4 No. n/a IEC/ISO 31010 – Risk Assessment Techniques
Slides added
No. 5 No. 4 A. Brainstorming
Content in the slide has been redesigned
Annex B, B.1.1 Overview from IEC/ISO 31010 has been added in the notes
No. 6 No. 5 Brainstorming Annex B, B.1.2 Use from IEC/ISO 31010 has been added in the notes
No. 8 No. 7 Brainstorming
“General Rules to be Followed” has been replaced with “5-Whys used in brainstorming sessions”
New content has been added both in the slide and the notes
No. 9 No. n/a Brainstorming Slide added
No. 11-14
No. n/a B. Decision Tree Analysis Slides added
No. 15-18
No. n/a C. Bow Tie Analysis Slides added
No. 19- 22
No. n/a D. Root Cause Analysis Slides added
No. 23-27
No. n/a E. Business Impact Analysis Slides added
No. 28 No. n/a Exercise 8 Exercise added
No. 29-34
No. 35-40
F. Scenario Analysis Slides have been repositioned from No. 35 to 40 in the previous version to No. 29 to 34 in the new version
No. 35-42
No. 42-50
G. FMEA and FMECA
Slides have been repositioned from No. 42 to 50 in the previous version to No. 35-42 in the new version
There are changes in design in some slides
Slides 44 & 45 in the previous version are merged into one slide (slide 37) in the new version
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 29 of 30
No. 43-52
No. 59-68
H. Cause and Effect Analysis
Slides have been repositioned from 59 to 68 in the previous version to No 43-52 in the new version of the training
There are changes in design colors
No. 53-58
No. n/a I. Consequence/Probability
Matrix Slides added
No. 59 No. n/a Exercise 9 Exercise added
No. 61-74
No.71-84
Section 15/ Competence, evaluation and closing the training
The name of the section has been updated from “Applying for certification and closing the training” to “Competence, evaluation and closing the training”
The sub-sections are listed as in the following
a. PECB ISO 31000 certification scheme
b. PECB certification process
c. Applying for certification
d. Maintaining certification
e. Evaluation of the training
This section has been updated based on the most recent Training Development Guideline of PECB
Recap of the changes in Day 3
New risk assessment techniques based on ISO 31010 have been integrated in the training material, including: o Brainstorming
o Decision tree analysis
o Bow tie analysis
o Root cause analysis
o Business impact analysis
o Scenario analysis
o FMEA and FMECA
o Cause and effect analysis
o Consequence/ probability matrix
05050-FO5-Change Log Form Approver: Training Development Supervisor
Owner: Course Development Manager Version: 1.1
Classification: Internal | ACL: Training Development Page 30 of 30
Comments: ...……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………… ………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………… …………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………… ……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………