iso31000 38th cut may 20...iso 31000 provides a single global reference for stakeholders in an...
TRANSCRIPT
1
Date! 21-22 May 2012
Location Paris, France
Contact!: Alex Dali
Email!: [email protected]
Website: www.G31000conference2012.org
FIRST INTERNATIONAL CONFERENCE ON ISO 31000WHY EVERY PROGRAM SHOULD BE BASED ON ISO 31000 RISK MANAGEMENT STANDARD?
Organiser: Global Institute for Risk
Management Standards - G31000
Media PartnersPartners
2
Dear Risk professionals,
Risk management today dictates that organisations should understand their major risks and put in place appropriate systems and processes to manage them effectively in order to achieve objectives. The theory is fine - but what foundation is your risk management program based on? We believe that all risk management programs should be based on ISO 31000, the only internationally-recognized risk management standard, adopted by most G20 countries as their national risk management standard.
Do you know the ISO 31000 Risk Management Standard?
Is your present risk management program aligned with the principles, framework and process outlined in ISO 31000? Are you sure that your consulting advisors are recommending a solution aligned with ISO 31000? Is your risk management program oriented to promote business performance or is it perceived as a bureaucratic compliance/reporting system?
This highly knowledge-based two-day conference will explore how ISO 31000 can be incorporated into your existing risk management practice, helping attendees to develop a practical tailored action plan for their own business or those of their clients. In line with this year’s forum theme and the current deep economic uncertainty, we will also explore how the ISO 31000 standard is changing the global risk management community and the latest developments in your sector.
We are proud to present a very exiting programme for this first international conference on the ISO 31000 Risk Management Standard. Offering the highest quality educational and networking experience available for risk professionals, the conference will bring together some of the most successful, resourceful and innovative risk professionals currently using ISO 31000. During the main and parallel sessions, receptions, lunches and the Gala dinner, you will have the opportunity to meet experts in ISO 31000, risk managers, CEOs, CFOs and others decision-makers.
We look forward welcoming you in Paris!
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Alex Dali President of G31000
3
DO YOU KNOW THE ISO 31000 RISK MANAGEMENT STANDARD?
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Is your present RM program aligned with the principles, the framework and the process outlined in ISO 31000? Are you sure that your consulting advisors are recommending a global RM solution
aligned with ISO 31000? Is your RM program oriented to promote business performance or is it
perceived as a bureaucratic compliance/reporting system?
This highly knowledge-based two-day conference explores how ISO 31000 can be incorporated
into your existing risk management practices. It will help attendees to develop a practical tailored
action plan for their own business or those of their clients.
Presenters will show how line managers, auditors and risk managers can use ISO 31000 as a
catalyst for developing sustainable risk management and can assist in embedding and improving risk
management effectiveness. Participants will learn how ISO 31000 can add value in building a solid
risk management framework and at each stage of the risk management process – from
establishing the context and risk identification to monitoring and reporting – without creating a
bureaucratic compliance/reporting system.
4
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
KEY CONFERENCE TOPICS
1- Understand why the management of risk or ERM should be based on ISO 31000
2- Know how and why ISO 31000 is the global reference for risk management standards
3- See the results from the first global survey on ISO 31000 giving you an insight into how ISO 31000 is currently perceived by different sectors, different countries and the whole riskmanagement community
4- Learn how ISO 31000 can add value in building a solid risk management framework and at each stage of the risk management process
5- Embed ISO 31000 into your organisation’s day-to-day decision making process
6-Understand how to use practical tools and techniques used in different sectors to facilitate managers’ decision-making processes
Participants will have access to all presentations & documents released during the conference.
5
CONTENT OF THE SESSIONS
The keynote speakers will share their views and experiences about ISO 31000, the only international risk management standard, the ISO Strategic plan, the history of risk management standards and the current development of the new ISO 31004 guidance.
The plenary sessions will give you a flavour of risk management thought from around the world, focusing on both why and how to implement ISO 31000, and showcasing the launch of the new Global Institute for Risk Management Standards (G31000).
In the parallel sessions, we bring experts from around the globe in areas such finance/banking, compliance, internal audit, business continuity, security, education, software, standardization and learn how they use the ISO 31000 risk management standard, including how to move from previous approaches such as COSO ERM.
Whether you have been charged with establishing a risk management framework for your organisation, want to increase the effectiveness of the existing ERM program or wish to benchmark against the emerging best practices in risk management, this is the conference for you.
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
6
Directors, executive managers and line managers across all organisations, public and private, large and small. It is a must for any Director or manager who wants to manage risk as part of effective corporate governance.
Auditors, risk managers, Chief Risk Officers, Governance & compliance practitioners who provide advice on the management of risk either in house or as consultants.
Those who implement risk management or ERM in their organisations or government bodies in the following areas:
WHO SHOULD ATTEND?
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
• Enterprise Risk Management/ERM• Risk Management/Risk/CRO• Internal Audit• Corporate Compliance• Controller• Internal Controls & Compliance• IT Audit• Treasury• Strategic Planning• Security• Business Continuity• Software• Public sector • Regulatory authorities• Risk management education & training
7
BENEFITS OF ISO 31000
ISO 31000 provides a single global reference for stakeholders in an organisation which has a
risk management program
ISO 31000 provides a independent document for any financial or non-financial organisations
ISO 31000 is the only internationally recognized ISO standard in risk management
ISO 31000 is based on extensive experience of existing risk management standards such as
AS/NZS4360 (first published in 1995)
ISO 31000 can apply to any activity or domain in any organisation, any size – public or
private
ISO 31000 provides an “umbrella” for many recognised standards and guidelines that refer to
risk management
ISO 31000 promotes business performance and is not a bureaucratic compliance/reporting
system
ISO 31000 is robust and simple to apply
ISO 31000 adoption provides a great opportunity for organisations to review their existing
risk management practices
ISO 31000 text is concise (24 pages) and clearly written
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Main advantages for an organisation to adopt the ISO 31000 Risk Management Standard:
Additional advantages to be gained from using the ISO31000 risk management framework:
designed as an enterprise wide approach, with defined roles and responsibilities objectives based, dynamic and responsive to change
easily aligned with performance management and the development of Balanced Score Cards
designed to be embedded in decision making, not used as a stand-alone process
promotes intelligent thinking as opposed to checking boxes
assists with gaining and sustaining buy-in by upper management simple and easy to understand for greater acceptance throughout the organization
enables whistleblowing without leading to pointing fingers
provides a single reference for all stakeholders in the risk management program
provides a standard terminology of risk terms
Across the world risk managers involved in the implementation of ISO 31000 come together as a community to share ideas for evolving and advancing risk management in all organisations.
8
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCE PROGRAM
09h15 - 10h40Opening - Keynote and Special Speakers:Risk Management : Supporting policy-makers with a framework for actions20 years of Risk Management Standardisation - Past, Present and Future ISO 31000- The next step on the Journey
10h40- 11h00 Coffee break
11h00 - 13h00Parallel session 1A Moving from COSO ERM
Parallel session 1B Business Continuity
13h00 - 14h00 Lunch
14h00- 15h15Parallel session 2A Education
Parallel session 2B Human Factors
15h15 - 15h45 Coffee break
15h45 - 17h00 Plenary session: Why every RM programme should be based on ISO 31000
18h30 Gala Dinner
Monday
9
09h00 - 11h00 Plenary session: How to implement or adapt your RM programme using ISO 31000
11h00 - 11h30 Coffee break
11h30 - 13h00 Parallel session 3A Security & SafetyParallel session 3B Raising Awareness on ISO 31000
13h00 - 14h15 Lunch
14h15 - 15h45Parallel session 4A Finance & Banking
Parallel session 4B Training on ISO 31000 Standard
15h45 - 16h15 Coffee break
16h15 - 17h25 Plenary session: G31000 - the new Platform for ISO 31000
17h25 - 17h30 Closing
Tuesday
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCE PROGRAM
10
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Stephane Jacobzone | Counsellor, Public Governance and Territorial Development of
the OECD | France
Emerging risk - an agenda for actions
Risk management policy in the OECD perspective
The level risk forum
Quality regulation & risk - an OECD instrument
Risk Management : Supporting policy-makers with a framework for actions
9:15 - 9:25 INVITED SPEAKER
Day 1 Monday 21st May 2012
SESSIONSThe indicated program is subject to change due to required confirmation from the speakers.
Kevin W Knight | Chairman of the ISO Working Group that developed ISO 31000 |
Australia
The international first standard published on risk management
The successive revisions of the Australian/New-Zealand
Standard AS/NZS4360
The broad acceptance of AS/NZS4360 leading to ISO Guide 73 (vocabulary) and ISO 31000 (standard)
The challenges of the ISO 31004 guide for implementation
of ISO 31000
20 years of Risk Management Standardisation - Past, Present and Future
9:25 - 10:10 KEYNOTE SPEAKER
11
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
10:10 - 10:40 SPECIAL SPEAKER
Day 1 Monday 21st May 2012
SESSIONSThe indicated program is subject to change due to required confirmation from the speakers.
It’s all about results: using risk management outcomes to obtain and sustain top level buy in
Using standards to help build internal and external
coordination and consistency in risk management
Cultures, countries and implementation challenges in developing ISO 31004
The Canadian experience in ISO 31004: a snapshot
Jan Mattingly | Project leader for ISO 31004, ISO/PC 262 Risk Management committee |
Canada
ISO 31004 - The next step on the Journey
Monday 10:30 - 11:00 Networking & Refreshment Break
12
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
12 MAIN SUBJECTS
Business continuity Internal
audit
Finance & banking
Moving from COSO ERM
Education
Software
Security
Regulatory authorities
Human factors
Raising awareness
Training on ISO 31000 session A
Training on ISO 31000 session B
13
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
How to move from COSO ERM to ISO 31000?
The COSO ERM framework has received a lot of criticism and has been proved difficult to implement. However, some companies have put tremendous efforts into trying to achieve its implementation with the belief that there is no alternative. Since January 2011, the ANSI/ASSE has adopted ISO31000 as the American risk management standard. This session will explain why and how companies using COSO ERM should move towards ISO 31000 in order to realise a better risk management framework.
Moving from COSO ERM
Sally Dix | Vice President, Standards and Guidance The Institute of Internal Auditors, Global Headquarters | USA
Risk Management Strategy: Building the Approach thatʼs Right for Your Organization.We all share common goals: Optimizing our risk management strategies to assure our organizationsʼ goals and objectives are met. The experts agree, when it comes to risk management, one size does not fit all. Risk strategies that are effective for some organizations might stifle new opportunities or lead to unanticipated problems for others. Itʼs not just a matter of selecting a risk framework or deciding on a level of resources dedicated to risk management – itʼs a matter of identifying and implementing the specific strategies and approaches that are the right ones for your organization and its unique culture. Sally Dix, Vice President, Standards and Guidance, for the Global Institute of Internal Auditors, combines theoretical knowledge and real world experience in this insightful presentation sharing new tips for making risk management work for you. How well the approach is tailored to your organization can make the difference in the success or failure of risk management at your organization.
Arnold Schanfield | Principal at Schanfield | Risk Management Advisors | LLC USA
Arnold believes that COSO ERM was designed with good intentions, but that overall it is too complex and unwieldy, resulting in many companies giving up on designing their own program and paying external consultants to tell them how to implement risk management. Today, COSO ERM is the subject of some controversy. Based on his experience of both ISO 31000 and past COSO ERM implementations, Arnold will demonstrate how ISO 31000 improves on COSO ERM in a number of areas including referencing the “deadly sins” introduced by Grant Purdy and will give practical advice on how to navigate successfully from COSO ERM to ISO 31000 standard.
Monday 11:00 – 13:00 – Parallel Session 1A
14
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
How to move from COSO ERM to ISO 31000?
Moving from COSO ERM
Norman Marks | CPA, CRMA, Vice President, Evangelist at SAP | USA
Turning towards the ISO 31000:2009 risk management standard
Norman will share how, when he was asked to start a risk management practice, in addition to leading internal audit, he turned first to the COSO ERM Framework. Finding it lacking as a way of explaining risk management to the board and executives, he adopted the ANZ Standard and practice guides. Although initially critical of the new ISO standard, he is now an advocate. He is recognized as such within internal audit circles, and has helped move the IIA away from sole endorsement of the COSO framework and towards adoption of the ISO risk language. He will share why he recommends ISO 31000:2009 as he makes presentations and engages with SAP customers around the world.
Michael Parkinson | Member of the International Internal Auditing Standards Board at the Institute of Internal Auditors | Chairman of Committee OB-007 at Standards Australia | Director at KPMG | Australia
Planning the program – supporting the organisation’s risk management process
Reviewing the risk management process
Focusing the individual engagement
The feedback loop – internal audit informing risk management
The new role of internal auditors
15
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Lyndon Bird | Technical Development Director & Board Member at BCI, the Business Continuity Institute | UK
Business Continuity
Aligning your Business Continuity program with the ISO 31000 standard
Lyndon Bird is a Director of The Business Continuity Institute. He helped found the BCI in 1994, and was awarded the Institute’s highest grade of FBCI.Prior to taking his current executive role with the BCI, he has served as a voluntary member of the elected BCI Board for six years including three years as Chairman. He was voted BCM Consultant of the year in 2002 and given the prestigious Lifetime Award in 2004 by Continuity, Insurance & Risk Magazine.
Monday 11:00 – 13:00 – Parallel Session 1B
Geraint Bermingham | Director of Navigatus Consulting | New Zealand
Application of ISO31000 philosophy to Business Disruption Management ( Developing AS/NZS5050)
Business continuity has traditionally been separate to organisational risk management functions
ISO31000 gave opportunity to integrate the management of business disruption related risks with all other business risks
Focused on organisational objectives - proactive and reactive
Example of disruption event that proved the concepts later described by AS/NZS5050
In June 2010, Standards Australia and Standards New Zealand released AS/NZS 5050, the new business continuity standard, which aims to relate business continuity to the ISO 31000:2009, ‘Risk management – principles and guidelines’ framework, making risk assessment and management its central pillars. This session will discuss how to align your Business Continuity program with the ISO 31000 standard.
16
John Agius | Enterprise-Wide Risk & Business Continuity at GO Plcr | Malta
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Business Continuity
Risk and Business Continuity Management have been developed overtime as a result of the effects of uncertainty that organizations face in achieving their objectives. The likelihood of deviations from set objectives, whether negative and/or positive, compels organizations to be proactive and prepared to intervene in good time to manage adverse effects and pursue opportunities. In the event of business disruptions organizations are obliged to provide for resiliency and to ensure that alternative arrangements are in place for business to continue to operate whatever the circumstances. John’s presentation tackles the process RM plays in establishing an effective and efficient BCMS and how ISO 31000 benefit this process.
The RM to BC Route - How ISO 31000 benefits Business Continuity
Brian Gray | Chief - Business Continuity Management Unit - United Nations | USA
Business continuity was spawned from Disaster Recovery; risks were therefore focused on IT
Over the past decade the context has changed: business continuity now must consider all-hazards and the financial crisis has put pressure on resources
Risk management provides a common framework to convene, collaborate and communicate
This process not only addresses risks, but generates serendipitous effects that strengthen organizational performance
Drivers of Performance: ISO 31000 and Business Continuity
17
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Monday 13:00 - 14:00 Lunch
Dr. Louis Marinos | Senior expert - Risk Management at ENISA | Greece
What are the methods to identify the common points?
What are the possibilities to maintain the interfaces?
What is the need in the community?
What open issues have been identified?
Business Continuity, Risk Management and Preparedness: how to complete the puzzle?
Business Continuity connects to Risk Management and other Management disciplines. But:
Business Continuity
18
John Shortreed | Adjunct Professor, University of Waterloo | Canada
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
How world-wide global risk management curriculum are or should be aligned to IS0 31000
A majority of institutions have fallen short of delivering educational programs that meet the needs of business in the area of managing risk. Many of the courses for instance are too general and there is an obsession with financial risk to the exclusion of all other forms of risk. This session features presentations that address the shortcomings that are so prevalent among the plethora of programs offering training and education in the area of risk management.The intent of this session is to demonstrate that some curriculum in RM have already adapted the content of the teaching to the principles, framework and process proposed in the ISO 31000 Risk Management Standard.
Education
Anthony Davidson | Dean of the School of Graduate and Professional Studies Manhattanville Center of Excellence for Managing Risks | USA
Anthony will speak about a new program recently launched at the Manhattanville College that tackles risk management from a totally holistic perspective, taking into account the multiple dimensions of risk. The premise is that Risk Management cannot be simply treated as a programme containing a methodology. It must be regarded as an organisational initiative, which needs to be adopted and practised by all constituents of the organisation, including not only all the departments and employees but also all stakeholders that impact the organisation. ISO31000 and i ts related elements should be viewed as contemporaneous guidelines for the purposes of establishing and ensuring a system-wide adoption of the risk construct, through an evolving implementation process.
Bringing thirty years experience in research, education and standards in risk, John will give his views on how risk management education and training could be better designed and delivered so that it is consistent with ISO 31000, and fully integrated into the existing governance and management of any organization, in a simple, yet powerful and persuasive way, that overcomes existing inertia in the evolution of risk management.
Monday 14:00 – 15:15 – Parallel Sessions 2A
19
Carolyn Williams | Head of Thought Leadership at Institute of Risk Management | UK
Education
What is a profession and does it matter?
IRM’s approach to risk management education
Equipping ourselves for the future
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
William Gifford | Student at the Glasgow Caledonian University | Scotland
What led me to Risk Management (RM)
How GCU gave me an insight to RM thinking
The importance of understanding the role of education in RM
The common approach supplied through ISO 31000
Why it is important for ISO 31000 and educational programmes to become aligned
Supporting the Risk Management Profession
The IRM believes passionately that investment in education and continuing professional development leads to more effective risk management. This presentation will cover:
What students in risk management expected to be taught during their curriculum
20
Peter Blokland | Organisational coach | trainer & risk expert General Manager at BYAZ bvba Belgium
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
To manage risk, you will have to increase the quality of your perception
Managing risk is managing uncertainty as well as managing objectives. What you will see is what you will get, is certainly true in managing risks. The more opportunities you’ll see, the more risk you’ll take. The more dangers and threats you’ll discover, the better you will be able to cope with them.
Frank Herdmann | Managing Partner at Auxilium Expatbiz Services and AUXILIUM Management Service | Germany
Human Factors, Management, and Risk
Human Factors Management is at the core of life. It has to be tailored and aligned with an organization’s external and internal context. Complexity requires Human Factors Analysis and Classification Systems and/or Human Reliability Analysis. But for most entities a simple systemic approach is a good start for Risk Management.
Risk and Human factors
Understanding and managing people is a core risk management competency. People are often considered as an organisation’s greatest asset and yet they are often also the greatest liability. This session will broaden your understanding of how a consideration of human factors should be incorporated into your risk management practice.
Human factorsMonday 14:00 – 15:15 – Parallel Sessions 2B
21
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Human factors
Monday 15:15 - 15:45 Networking & Refreshment Break
Monday 14:00 – 15:15 – Parallel Sessions 2B
Norman Marks | CPA, CRMA, Vice President, Evangelist at SAP | USA
Risk and Human Factors: Because People Run Businesses
Norman will review a couple of different ways the Human Factor affects risk management:
As a source of error. The root cause of error is almost always people and risk managers must consider the risk of mistakes
As an influence on risk decisions. Different people will evaluate, assess, and respond to risk in different ways. How then can the risk manager ensure the right risks are taken for the organization?
He will share his experiences and views on how to address these issues.
Risk and Human factors
The need to keep risk management as a simple and holistic process
The need for universal understanding
The essence of risk criteria
The meaning and practicality of integration
Dealing with context and emerging risks
For the first time in the last decades, a single document called ISO 31000 is the only internationally recognized ISO standard in risk management, a single global reference for stakeholders, adopted by most G20 countries, based on the 20 years long experience of AS/NZS4360, can apply to any activity, any sector, a voluntary application promoting business performance and most important is not a bureaucratic compliance/reporting system. This session will explain you why every risk management program should be based on the ISO 31000 Risk Management Standard.
Why every RM programme should be based on ISO 31000
John Fraser | Senior Vice President | Internal Audit and Chief Risk Officer at Hydro One | Canada
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Michael Parkinson | Member of the International Internal Auditing Standards Board at the Institute of Internal Auditors | Chairman of Committee OB-007 at Standards Australia | Director at KPMG | Australia
Is there anything else that could be used?
The strengths of ISO 31000
The advantages of agreed terminology
The advantages of a uniform approach
Monday 15:45 – 17:00 – Plenary Session
23
Jacquetta Goy | Risk Manager at BCLC | Canada
The power of using ISO 31000 as your ERM foundation
Increasing the understanding of risk through a common language
The benefits of alignment
How developing risk criteria resolves the appetite discussion
Why establishing the context matter
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Monday 18:30 Gala Dinner on the river Seine
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Come and discover the magical banks of the Seine, enjoy a sumptuous dinner, and admire all of the most prestigious Parisian landmarks. Share with us the extraordinary atmosphere that prevails on this river restaurant and the exquisite, fresh and generous cuisine of the world renowned chef Martial.
Tuesday 9:00 - 11:00 Plenary Session
Day 2 Tuesday 22nd May 2012
How to implement or adapt your RM programme using ISO 31000
Rico Ferrarese | Senior Strategic Risk Manager at LEGO Group | Denmark
ISO 31000 says: “The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed”In this session, we will learn how large companies have achieved the implementation of ISO 31000. What are the major barriers to effective risk management in organizations today? How Risk Maturity Models can be developed and used for benchmarking.
During these past years, Mr. Ferrarese has provided a systematic validation of the LEGO Group ERM approach vs. the ISO 31.000 standard and provided a set of recommendations as to further alignment. Most of these recommendations have been implemented leaving the LEGO Group largely in compliance with ISO 31000 .
Domenic Antonucci | Chief Risk Officer at ADPC Abu Dhabi Ports Co. | UAE
Risk Maturity Model dedicated to ISO 31000.Introducing BenchMarker: A maturity model checklist tool to benchmark your organisation against recommended global practice for Enterprise Risk Management (ERM) and ISO 31000. Brief your CEO and Board with a strategic baseline and measure future ERM progress. Also previewing RiskMapper: a risk universe mapping tool to test the maturity of your risk Profiles, Source and Context.
Jason Shohet | Vice President of Enterprise Operations and Technology Risk Management at CITIGROUP | USA
A “Slow Introduction” approach in the implementation of the ISO 31000.Jason Shohet is a VP of Enterprise Operations and Technology Risk Management at Citigroup where he provides global oversight of self-assessment programs. He has provided risk management expertise covering operations in market and credit risk, anti-money laundering, financial reporting, technology infrastructure, continuity of business and supplier management functions.Jason will explain how he realize that a “Slow Introduction” approach in the implementation of the ISO 31000 - sacrilege to some but aside from quitting and working somewhere else – is sometimes the only option.
26
Pat Croke | Managing Director at Hyperassure Ltd | Ireland
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
This session will explore the various ways that software can be used to support ISO 31000. It will span the gamut from very simple spread sheet based systems to highly sophisticated dedicated risk management software. The discussion will focus on the strengths and weaknesses of using software for different aspects of risk management at the!strategic, tactical/project and operational objective levels.
ISO 31000 Doing what comes naturally.During this session you will gain an understanding of how ISO 31000 can be rolled out in an organization in either a top down or a bottom up manner. Pat will focus on the importance of context and how it changes at different levels of the organization. He will show how understanding these changes is important to achieving success with either approach. He will also discuss how the ISO 31000 framework can be used with multiple different risk management processes which are specifically tailored to a particular type of process such as Decision Making, Project Management, Information Technology, Health and Safety, etc.
How specialized software supports ISO31000, how we have implemented it.
Specialized risk management software should support decision making in every way possible. The ideal risk management solution would not be standalone, would not be a referred to as the “risk management application”, and would not be situated in the “ERM” department. Risk management application should be an intrinsic feature of all software applications that govern resources. It should facilitate, empower and record cognitive reasoning a manager undertakes when evaluating options to create a reproducible trail of thought and contribute to
organizational learning purposes.
Monday 11:00 - 11:30 Networking & Refreshment Break
Johannes Swanepoel | Program Manager, Risk Management at Enablon Software Solutions | USA
27
Julian Talbot | Chief Executive Officer at Jakeman Business Solutions | Australia
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
“ISO31000... How does it relate to security”?
ISO31000 is potentially the best thing to happen to security risk management since Og the caveman picked up a club to defend his family. But just how do we use it, what are the benefits and equally importantly, what are the pitfalls? This panel of subject matter experts will attempt to answer these questions and more looking at a range of security practice areas. Physical security, information technology, information, personnel and in particular, security management.
Security and Safety
Enterprise Security Risk ManagementEnterprise Security Risk Management is much more than just scaling up security management across an organization. It means taking an integrated view of how each part of the organization affects the other and turning some complex analysis into a series of practical plans that people can understand and implement. It needs an entirely different mindset from traditional security management but fortunately we have a tool that is ideally suited to the job - ISO31000. This presentation is based on lessons learned in conducting enterprise security risk assessments for multibillion government and resources organizations operating on six continents. Come find out what worked, what didn’t – and why.
Gilles Motet | Professor at the National Institute of Applied Sciences, Member of the French AFNOR Commission on Risk Management | France
Contribution of ISO 31000 to safety management
ISO 31000 introduced a new definition of Risk based on uncertainty, and a new way for handling risks. First of all, the presentation will show that this new vision is in accordance with the change of concerns of stakeholders in safety domain. Then, the contributions of the original aspects of the risk management process to safety will be highlighted. Finally, we will explain how the Framework proposed by ISO 31000 allows the concept of risk acceptability to be challenged as recently required by stakeholders.
Tuesday 11:30 – 13:00 – Parallel Sessions 3A
28
Marc Siegel | Commissioner, Global Standards Initiative, ASIS International | USA
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Security and Safety
To protect the value chain, organizations must move beyond traditional siloing of risks to a holistic approach.
The ISO 31000 provides a framework for integration of security management into a enterprise-wide risk management strategy.
To protect the value chain, organizations need to have a comprehensive strategy to manage both organizational and supply chain risk.
Why ISO got it wrong!
Lorenza Jachia | Secretary, Working Party on Regulatory Cooperation and Standardization Policies at United Nations Economic Commission for Europe (UNECE) | Switzerland
Risk management has become an essential building block of regulatory systems in all areas – in food safety, environment, aviation, finance – to name just a few. The work of the UNECE aimed at guiding regulatory stakeholders in consistent and systematic application of risk management to establishing and running regulatory systems has been entrusted since 2010 to the Working party’s Group of Experts on Risk Management in Regulatory Systems (UNECE GRM). ISO 31000 is a tool that allows for a systematic integration of risk management best practice in all areas of regulatory activity.
Risk and Security Management: Protecting and Creating Value
Initiatives by regulatory authorities
29
Kevin W Knight | Chairman of ISO Working Group that developed ISO 31000 | Australia
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Raising the awareness about IS0 31000, worldwide
This panel discussion is intended to share experiences about how to raise awareness to encourage public and private organisation to adopt ISO 31000 as their reference in the management of risk. Starting with the 20 years long experience of Australia, the session will continue with Canada, then USA and possibly experiences in Europe.
Raising awareness
Follow-up of 20 years of Risk Management Standardisation - Past, Present and Future. Although the original 1995 edition of the AS/NZS 4360 standard was developed from earlier risk-management ideas and processes it was nonetheless ground-breaking as the first standard published on risk management…
Awad Loubani | Director, Quality and Risk Management Services in the Corporate Services and Strategic Planning Branch of Public Works and Government Services Canada (PWGSC) | Canada
Membership matrix of the CSA Technical Committee on Risk Management and the subsequent Standards Council of Canada Mirror Committee membership
Comparative study of various RM standards in 2008
Focus groups approach - different economic sectors across Canada
Conducting 3 public reviews of CSA Q31001
Cross work with other CSA TCs
Canadian additions to ISO 31000
CSA training and speaking opportunities
Going forward: CSA senior management to have greater focus on RM as a critical area of their work
The Canadian perspective
Tuesday 11:30 – 13:00 – Parallel Sessions 3B
The Australian perspective
30
Carol Fox | Director, Strategic and Enterprise Risk Practice at RIMS, Vice-chairman at US TAG for ISO 31000 Risk Management | USA
The American perspective
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Risk management standards and frameworks in the U.S.: Adopt or adapt? RIMS 2011 benchmark survey on ERM will be discussed, including how risk practitioners are utilizing prevalent standards and frameworks.
Geraint Bermingham | Director of Navigatus Consulting | New Zealand
ISO31000 was adopted unchanged in Australian and New Zealand as AS/NZS ISO 31000 within months of the original being published.
A coordinated programme was developed to educate all government and private sectors of its content and use.
Standards NZ and The NZ Society for Risk Management joined forces to prepare and deliver the programme.
The programme included seminars at each major city and drew in an unexpectedly large numbers of attendees.
31000 follows 4360 as being the ‘best seller’ standard in both Australia and New Zealand.
31000 is gaining rapid uptake - particularly within the Government sector.
An outstanding issue is an ongoing belief by some that it is simply an update of AS/NZS4360 whereas the principles and framework content is new and of significant value.
The rapid adoption of ISO31000 in New Zealand
The New Zealand perspective
31
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Alicia Swart | Risk Management Turnaround Specialist. Sola Fide Solutions: Risk and Strategy Consulting | South Africa
Why the current South African Context is creating an ideal platform to actively position the value add of ISO 31000.
South African opportunities to uniquely package ISO 31 000 solutions and ensure the value and buy in for organizations
Raising ISO 31 000 awareness while leveraging from other business "buzz" words and disciplines.
Taking ISO 31 000 to the next level in the South African Context
The South African perspective
Tuesday 13:00 - 14:15 Lunch
Alpaslan Menevse | Operational Risk Manager at Sekerbank | Turkey
Evolutionary new code of commerce in Turkey will go in effect in! 1st of July 2012. Prepared totally with a new vision, the code requires a risk oversight committee with ERM functionality for all publicly traded firms in Istanbul Stock Exchange. The mandate will bring new opportunities to the risk management field since it allows organizations to outsource the risk advisory function.
Turkish perspective
The New Code of Commerce and ISO 31000 in Turkey
Angel Escorial | Director General at Riskia, Member of the Spanish AENOR Commission on Risk Management | Spain
Spanish perspective
The New Code of Commerce and ISO 31000 in Turkey
AENOR translated into Spanish ISO31000 in 2010
Spread of ISO31000 through RM Associations, particularly by AGERS
Increasing interest for information and training
Global ISO31000 Survey 2011
32
Jason Shohet | Vice President of Enterprise Operations and Technology Risk Management at CITIGROUP | USA
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Going beyond regulatory requirements
Today, banks are mandated to meet many different regulations including but not limited to Anti Money Laundering requirements, Sarbanes Oxley, Dodd Frank Wall St Reform Act, International Accounting Standards and Basel II / Basel III banking accord. This session will look at how ISO 31000 can assist in bringing these various regulatory initiatives together and not only be harmonious with Basel II, III but improve its operations.
Finance & Banking
Martin Davies | Managing Director at CAUSAL CAPITAL | Singapore
How can ISO 31000 bring risk departments together in banks
Why Basel II, III does not conflict with ISO 31000
Look at the top risk challenges for Banks and how can ISO 31000 assist with them
A working mode for ISO 31000 in financial institutions
Identifying internal and external stakeholders of a “silo” within a heavily-regulated bank – an AML example
Using ISO 31000 principles to educate traders / bankers who expected you to mitigate risk for them
Why baking operations struggle with identifying risk events – and how to address the problem
Focus on achievement of objectives versus traditional focus on regulatory compliance
Tuesday 14:15 – 15:45 – Parallel Sessions 4A
33
Alpaslan Menevse | Operational Risk Manager at Sekerbank | Turkey
Organizational Culture is one of the most important topics addressed by ISO 31000
Most affected organizations have not built up common internal language.
Resisting to the change will be one of the main threats of the next decade.
Why ISO 31000 is the best candidate of holistic integrator of the organizations.
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Finance & Banking
Tim Leech | Managing Director Global Services at Risk Oversight Inc | Canada
Using ISO 31000 for Sarbanes-Oxley Section 404What will it take to convince the U.S. and countries around the world that ISO 31000 is a “suitable” and far superior assessment framework for SOX 404 and similar representations?! What will it take to eliminate the current control-centric SOX 404 silo and integrate SOX assessment efforts with ISO 31000 and ERM?
John Lark | President at Coherent Advice | USA
John is a recognized leader in r isk management w i th over 10 years o f experience. In November of 2010 he was awarded the distinguished CPRM certification by the Risk Management Institution of Australasia. John is also a member of the Canadian Standards Association Technical Committee on the new Canadian Risk Management Standard Q31001 and the new international risk management standard CAN/CSA ISO 31000.
Training on ISO 31000
Tuesday 15:45 - 16:15 Networking & Refreshment Break
Tuesday 14:15 – 15:45 – Parallel Sessions 4B
34
G31000 - the new Platform for ISO 31000
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
The G31000 Platform was launched in 2011 to enable organisations to work with the Global Institute for Risk Management Standard, a not-for-profit organisation, to deliver the overall G31000 mission of: Promoting the ISO 31000 Risk Management Standards worldwide.The First international conference on ISO 31000 will officially start the activities of the G31000
Pat is in charge of developing the on-line risk management training course based on ISO 31000 which will support people trying to attain C31000 certification. He is also responsible for the roll out of the G31000 technology platform and will discuss what has been done to date and what is planned for the future.
Pat Croke | Managing Director at Hyperassure Ltd | Ireland
Jacquetta Goy | Risk Manager at BCLC | Canada
Jacquetta is in charge of the certification of individuals. Candidates for the C31000 Certificate need to demonstrate a thorough understanding of the ISO 31000 Risk Management Standard, its principles, its vocabulary, its framework and its process.
Alex Dali | President of G31000 | France
Alex had the inspiration and is the lead for G310000, bringing all the ideas together. He will present the results of the global survey on ISO 31000 carried out between October-December 2011.
Tuesday 16:15 - 17:25 Plenary Session
Tuesday 17:25 - 17:30 Closing
Speakers and Moderators’ Biographies
36
Chairman of the ISO
Working Group that
developed ISO 31000
Kevin W Knight is known for his active work in developing, explaining and encouraging the use of Standards with respect to the management of risk. He is a founding member of the Standards Australia/Standards New Zealand Joint Technical Committee that produced the original AS/NZS 4360 Risk Management Standard in 1995 and its subsequent revisions in 1999 and 2004.
Kevin was Convenor of the International Organisation for Standardisation (ISO)
Working Group that produced ISO/IEC Guide 73:2002 – RM Terminology and he Chaired the ISO Working Group that developed ISO 31000:2009 Risk management — Principles and guidelines and the revised ISO Guide 73:2009 Risk Management Vocabulary published in November 2009. He currently Chairs ISO Project Committee 262 - Risk Management.
Kevin W Knight
Australia
CONFERENCESPEAKERS
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Enterprise-Wide Risk &
Business Continuity
at GO Plcr
John is a Risk-and-Business-Continuity manager having strong industry and academic experience in the profession a n d t h e a s s o c i a t e d re s i l i e n c e disciplines. Originating from electronics and Computing John moved from DRP in Data Processing and MIS way back in the 1970’s to RM and BC as known today.
John Agius
Malta
37
Chief Risk Officer at ADPC
Abu Dhabi Ports Co
Domenic Antonucci
UAE
Domenic is currently responsible for initiating and aligning mega-project and enterprise-wide risk management (ERM) for Abu Dhabi Ports Company (ADPC). Domenic specializes in implementing ERM wi th in ear l y r i sk matur i t y organizations and building risk practitioner tools and techniques for implementing ISO 31000:2009 and formerly AS/NZ 4360:2004. Previously with Marsh Risk Consulting, he prefers alternating between organisation head of risk and
consulting roles in the UAE, Middle East, Africa, Asia and Australia. He enjoys over 30 years experience with Shell strategic planning, anti-terrorism and business management consulting across many sectors. An Australian ex-patriot, he holds a Masters Degree and is a PMI-RMP Risk Management Professional.
CONFERENCESPEAKERS
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Director of Navigatus
Consulting
Geraint Bermingham
New Zealand
G e r a i n t h a s 3 0 y e a r s o f r i s k management experience, originally as a nuclear submarine engineer with the British Royal Navy and then as a consul t ing r isk engineer in the infrastructure and power industries c o v e r i n g b o t h t e c h n i c a l a n d environmental areas.
38
Lyndon Bird is a Director of The Business Continuity Institute. He has an honours degree in Chemistry and a Masters in Management from the University of Manchester. He helped found the BCI in 1994, and was awarded the Institute’s highest grade of FBCI.
Prior to taking his current executive role with the BCI, he has served as a voluntary member of the elected BCI Board for six years including three years as Chairman.
Lyndon was also a founding member of Continuity Planning Associates BV in The
Netherlands. He has worked exclusively in the Business Continuity world for over 25 years as a consultant, presenter, author and business manager. He was voted BCM Consultant of the year in 2002 and given the prestigious Lifetime Award in 2004 by Continuity, Insurance & Risk Magazine.
Technical Development
Director & Board Member,
The Business Continuity
Institute
UK
Lyndon Bird
CONFERENCESPEAKERS
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Peter is a former Belgian Air Force pilot, Staff Officer and aircraft accident investigator. During his career he occupied flying duties as an F-16 fighter pilot, a basic and advanced flying training instructor, operations and t r a i n i ng o ffice r and even tua l l y Commanding Officer (CO) of a flying training squadron.
As a staff officer, he took up duties in Training Command and the Aviation Safety Directory. He finished his career
at NATO’s Allied Command Operations at SHAPE (BE) – where he was involved in nuclear command and control. As an instructor and staff officer, he always took pleasure in sharing and passing on his knowledge and experience.
In 2008 he started a second career as a business expert and organisational coach. He is also the founder of Total Respect Management (TR"M™), a management model, based on Respect (Leadership), Risk (Risk Management) and Results (Excellence).
Organisational coach, trainer
& risk expert General
Manager at BYAZ bvba
Peter Blokland
Belgium
39
Pat i s the manag ing d i rec to r o f Hyperassure Ltd., a company that provides social media based r isk management software solutions as well as consultancy and training. He has over 30 years experience in the multi-national ICT sector, much of it at a senior level. During his time with Hewlett-Packard and Digital E q u i p m e n t C o r p o r a t i o n h e w a s responsible for designing and developing some of their largest global software systems. He also led Hewlett-Packard's
Semantic Web Research Group which was researching leading edge web technologies and took part in a number of European Union Framework 5 and 6 consortia. He is a member of the National Standard Authority of Ireland's (NSAI) risk management advisory committee and contributed to NWA 31000:2010 which is Ireland's National guidance on implementing ISO 31000:2009 Risk Management Principles and guidelines. He is also a member of the ISO/TC 262 project committee which was set up to develop ISO 31004 "Risk Management - Guidance for the implementation of ISO 31000." Pat holds a Master of Science degree from The Open University in Computers for Commerce and Industry.
Managing Director,
Hyperassure Ltd
Ireland
Pat Croke
CONFERENCESPEAKERS
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Alex is well known today through his very active work in raising awareness of R i s k M a n a g e m e n t S t a n d a r d s , particularly on ISO 31000. Holding a Msc in Chemical engineering, a degree Business Administration and a post-master in Risk Management, he has worked in the last 17 years on many aspects of risk management : industrial risk management, loss prevention, natural disaster risk management, business impact analysis, business
in ter rupt ion, bus iness cont inu i ty management, standards and regulations. Today, Alex is a recognized as the founder of the Global Institute for Risk Management Standards, G31000, the global ISO 31000 platform and the active owner/moderator of the LinkedIn group which has reached 4000+ members. He is an invited professor in several universities and institutes, trainer for workshops and writing articles on ISO 31000.
President of G31000
France
Alex Dali
40
Kevin W Knight is known for his active work in developing, explaining and encouraging the use of Standards with respect to the management of risk. He is a founding member of the Standards Australia/Standards New Zealand Joint Technical Committee that produced the original AS/NZS 4360 Risk Management Standard in 1995 and its subsequent revisions in 1999 and 2004.
Kevin was Convenor of the International Organisation for Standardisation (ISO)
Working Group that produced ISO/IEC Guide 73:2002 – RM Terminology and he Chaired the ISO Working Group that developed ISO 31000:2009 Risk management — Principles and guidelines and the revised ISO Guide 73:2009 Risk Management Vocabulary published in November 2009. He currently Chairs ISO Project Committee 262 - Risk Management.
Dean of the School of
Graduate and Professional
Studies - Manhattanville
center of excellence for
Managing Risks
USA
Anthony Davidson
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCESPEAKERS
Martin is a risk framework architect who designs pricing, control and risk reporting systems for banks, brokerages, exchanges , ene rgy houses and regulators. Primarily he is a banker with more than 20 years experience working with various risk management disciplines including: operational risk, credit risk, counterparty risk and market risk and across many different institutions across the emerging markets. He is business unit focussed with good insight into
structured finance, project and trade finance but from a risk and valuation perspective. He has a good understanding of markets including Rates, FX, Equities and Money Markets and has developed several risk systems for quantifying risk exposure, limit taking and control hedging. He is a top grade programmer with detailed experience in SQL, R-Project, Visual Studio / C++ and he quantifies risk using various statistical models such as Copula’s, EVT or Bayesian networks.
Managing Director at
Causal Capital
Singapore
Martin Davies
41
Sally and her team are responsible for liaising with the IIA volunteer structure to support the IIA’s process for maintaining and updating the IPPF (Definition of Internal Auditing, The Code of Ethics, Standards and Guidance). !She has been tasked with the aspirational goal of leading the evolution of her Standards & Guidance team in delivering thought leadership to the internal audit profession.! She is a member of the IIA’s strategic task force to develop the capability to be agile in the deve lopment o f gu idance /knowledge to keep internal audit professionals current and relevant. In
her current role, she had the opportunity to provide candid feedback on exposure draft issues to COSO and the PwC authors of the new COSO IC framework.!
Her career in internal audit prior to joining The IIA in October 2011 involved leading internal auditing and compliance organizations in medium to large publically traded companies in the high tech and telecom industries (ATMEL Corporation - a $2.6 bil l ion semiconductor company - headquartered in San Jose, CA; AT&T Wireless, based in Seattle, WA; Verizon Wireless, based in Warren, New Jersey; and AirTouch Communications, spin-off of Pacific Telesis Group, headquartered in San Francisco, CA, and acquired by Vodafone in 1999).!
VP, Standards and
Guidance The Institute of
Internal Auditors, Global
Headquarters
USA
Sally Dix
CONFERENCESPEAKERSFIRST INTERNATIONAL CONFERENCE ON ISO 31000
Angel Escorial is CEO of Riskia and m e m b e r o f A G E R S ( S p a n i s h Association of Risk Management). Angel is Civil Engineer and has a BSc in Physics. He has over 25 years experience in RM consulting he is the project leader of the ISO31000 and Environmental Risk WG in AGERS. s e m i c o n d u c t o r c o m p a n y - headquartered in San Jose, CA; AT&T Wireless, based in Seattle, WA; Verizon Wireless, based in Warren, New Jersey; and AirTouch Communications, spin-off of Pacific Telesis Group, headquartered in San Francisco, CA, and acquired by Vodafone in 1999).!
Director General at Riskia,
Member of the Spanish
AENOR Commission on
Risk Management
Spain
Angel Escorial
42
USA
Carol Fox
Carol Fox is Director of Strategic and Enterprise Risk Practice for RIMS, a global not-for-profit associat ion d e d i c a t e d t o a d v a n c i n g r i s k management for organizational success. RIMS produces networking, professional d e v e l o p m e n t a n d e d u c a t i o n opportunities for its membership of more than 10,000 risk management professionals who operate in more than
120 countries. !Prior to joining RIMS, Ms. Fox was senior director of risk management at Convergys Corporation, a publically traded, global relationship management company. A graduate of Miami University (Ohio), she serves on the advisory board for its Center for Business Excellence. Ms. Fox also holds the Associate in Risk Management (ARM) designation from The Institutes. She has authored and contributed to numerous published articles and whitepapers on a variety of risk management topics. Treasury & Risk named her as one of its 2011 100 Most Influential People in Finance.
Director, Strategic and
Enterprise Risk Practice at
RIMS, Vice-chairman at US
TAG for ISO 31000 Risk
Management
Senior Strategic Risk
Manager at LEGO Group
Rico FerrareseRico Ferrarese, Senior Strategic Risk Manager LEGO Group holds an M. Sc and an MBA and has a past education as an officer in the Danish army.
Mr. Ferrarese has been working on developing and implementing strategic risk management within the LEGO Group for the past three years, and is currently focused on the Sales and Marketing organization.
During these past years, Mr. Ferrarese has provided a systematic validation of
the LEGO Group ERM approach vs. the ISO 31.000 standard and provided a set of recommendations as to further alignment. Most of these recommendations have been implemented leaving the LEGO Group largely in compliance with ISO 31.000 .
Furthermore Mr. Ferrarese has been working with proactive risk management to ensure that design of business projects and strategies had risk management embedded in the design.
Denmark
CONFERENCESPEAKERS
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
43
Scotland
William Gifford
The significance of risk management in business abruptly entered William Gifford’s life on the stoke of noon, one regular working Tuesday afternoon in May 2004. That day’s catastrophic events ended a successful twenty year manufacturing career and changed William’s life and career path forever. In September 2008 he started on his four year journey to gain a BA First Class Honours in Risk Management from Glasgow Caledonian University:
That graduation takes place in June 2012. Throughout his degree, William achieved strong marks that culminated in distinction awards at each and every level of assessment and special recognition from Glasgow Caledonian University’s Division of Accounting, Finance and Risk for the best individual performance at level 3. William is attending the Paris conference as a guest speaker, to take part in the special education session aimed at exploring future educational curriculum alignment with ISO 31000.
Student at the Glasgow
Caledonian University
Senior Vice President,
Internal Audit and Chief
Risk Officer of Hydro One
John Fraser is Senior Vice President, Ivnternal Audit and Chief Risk Officer of Hydro One Networks Inc., one of North America’s largest electricity transmission and distribution companies.
He is a Fellow of the Ontario Institute of Chartered Accountants, a Fellow of the Association of Chartered Certified Accountants, a Certified Internal Auditor, and a Certified Information Systems Auditor.
He has over 30 years experience in the risk and control field mostly in the financial services sector, including areas such as finance, fraud, derivatives, safety, environmental, computers and
operations. John Fraser is currently the Chair of the Conference Board of Canada’s Strategic Risk Council and a recognized authority and frequent speaker on enterprise risk management. He co-edited the 2010 university text-book “Enterprise Risk Management: Insights and Analysis on Today's Leading Research and Best Practices.
John Fraser
Canada
CONFERENCESPEAKERS
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
44
Risk Manager at BCLC
Jacquetta Goy
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Canada
Jacquetta Goy joined BCLC in 2008 as their first risk manager, with the responsibi l i ty of establ ishing an enterprise wide risk management program. Prior to that she spent 14 years in the English health service, where she was responsible for setting up and developing the r isk, qual i ty and governance programs for an inner city healthcare organization. This involved preparing for a variety of accreditation reviews and inspections, managing
quality assurance, audit, complaints, clinical risk, investigations and root cause analysis. Jacquetta has both participated in and organized a number of conferences on both risk and quality management. Jacquetta studied International Politics at Aberystwyth University, Wales, has a Master’s in Public Health from St George’s University of London and is a member of the Canadian Strategic Risk Council.
CONFERENCESPEAKERS
After 10 years of being Cold, wet and hungry, Brian left the Canadian Army in 1999 to join the United Nations World Food Programme. Since then he has worked in over 70 countries in logistics, s e c u r i t y , a d m i n i s t r a t i o n a n d programming. His two field postings were Sierra Leone and Iraq. Brian has been central to the development of business continuity in the United Nations. He assumed his current position at the end of 2009, and is responsible for the viability of business continuity
planning across the United Nations Secretariat.
Chief - Business Continuity
Management Unit
United Nations
USA
Brian Gray
45
Managing Partner at
Auxilium Expatbiz Services
and Auxilium Management
Service
Frank Herdmann
Germany
Frank is an experienced C-level manager with a background in the financial, operational and legal fields. Highly-skilled a t work ing in mu l t ip le- ta rgeted assignments in both the public and private sector, he has been active in sales and marketing, international finance, export finance, barter trade, project management, commercial real estate, corporate finance, administrative control, public relations, merchant banking and labor. He has a demonstrated track record in generating improved efficiency and higher profit margins for businesses. Frank is currently
the Managing Partner of Auxilium Management Service. Here he uses his strengths to focus on supporting and consulting for small and medium size organizations. He believes that understanding and emphasis on adequate risk management should always be part of the management triangle. Prior to starting AMS over a period of 17 years Frank was Managing Director of several companies active in barter trade, real estate and transaction consulting.
CONFERENCESPEAKERS
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Secretary, Working Party
on Regulatory Cooperation
and Standardization
Policies at United Nations
Economic Commission for
Europe (UNECE)
Lorenza Jachia
Switzerland
Since April 2008, Lorenza Jachia is the Secretary of the UNECE Working Party on “Regulatory Cooperation and Standardization Policies”. A current area of priority for the Working Party is how risk management tools can be used as the basis for the design of regulatory systems. Lorenza holds a Masters Degree from the Graduate Institute for International Studies (Geneva) and a Bachelors degree from Bocconi University (Milan). She has
been working at the United Nations since 1995. A trade economist, she provides training and advisory services to policy-makers and negotiators of free trade area agreements, including on the deep aspects of economic integration, such as the approximation of technical regulations and regulatory cooperation. She is the co-author of a forthcoming publication on “Risk Management in Regulatory Systems”.
46
Counsellor, Public
Governance and Territorial
Development
OECD
Stephane Jacobzone
France
M r. J a c o b z o n e c u r r e n t l y h a s responsibility for the High Level Risk Forum at the OECD. His experience includes regulatory issues, economic and governance aspects of the public sector as well as health related issues. He organized a major conference on the future of regulatory policy at the OECD, including 350 participants from 51 countries in 2010, jointly with the Bertelsmann Stiftung and the European
Commission.! He conducted recent analytical projects on the governance of regulatory oversight, the implications of the financial crisis for quality regulation in the financial sector, the institutional design for utility sectors, including the regulation or energy, transport and telecommunications, the comparative assessment of regulatory management systems, and led multidisciplinary regulatory reform reviews in 9 countries, (including Australia, Mexico, Brazil, France, Italy, Korea, Mexico, Norway, Sweden, Switzerland). He was in charge of coordinating the Ministerial meeting of the Public Governance Committee in Venice in November 2010. ! In prior assignments, Mr. Jacobzone supported the launch of the OECD health activities, including assessing the economic implications of ageing and the diffusion of new health technologies for public finances and health systems as well as the regulation of pharmaceuticals. Mr.! Jacobzone is a former alumni of the Ecole Polytechnique and ENSAE, France, and began his carrier at the French Ministry of Finance. He taught at Sciences Po, ENA and ENSAE, and authored over 14 books and reports, and over forty articles. He is a member of the French Who's Who.
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
47
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
John is a recognized leader in risk management with over 10 years of experience. In November of 2010 he was awarded the distinguished CPRM certification by the Risk Management Institution of Australasia. John is also a member of the Canadian Standards Association Technical Committee on the new Canadian Risk Management Standard Q31001 and the new international risk management standard CAN/CSA ISO 31000.
President, Coherent Advice
USA
John Lark
CONFERENCESPEAKERS
Christopher Lajtha became an independent r isk management resource in June 2005 – creating a French-based company to provide independent expert services to mult inat ional r isk & insurance management teams. ADAGEO offers single-source or composite expertise via an evolving network of similarly-experienced and independent risk management professionals.
Between 199 and 2004, Chris was the Corporate Risk & Insurance Manager of the Schlumberger Group. He joined Schlumberger in 1981 and worked in various risk management roles for Schlumberger subsidiary operations, based both in Europe and North America.
After leaving University in 1977, Chris worked for Sedgwick Forbes (U.K.) Ltd as a Lloyd’s broker and with B.T.R. Industries as the acting insurance manager – both located in London.
Chris graduated from Manchester University with a Bachelor of Science degree. He qualified as a Fellow of the Chartered Insurance Institute [FCII] in 1981 and as an Associate in Risk Management [ARM] in 1995. In 2001, he completed a European Fellowship in Applied Risk Management [EFARM].
Chris is a frequent speaker at national risk management conferences and has been an active member of several international risk management forums for many years.
Principal at ADAGEO,
independent risk and
insurance management
resource company
France
Christopher Lajtha
48
Awad is currently working as Director, Quality and Risk Management Services in the Corporate Services and Strategic Planning Branch of Public Works and Government Services Canada (PWGSC).
Awad led the deve lopment and implementation of PWGSC Integrated Risk Management (IRM) Policy. He is keeping evergreen the Corporate, Operational, Conflict of Interest and IT Risk Profiles. Awad continues to update
it to continuously reflect, at a macro level, the risks embedded in the transformation agenda, Deficit Reduction Action Plan, and in business lines carrying out their business activities.
Awad is represented the public sector in Canada on the ISO/TMB Risk Management Working Group of Experts during the 2005-2010 period. During the October 2007- November 2011, Awad served as the Chairperson of the Technical Committee of Canadian Standards Association that was tasked to develop a Canadian Standard and Handbook to implement the ISO/TMB Risk Management Framework. Awad was recently elected as the Head of Canadian delegation to the ISO PC-262, which was set up to develop ISO 31004 Risk Management-Guidance for the implementation of ISO 31000.
Director, Quality and Risk
Management Services in
the Corporate Services and
Strategic Planning Branch
of Public Works and
Government Services
Canada (PWGSC)
Canada
Awad Loubani
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCESPEAKERS
Managing Director
Global Services at
Risk Oversight Inc
Tim J. Leech FCA CIA CRMA CFE CCSA is Managing Director Global Services with Risk Oversight Inc. (“RO”) He has over 25 years experience in the fields of ERM, internal audit and forensic accounting field and global experience helping public and private sector organisations with internal audit transformation initiatives, and the d e s i g n , i m p l e m e n t a t i o n a n d maintenance of integrated GRC/ERM frameworks. He has been recognised for
outstanding contributions to the profession by the Ontario Institute of Chartered Accountants, Institute of Internal Auditors, and Association of Certified Fraud Examiners.
Tim Leech
Canada
49
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCESPEAKERS
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCESPEAKERS
Jan is a recognized and published thought leader and advisor on the subject of enterprise and integrated risk management design, assessment and implementation.
Jan works with decision makers across private and public sector organizations from transportation, health, chemical, oil and gas, financial services, social services, utilities, telecommunications and biotechnology sectors. Her career
includes extensive involvement in the design, implementation, assessment and management of enterprise wide risk management (including strategic, operational, project and procurement risk): to date she has provided advisory support provided to over 60 Canadian organizations. Jan has designed and delivers training for the Canadian Standards Association and RIMS on ISO 31000 series of international and national products across North America and held leadership risk management roles inside public and private sector organizations.
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCESPEAKERSNorman is Vice President, Evangelist at SAP, where he focuses on thought l e a d e r s h i p a ro u n d “ b e t t e r r u n business”. He focuses on governance, risk management, internal audit, compliance, enterprise performance, and business intelligence.
Prior to Business Objects’ acquisition by SAP in 2008, he was their Vice President of Internal Audit responsible for internal auditing, risk management,
the Sarbanes-Oxley Section 404 (SOX) program, and license compliance.
Norman has been chief audit executive of major global corporations since 1990, and is a globally-recognized thought leader in the professions of internal auditing and risk management. In addition, he has served as chief risk officer, compliance officer, and ethics officer, and managed what would now be called the IT governance function (information security, contingency planning, methodologies, standards, etc.)
CPA, CRMA, Vice
President,
Evangelist at SAPUSA
Norman Marks
Project leader for ISO 31004,
ISO/PC 262 Risk Management
committee
Jan Mattingly
Canada
50
CONFERENCESPEAKERS
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Dr. Marino is senior expert at ENISA in the area of Risk Management with extensive experience in the management and operation of security and the coordination of European expert groups.
Currently, he is responsible Manager for Project in the area of Emerging Threat Landscape. He is also involved in issues regarding Economics of Security. His expertise is on:
• Integration of Risk Management with operational and governance processes.
• Security management with regard to critical business areas, such as financial institutions, B2B and telecommunications.
• Systems security with focus on Internet security, security in large networks for telecommunication, security in banking applications and operating systems.
• Security standards and good practices, such as Risk Management, Continuity Management, Common Criteria.
• Co-author of the security part of CEN/TC 224 - ISO/TC 68/SC 6.
Alpaslan Menevse CISA, CRISC is O p e r a t i o n a l R i s k M a n a g e r a t Sekerbank . Among h is cu r ren t responsibilities are integrating ISO 31000 into all banking processes at tactical and operational level. He has a special interest in the "Human Side of Change Management" within the perspective of ERM and ISO 31000.
Operational Risk Manager at Sekerbank
Alpaslan Menevse
Turkey
Senior expert - Risk Management
at ENISA
Dr. L. Marinos
Greece
51
CONFERENCESPEAKERS
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Gilles Motet is a Professor at the National Institute of Applied Sciences, researcher at the French National Research Center (LAAS-CNRS) and Scientific Director of the Foundation for an Industrial Safety Culture. He participated in the development of the ISO 31000.
Professor at the National Institute of
Applied Sciences
Gilles Motet
France
Member, International Internal Auditing
Standards Board at the Institute of Internal Auditor.
Chairman of the Committee OB-007 at
Standards Australia. Director at KPMG
Michael Parkinson CIA CRMA CISA CRISC is an internal auditor of more than 25 years experience. After 10 years in Information Technology and Government Finance he became an IT internal auditor in the early 1980s. He has served as Vice Chairman of the Institute of Internal Auditors and as Vice President of ISACA. He is currently the chair of Standards Australia Committee OB-007 (Risk Management) and is an Australian delegate to ISO PC 262 (Risk Management). Michael serves on the
International Internal Auditing Standards Board. He has written extensively on internal auditing and on risk management. In particular he was co-author of AS HB 158-2010: Delivering Assurance using ISO 31000.
Michael Parkinson
Australia
52
Internal Audit and Risk Professional with diversified industry expertise including consumer products, higher education, life sciences, manufacturing, not for profit, retail, trading companies a n d h i g h e r e d u c a t i o n . R i s k management (enterprise-wide, risk assessments, control self assessments, corporate governance and r isk mitigation strategies) and financial/compliance audits (Sarbanes Oxley, other regulatory reviews, business
ethics audits, fraud investigations and acquisitions/due diligence), operational audits (cost savings/recoveries, process reengineering and root cause analysis). Familiarity with the major risk, internal control and governance frameworks from around the globe including AS/NZS 4360:2004, COBIT, Combined Code, CoCo, COSO ERM, ISO 31000, HB 436, HB 158, and King. Strong leadership, team building, communication and influencing skills. Delivers measurable results. Strong passion for internal audit profession and the risk discipline.
Director of The Education
and Research Center for
Managing Risk at
Manhattanville College
Principal at Schanfield Risk
Management Advisors, LLC
USA
Arnold Schanfield
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCESPEAKERS
VP of Enterprise
Operations and
Technology Risk
Management at Citigroup
Jason provides global oversight of self-assessment programs. He holds certifications in the governance of enterprise IT, auditing information systems, and IT infrastructure. He has twenty years of experience in operations, audit, regulatory compliance and risk management fields – most of that time in government and financial sectors. He has provided risk management expertise covering operations in market and credit
risk, anti-money laundering, financial reporting, technology infrastructure, continuity of business and supplier management functions. Jason is also a graduate of a U.S. service academy and served for 11 years as an officer in the U.S. Naval Reserve.
USA
Jason Shohet
53
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCESPEAKERS
John is a traffic and transportation engineer who became involved in risks of dangerous goods after the 1979 Mississauga train derailment. In 1982 he became the director of the Institute for Risk Research (IRR) until 2010. He participated in the Krever Inquiry on the safety of the Blood System in Canada. Other health studies have concerned risks and benefits of pharmaceutical drugs and Xenotransplantation. Recently, the IRR managed a series of 5
international meetings on Clean Air and Health resulting in new policies in the UK and the US. In the last 30 years John has been involved with risk studies in transportation (marine, rail, trucks, transit, and pipelines), chemical plant safety, risk communications, management of "public risks", water supply, food safety, and so forth. He gives about 5 talks a year on risk management particularly implementing 31000. Recent contributions to risk management have been in the area of Enterprise Risk Management with chapters on ISO 31000 in a 2009 Wiley business book and a 2010 article in the Journal of Policy Engagement. John has served on 3 Canadian standards committees (including CSA 31001 (2011)) and 3 ISO standards committees (including ISO 31000) over the last 20 years.
Adjunct Professor at
Department of Civil and
Environmental Engineering
University of Waterloo
Canada
John Shortreed
Program Manager, Risk
Management at Enablon
Software Solutions
Johannes Swanepoel is a program manager at Enablon Software Solutions ensuring that risk management activities are a l igned wi th ISO31000 and embedded in all applications that Enablon produce in the Sustainable Development domain. Johannes has 10 y e a r s ’ e x p e r i e n c e c o n s u l t i n g , developing, implementing and selling of specialised risk management software to organizations worldwide.
USA
Johannes Swanepoel
54
CONFERENCESPEAKERS
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Risk Management
Turnaround Specialist.
Sola Fide Solutions: Risk
and Strategy Consulting
Alicia Swart
South Africa
Alicia Swart is a risk turnaround specialist in the consulting industry of South Africa. She has developed a strong reputation for her ability to roll out a thorough ISO 31 000 aligned Integrated Risk Management Program.
Commissioner, Global
Standards Initiative,
ASIS International
Marc Siegel
USA
Dr. Marc Siegel is the Commissioner heading the ASIS International Global Standards In i t ia t ive deve loping in te r na t iona l and na t iona l r i sk management, resilience, security, and continuity standards as well as p r o v i d e s t r a i n i n g o n t h e i r implementation.! He is a RABQSA Internat iona l cer t ified Bus iness Improvement Lead Auditor, as well as a certified Trainer and Skills Assessor.!! As an Adjunct Professor in the College of Business Administration and the Master’s Program in Homeland Security at San Diego State University, Dr. Siegel
pioneered the concept of applying a systems approach to security and resilience management for organizations and their supply chains.! His work includes providing training and guidance on implementation of risk, resilience and security management systems, as well as risk management in regions of conflict and weakened governance for the protection of assets and human rights.
55
Chief Executive Officer at
Jakeman Business
Solutions
Julian Talbot
Julian is the Chief Executive Officer with JBS, a $25 million business st rategy and r isk management consulting house. JBS not only helps clients with risk management advice but uses it’s own advice and applies ISO31000 as its strategic management and decision-making system. Julian is a Fellow of the Risk Management Institution of Australasia, Director of the Security Risk Management and
Analysis Association (SARMA) and a Research Associate with the Australian Homeland Security Research Centre. !Previous roles include Manager of Property and Security for the Australian governments most extensive international network operating in over 60 nations (Austrade), Manager of Security for Australia's largest natural resources project, Woodsides $22 billion North West Shelf Venture and Senior Risk Advisor for the Australian Department of Health and Ageing.
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
Australia
CONFERENCESPEAKERS
Carolyn Williams, Head of
Thought Leadership at
Institute of Risk
Management
Carolyn Williams
UK
Carolyn Williams is Head of Thought Leadership at the Institute of Risk Management, the leading international educational and training body for the risk management profession, where she is responsible for communicating the work of the Institute to a variety of audiences. She has an MA in Politics, Philosophy and Economics from Oxford University and is a Chartered Insurance Practitioner as well as a Member of the Institute of Risk Management by examination. She joined IRM in 2006 from Lloyd’s of London, where she was responsible
most recently for risk management training and communication. She is also a member of the Chartered Insurance Institute’s Qualifications, Examinations and Assessments Committee and also represents the IRM on a number of other bodies including the Metropolitan Police Covert Operations Ethics Committee.
56
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
KEY CONFERENCE TOPICSUnderstand why Enterprise Risk Management (ERM) should be based on ISO
31000
Learn how ISO 31000 can add value in building a solid risk management framework and at each stage of the risk management process
Know how and why ISO 31000 is the global reference for risk management standards
Get informed currently of the perspective of the future ISO 31004 guide for implementing ISO 31000 risk management standard
Embed ISO 31000 into the day-to-day decision making process
Benchmark emerging ERM frameworks and structures across various entities and understand how ISO 31000 ties risk management to corporate goals and objectives
57
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCE VENUEThe conference will take place, in the heart of Paris, at a modern conference center in Paris "Triangle d'Or", the most prestigious business district in the French capital: EUROSITES GEORGE V, 28 avenue George V, 75008 Paris, France.
The venue and nearby hotels are in the area of the Champs-Elysées Avenue. You can find a convenient hotel using the following search engine proposed in the conference website :
www.G31000conference2012.org
PARIS FRANCE MAY 2012
58
EUROSITES-George V 28, Avenue George V - 75008 Paris Tel.: +33(0)1 53 82 60 00
http://www.eurosites.fr/en/Eurosites_George_V.php
Ideally located between Etoile and Concorde, in the most prestigious business district in Paris,Eurosites George V is easily accessible.
BY METRO George V (line 1). Alma Marceau (line 9)
BY BUS Routes 32, 42, 63, 72, 73, 80 and 92
CAR PARK Vinci Champs Élysées and Alma George V.
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCE VENUE
EUROSITES-George V
59
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCE PARTNERS
60
MEDIA PARTNERSFIRST INTERNATIONAL CONFERENCE ON ISO 31000
61
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
CONFERENCE ORGANISERThe Global Institute for Risk Management Standards provides clients with business information and knowledge on the ISO 31000 Risk Management Standard which enables them to reinforce business performance and their decision-making process, thus giving a valuable competitive advantage and making a positive contribution to their success.The Global Institute for Risk Management Standards is involved in the creation of G31000, a global platform for ISO 31000, and initiating multiple initiatives around the ISO 31000 standard.
The official launch of G31000 is scheduled at the Conference in May 2012.
CONFERENCE QUOTEWhy the management of risk should be based on ISO 31000?
The absolute aim of the ISO 31000 Risk Management Standard is to help managers to make decisions to enhance the performance of the organisation.
62
FIRST INTERNATIONAL CONFERENCE ON ISO 31000
GENERAL INQUIRIESRIMEC SARL20, rue Berzélius 75017 ParisFrance
Tel! +33 (0) 1 77 14 16 38Fax +33 (0) 1 82 09 67 72
Email : [email protected]
PARTNERSHIP AND MEDIA-PARTNER OPPORTUNITIESIf your organisation would like to be associated with the First international conference on ISO 31000, please contact us at:
Alex Dali | President of G31000 | France
Pascal Germain | Partner at RIMEC SARL | France
LINKEDIN GROUPJoin our ISO31000_Conference_2012 LinkedIn sub-group to be able to start networking with your peers before and after the conference.
Short link: http://goo.gl/QDjgv
To download the full brochure and make your reservation, you are invited to go to the website : www.G31000conference2012.org
REGISTRATION
Graphic Design by Michele Harper Design
www.micheleharperdesign.com