iso31000 38th cut may 20...iso 31000 provides a single global reference for stakeholders in an...

1

Date! 21-22 May 2012

Location Paris, France

Contact!: Alex Dali

Email!: [email protected]

Website: www.G31000conference2012.org

FIRST INTERNATIONAL CONFERENCE ON ISO 31000WHY EVERY PROGRAM SHOULD BE BASED ON ISO 31000 RISK MANAGEMENT STANDARD?

Organiser: Global Institute for Risk

Management Standards - G31000

Media PartnersPartners

mailto:[email protected]


http://www.g31000conference2012.org/

http://www.g31000conference2012.org/

2

Dear Risk professionals,

Risk management today dictates that organisations should understand their major risks and put in place appropriate systems and processes to manage them effectively in order to achieve objectives. The theory is fine - but what foundation is your risk management program based on? We believe that all risk management programs should be based on ISO 31000, the only internationally-recognized risk management standard, adopted by most G20 countries as their national risk management standard.

Do you know the ISO 31000 Risk Management Standard?

Is your present risk management program aligned with the principles, framework and process outlined in ISO 31000? Are you sure that your consulting advisors are recommending a solution aligned with ISO 31000? Is your risk management program oriented to promote business performance or is it perceived as a bureaucratic compliance/reporting system?

This highly knowledge-based two-day conference will explore how ISO 31000 can be incorporated into your existing risk management practice, helping attendees to develop a practical tailored action plan for their own business or those of their clients. In line with this year’s forum theme and the current deep economic uncertainty, we will also explore how the ISO 31000 standard is changing the global risk management community and the latest developments in your sector.

We are proud to present a very exiting programme for this first international conference on the ISO 31000 Risk Management Standard. Offering the highest quality educational and networking experience available for risk professionals, the conference will bring together some of the most successful, resourceful and innovative risk professionals currently using ISO 31000. During the main and parallel sessions, receptions, lunches and the Gala dinner, you will have the opportunity to meet experts in ISO 31000, risk managers, CEOs, CFOs and others decision-makers.

We look forward welcoming you in Paris!

FIRST INTERNATIONAL CONFERENCE ON ISO 31000

Alex Dali President of G31000

3

DO YOU KNOW THE ISO 31000 RISK MANAGEMENT STANDARD?


Is your present RM program aligned with the principles, the framework and the process outlined in ISO 31000? Are you sure that your consulting advisors are recommending a global RM solution

aligned with ISO 31000? Is your RM program oriented to promote business performance or is it

perceived as a bureaucratic compliance/reporting system?

This highly knowledge-based two-day conference explores how ISO 31000 can be incorporated

into your existing risk management practices. It will help attendees to develop a practical tailored

action plan for their own business or those of their clients.

Presenters will show how line managers, auditors and risk managers can use ISO 31000 as a

catalyst for developing sustainable risk management and can assist in embedding and improving risk

management effectiveness. Participants will learn how ISO 31000 can add value in building a solid

risk management framework and at each stage of the risk management process – from

establishing the context and risk identification to monitoring and reporting – without creating a

bureaucratic compliance/reporting system.

4


KEY CONFERENCE TOPICS

1- Understand why the management of risk or ERM should be based on ISO 31000

2- Know how and why ISO 31000 is the global reference for risk management standards

3- See the results from the first global survey on ISO 31000 giving you an insight into how ISO 31000 is currently perceived by different sectors, different countries and the whole riskmanagement community

4- Learn how ISO 31000 can add value in building a solid risk management framework and at each stage of the risk management process

5- Embed ISO 31000 into your organisation’s day-to-day decision making process

6-Understand how to use practical tools and techniques used in different sectors to facilitate managers’ decision-making processes

Participants will have access to all presentations & documents released during the conference.

5

CONTENT OF THE SESSIONS

The keynote speakers will share their views and experiences about ISO 31000, the only international risk management standard, the ISO Strategic plan, the history of risk management standards and the current development of the new ISO 31004 guidance.

The plenary sessions will give you a flavour of risk management thought from around the world, focusing on both why and how to implement ISO 31000, and showcasing the launch of the new Global Institute for Risk Management Standards (G31000).

In the parallel sessions, we bring experts from around the globe in areas such finance/banking, compliance, internal audit, business continuity, security, education, software, standardization and learn how they use the ISO 31000 risk management standard, including how to move from previous approaches such as COSO ERM.

Whether you have been charged with establishing a risk management framework for your organisation, want to increase the effectiveness of the existing ERM program or wish to benchmark against the emerging best practices in risk management, this is the conference for you.


6

Directors, executive managers and line managers across all organisations, public and private, large and small. It is a must for any Director or manager who wants to manage risk as part of effective corporate governance.

Auditors, risk managers, Chief Risk Officers, Governance & compliance practitioners who provide advice on the management of risk either in house or as consultants.

Those who implement risk management or ERM in their organisations or government bodies in the following areas:

WHO SHOULD ATTEND?


• Enterprise Risk Management/ERM• Risk Management/Risk/CRO• Internal Audit• Corporate Compliance• Controller• Internal Controls & Compliance• IT Audit• Treasury• Strategic Planning• Security• Business Continuity• Software• Public sector • Regulatory authorities• Risk management education & training

7

BENEFITS OF ISO 31000

ISO 31000 provides a single global reference for stakeholders in an organisation which has a

risk management program

ISO 31000 provides a independent document for any financial or non-financial organisations

ISO 31000 is the only internationally recognized ISO standard in risk management

ISO 31000 is based on extensive experience of existing risk management standards such as

AS/NZS4360 (first published in 1995)

ISO 31000 can apply to any activity or domain in any organisation, any size – public or

private

ISO 31000 provides an “umbrella” for many recognised standards and guidelines that refer to

risk management

ISO 31000 promotes business performance and is not a bureaucratic compliance/reporting

system

ISO 31000 is robust and simple to apply

ISO 31000 adoption provides a great opportunity for organisations to review their existing

risk management practices

ISO 31000 text is concise (24 pages) and clearly written


Main advantages for an organisation to adopt the ISO 31000 Risk Management Standard:

Additional advantages to be gained from using the ISO31000 risk management framework:

designed as an enterprise wide approach, with defined roles and responsibilities objectives based, dynamic and responsive to change

easily aligned with performance management and the development of Balanced Score Cards

designed to be embedded in decision making, not used as a stand-alone process

promotes intelligent thinking as opposed to checking boxes

assists with gaining and sustaining buy-in by upper management simple and easy to understand for greater acceptance throughout the organization

enables whistleblowing without leading to pointing fingers

provides a single reference for all stakeholders in the risk management program

provides a standard terminology of risk terms

Across the world risk managers involved in the implementation of ISO 31000 come together as a community to share ideas for evolving and advancing risk management in all organisations.

8


CONFERENCE PROGRAM

09h15 - 10h40Opening - Keynote and Special Speakers:Risk Management : Supporting policy-makers with a framework for actions20 years of Risk Management Standardisation - Past, Present and Future ISO 31000- The next step on the Journey

10h40- 11h00 Coffee break

11h00 - 13h00Parallel session 1A Moving from COSO ERM

Parallel session 1B Business Continuity

13h00 - 14h00 Lunch

14h00- 15h15Parallel session 2A Education

Parallel session 2B Human Factors

15h15 - 15h45 Coffee break

15h45 - 17h00 Plenary session: Why every RM programme should be based on ISO 31000

18h30 Gala Dinner

Monday

9

09h00 - 11h00 Plenary session: How to implement or adapt your RM programme using ISO 31000


11h30 - 13h00 Parallel session 3A Security & SafetyParallel session 3B Raising Awareness on ISO 31000

13h00 - 14h15 Lunch

14h15 - 15h45Parallel session 4A Finance & Banking

Parallel session 4B Training on ISO 31000 Standard


16h15 - 17h25 Plenary session: G31000 - the new Platform for ISO 31000

17h25 - 17h30 Closing

Tuesday


CONFERENCE PROGRAM

10


Stephane Jacobzone | Counsellor, Public Governance and Territorial Development of

the OECD | France

Emerging risk - an agenda for actions

Risk management policy in the OECD perspective

The level risk forum

Quality regulation & risk - an OECD instrument

Risk Management : Supporting policy-makers with a framework for actions

9:15 - 9:25 INVITED SPEAKER

Day 1 Monday 21st May 2012

SESSIONSThe indicated program is subject to change due to required confirmation from the speakers.

Kevin W Knight | Chairman of the ISO Working Group that developed ISO 31000 |

Australia

The international first standard published on risk management

The successive revisions of the Australian/New-Zealand

Standard AS/NZS4360

The broad acceptance of AS/NZS4360 leading to ISO Guide 73 (vocabulary) and ISO 31000 (standard)

The challenges of the ISO 31004 guide for implementation

of ISO 31000

20 years of Risk Management Standardisation - Past, Present and Future

9:25 - 10:10 KEYNOTE SPEAKER

http://g31000conference2012.org/node/121


11


10:10 - 10:40 SPECIAL SPEAKER

Day 1 Monday 21st May 2012

SESSIONSThe indicated program is subject to change due to required confirmation from the speakers.

It’s all about results: using risk management outcomes to obtain and sustain top level buy in

Using standards to help build internal and external

coordination and consistency in risk management

Cultures, countries and implementation challenges in developing ISO 31004

The Canadian experience in ISO 31004: a snapshot

Jan Mattingly | Project leader for ISO 31004, ISO/PC 262 Risk Management committee |

Canada

ISO 31004 - The next step on the Journey

Monday 10:30 - 11:00 Networking & Refreshment Break

12


12 MAIN SUBJECTS

Business continuity Internal

audit

Finance & banking

Moving from COSO ERM

Education

Software

Security

Regulatory authorities

Human factors

Raising awareness

Training on ISO 31000 session A

Training on ISO 31000 session B

13


How to move from COSO ERM to ISO 31000?

The COSO ERM framework has received a lot of criticism and has been proved difficult to implement. However, some companies have put tremendous efforts into trying to achieve its implementation with the belief that there is no alternative. Since January 2011, the ANSI/ASSE has adopted ISO31000 as the American risk management standard. This session will explain why and how companies using COSO ERM should move towards ISO 31000 in order to realise a better risk management framework.


Sally Dix | Vice President, Standards and Guidance The Institute of Internal Auditors, Global Headquarters | USA

Risk Management Strategy: Building the Approach thatʼs Right for Your Organization.We all share common goals: Optimizing our risk management strategies to assure our organizationsʼ goals and objectives are met. The experts agree, when it comes to risk management, one size does not fit all. Risk strategies that are effective for some organizations might stifle new opportunities or lead to unanticipated problems for others. Itʼs not just a matter of selecting a risk framework or deciding on a level of resources dedicated to risk management – itʼs a matter of identifying and implementing the specific strategies and approaches that are the right ones for your organization and its unique culture. Sally Dix, Vice President, Standards and Guidance, for the Global Institute of Internal Auditors, combines theoretical knowledge and real world experience in this insightful presentation sharing new tips for making risk management work for you. How well the approach is tailored to your organization can make the difference in the success or failure of risk management at your organization.

Arnold Schanfield | Principal at Schanfield | Risk Management Advisors | LLC USA

Arnold believes that COSO ERM was designed with good intentions, but that overall it is too complex and unwieldy, resulting in many companies giving up on designing their own program and paying external consultants to tell them how to implement risk management. Today, COSO ERM is the subject of some controversy. Based on his experience of both ISO 31000 and past COSO ERM implementations, Arnold will demonstrate how ISO 31000 improves on COSO ERM in a number of areas including referencing the “deadly sins” introduced by Grant Purdy and will give practical advice on how to navigate successfully from COSO ERM to ISO 31000 standard.

Monday 11:00 – 13:00 – Parallel Session 1A

14


How to move from COSO ERM to ISO 31000?


Norman Marks | CPA, CRMA, Vice President, Evangelist at SAP | USA

Turning towards the ISO 31000:2009 risk management standard

Norman will share how, when he was asked to start a risk management practice, in addition to leading internal audit, he turned first to the COSO ERM Framework. Finding it lacking as a way of explaining risk management to the board and executives, he adopted the ANZ Standard and practice guides. Although initially critical of the new ISO standard, he is now an advocate. He is recognized as such within internal audit circles, and has helped move the IIA away from sole endorsement of the COSO framework and towards adoption of the ISO risk language. He will share why he recommends ISO 31000:2009 as he makes presentations and engages with SAP customers around the world.

Michael Parkinson | Member of the International Internal Auditing Standards Board at the Institute of Internal Auditors | Chairman of Committee OB-007 at Standards Australia | Director at KPMG | Australia

Planning the program – supporting the organisation’s risk management process

Reviewing the risk management process

Focusing the individual engagement

The feedback loop – internal audit informing risk management

The new role of internal auditors

15


Lyndon Bird | Technical Development Director & Board Member at BCI, the Business Continuity Institute | UK

Business Continuity

Aligning your Business Continuity program with the ISO 31000 standard

Lyndon Bird is a Director of The Business Continuity Institute. He helped found the BCI in 1994, and was awarded the Institute’s highest grade of FBCI.Prior to taking his current executive role with the BCI, he has served as a voluntary member of the elected BCI Board for six years including three years as Chairman. He was voted BCM Consultant of the year in 2002 and given the prestigious Lifetime Award in 2004 by Continuity, Insurance & Risk Magazine.

Monday 11:00 – 13:00 – Parallel Session 1B

Geraint Bermingham | Director of Navigatus Consulting | New Zealand

Application of ISO31000 philosophy to Business Disruption Management ( Developing AS/NZS5050)

Business continuity has traditionally been separate to organisational risk management functions

ISO31000 gave opportunity to integrate the management of business disruption related risks with all other business risks

Focused on organisational objectives - proactive and reactive

Example of disruption event that proved the concepts later described by AS/NZS5050

In June 2010, Standards Australia and Standards New Zealand released AS/NZS 5050, the new business continuity standard, which aims to relate business continuity to the ISO 31000:2009, ‘Risk management – principles and guidelines’ framework, making risk assessment and management its central pillars. This session will discuss how to align your Business Continuity program with the ISO 31000 standard.

16

John Agius | Enterprise-Wide Risk & Business Continuity at GO Plcr | Malta


Business Continuity

Risk and Business Continuity Management have been developed overtime as a result of the effects of uncertainty that organizations face in achieving their objectives. The likelihood of deviations from set objectives, whether negative and/or positive, compels organizations to be proactive and prepared to intervene in good time to manage adverse effects and pursue opportunities. In the event of business disruptions organizations are obliged to provide for resiliency and to ensure that alternative arrangements are in place for business to continue to operate whatever the circumstances. John’s presentation tackles the process RM plays in establishing an effective and efficient BCMS and how ISO 31000 benefit this process.

The RM to BC Route - How ISO 31000 benefits Business Continuity

Brian Gray | Chief - Business Continuity Management Unit - United Nations | USA

Business continuity was spawned from Disaster Recovery; risks were therefore focused on IT

Over the past decade the context has changed: business continuity now must consider all-hazards and the financial crisis has put pressure on resources

Risk management provides a common framework to convene, collaborate and communicate

This process not only addresses risks, but generates serendipitous effects that strengthen organizational performance

Drivers of Performance: ISO 31000 and Business Continuity

17


Monday 13:00 - 14:00 Lunch

Dr. Louis Marinos | Senior expert - Risk Management at ENISA | Greece

What are the methods to identify the common points?

What are the possibilities to maintain the interfaces?

What is the need in the community?

What open issues have been identified?

Business Continuity, Risk Management and Preparedness: how to complete the puzzle?

Business Continuity connects to Risk Management and other Management disciplines. But:

Business Continuity

18

John Shortreed | Adjunct Professor, University of Waterloo | Canada


How world-wide global risk management curriculum are or should be aligned to IS0 31000

A majority of institutions have fallen short of delivering educational programs that meet the needs of business in the area of managing risk. Many of the courses for instance are too general and there is an obsession with financial risk to the exclusion of all other forms of risk. This session features presentations that address the shortcomings that are so prevalent among the plethora of programs offering training and education in the area of risk management.The intent of this session is to demonstrate that some curriculum in RM have already adapted the content of the teaching to the principles, framework and process proposed in the ISO 31000 Risk Management Standard.

Education

Anthony Davidson | Dean of the School of Graduate and Professional Studies Manhattanville Center of Excellence for Managing Risks | USA

Anthony will speak about a new program recently launched at the Manhattanville College that tackles risk management from a totally holistic perspective, taking into account the multiple dimensions of risk. The premise is that Risk Management cannot be simply treated as a programme containing a methodology. It must be regarded as an organisational initiative, which needs to be adopted and practised by all constituents of the organisation, including not only all the departments and employees but also all stakeholders that impact the organisation. ISO31000 and i ts related elements should be viewed as contemporaneous guidelines for the purposes of establishing and ensuring a system-wide adoption of the risk construct, through an evolving implementation process.

Bringing thirty years experience in research, education and standards in risk, John will give his views on how risk management education and training could be better designed and delivered so that it is consistent with ISO 31000, and fully integrated into the existing governance and management of any organization, in a simple, yet powerful and persuasive way, that overcomes existing inertia in the evolution of risk management.

Monday 14:00 – 15:15 – Parallel Sessions 2A

19

Carolyn Williams | Head of Thought Leadership at Institute of Risk Management | UK

Education

What is a profession and does it matter?

IRM’s approach to risk management education

Equipping ourselves for the future


William Gifford | Student at the Glasgow Caledonian University | Scotland

What led me to Risk Management (RM)

How GCU gave me an insight to RM thinking

The importance of understanding the role of education in RM

The common approach supplied through ISO 31000

Why it is important for ISO 31000 and educational programmes to become aligned

Supporting the Risk Management Profession

The IRM believes passionately that investment in education and continuing professional development leads to more effective risk management. This presentation will cover:

What students in risk management expected to be taught during their curriculum

20

Peter Blokland | Organisational coach | trainer & risk expert General Manager at BYAZ bvba Belgium


To manage risk, you will have to increase the quality of your perception

Managing risk is managing uncertainty as well as managing objectives. What you will see is what you will get, is certainly true in managing risks. The more opportunities you’ll see, the more risk you’ll take. The more dangers and threats you’ll discover, the better you will be able to cope with them.

Frank Herdmann | Managing Partner at Auxilium Expatbiz Services and AUXILIUM Management Service | Germany

Human Factors, Management, and Risk

Human Factors Management is at the core of life. It has to be tailored and aligned with an organization’s external and internal context. Complexity requires Human Factors Analysis and Classification Systems and/or Human Reliability Analysis. But for most entities a simple systemic approach is a good start for Risk Management.

Risk and Human factors

Understanding and managing people is a core risk management competency. People are often considered as an organisation’s greatest asset and yet they are often also the greatest liability. This session will broaden your understanding of how a consideration of human factors should be incorporated into your risk management practice.

Human factorsMonday 14:00 – 15:15 – Parallel Sessions 2B

21


Human factors


Monday 14:00 – 15:15 – Parallel Sessions 2B

Norman Marks | CPA, CRMA, Vice President, Evangelist at SAP | USA

Risk and Human Factors: Because People Run Businesses

Norman will review a couple of different ways the Human Factor affects risk management:

As a source of error. The root cause of error is almost always people and risk managers must consider the risk of mistakes

As an influence on risk decisions. Different people will evaluate, assess, and respond to risk in different ways. How then can the risk manager ensure the right risks are taken for the organization?

He will share his experiences and views on how to address these issues.

Risk and Human factors

The need to keep risk management as a simple and holistic process

The need for universal understanding

The essence of risk criteria

The meaning and practicality of integration

Dealing with context and emerging risks

For the first time in the last decades, a single document called ISO 31000 is the only internationally recognized ISO standard in risk management, a single global reference for stakeholders, adopted by most G20 countries, based on the 20 years long experience of AS/NZS4360, can apply to any activity, any sector, a voluntary application promoting business performance and most important is not a bureaucratic compliance/reporting system. This session will explain you why every risk management program should be based on the ISO 31000 Risk Management Standard.

Why every RM programme should be based on ISO 31000

John Fraser | Senior Vice President | Internal Audit and Chief Risk Officer at Hydro One | Canada


Michael Parkinson | Member of the International Internal Auditing Standards Board at the Institute of Internal Auditors | Chairman of Committee OB-007 at Standards Australia | Director at KPMG | Australia

Is there anything else that could be used?

The strengths of ISO 31000

The advantages of agreed terminology

The advantages of a uniform approach

Monday 15:45 – 17:00 – Plenary Session

23

Jacquetta Goy | Risk Manager at BCLC | Canada

The power of using ISO 31000 as your ERM foundation

Increasing the understanding of risk through a common language

The benefits of alignment

How developing risk criteria resolves the appetite discussion

Why establishing the context matter


Monday 18:30 Gala Dinner on the river Seine


Come and discover the magical banks of the Seine, enjoy a sumptuous dinner, and admire all of the most prestigious Parisian landmarks. Share with us the extraordinary atmosphere that prevails on this river restaurant and the exquisite, fresh and generous cuisine of the world renowned chef Martial.

Tuesday 9:00 - 11:00 Plenary Session

Day 2 Tuesday 22nd May 2012

How to implement or adapt your RM programme using ISO 31000

Rico Ferrarese | Senior Strategic Risk Manager at LEGO Group | Denmark

ISO 31000 says: “The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed”In this session, we will learn how large companies have achieved the implementation of ISO 31000. What are the major barriers to effective risk management in organizations today? How Risk Maturity Models can be developed and used for benchmarking.

During these past years, Mr. Ferrarese has provided a systematic validation of the LEGO Group ERM approach vs. the ISO 31.000 standard and provided a set of recommendations as to further alignment. Most of these recommendations have been implemented leaving the LEGO Group largely in compliance with ISO 31000 .

Domenic Antonucci | Chief Risk Officer at ADPC Abu Dhabi Ports Co. | UAE

Risk Maturity Model dedicated to ISO 31000.Introducing BenchMarker: A maturity model checklist tool to benchmark your organisation against recommended global practice for Enterprise Risk Management (ERM) and ISO 31000. Brief your CEO and Board with a strategic baseline and measure future ERM progress. Also previewing RiskMapper: a risk universe mapping tool to test the maturity of your risk Profiles, Source and Context.

Jason Shohet | Vice President of Enterprise Operations and Technology Risk Management at CITIGROUP | USA

A “Slow Introduction” approach in the implementation of the ISO 31000.Jason Shohet is a VP of Enterprise Operations and Technology Risk Management at Citigroup where he provides global oversight of self-assessment programs. He has provided risk management expertise covering operations in market and credit risk, anti-money laundering, financial reporting, technology infrastructure, continuity of business and supplier management functions.Jason will explain how he realize that a “Slow Introduction” approach in the implementation of the ISO 31000 - sacrilege to some but aside from quitting and working somewhere else – is sometimes the only option.

26

Pat Croke | Managing Director at Hyperassure Ltd | Ireland


This session will explore the various ways that software can be used to support ISO 31000. It will span the gamut from very simple spread sheet based systems to highly sophisticated dedicated risk management software. The discussion will focus on the strengths and weaknesses of using software for different aspects of risk management at the!strategic, tactical/project and operational objective levels.

ISO 31000 Doing what comes naturally.During this session you will gain an understanding of how ISO 31000 can be rolled out in an organization in either a top down or a bottom up manner. Pat will focus on the importance of context and how it changes at different levels of the organization. He will show how understanding these changes is important to achieving success with either approach. He will also discuss how the ISO 31000 framework can be used with multiple different risk management processes which are specifically tailored to a particular type of process such as Decision Making, Project Management, Information Technology, Health and Safety, etc.

How specialized software supports ISO31000, how we have implemented it.

Specialized risk management software should support decision making in every way possible. The ideal risk management solution would not be standalone, would not be a referred to as the “risk management application”, and would not be situated in the “ERM” department. Risk management application should be an intrinsic feature of all software applications that govern resources. It should facilitate, empower and record cognitive reasoning a manager undertakes when evaluating options to create a reproducible trail of thought and contribute to

organizational learning purposes.


Johannes Swanepoel | Program Manager, Risk Management at Enablon Software Solutions | USA

27

Julian Talbot | Chief Executive Officer at Jakeman Business Solutions | Australia


“ISO31000... How does it relate to security”?

ISO31000 is potentially the best thing to happen to security risk management since Og the caveman picked up a club to defend his family. But just how do we use it, what are the benefits and equally importantly, what are the pitfalls? This panel of subject matter experts will attempt to answer these questions and more looking at a range of security practice areas. Physical security, information technology, information, personnel and in particular, security management.

Security and Safety

Enterprise Security Risk ManagementEnterprise Security Risk Management is much more than just scaling up security management across an organization. It means taking an integrated view of how each part of the organization affects the other and turning some complex analysis into a series of practical plans that people can understand and implement. It needs an entirely different mindset from traditional security management but fortunately we have a tool that is ideally suited to the job - ISO31000. This presentation is based on lessons learned in conducting enterprise security risk assessments for multibillion government and resources organizations operating on six continents. Come find out what worked, what didn’t – and why.

Gilles Motet | Professor at the National Institute of Applied Sciences, Member of the French AFNOR Commission on Risk Management | France

Contribution of ISO 31000 to safety management

ISO 31000 introduced a new definition of Risk based on uncertainty, and a new way for handling risks. First of all, the presentation will show that this new vision is in accordance with the change of concerns of stakeholders in safety domain. Then, the contributions of the original aspects of the risk management process to safety will be highlighted. Finally, we will explain how the Framework proposed by ISO 31000 allows the concept of risk acceptability to be challenged as recently required by stakeholders.

Tuesday 11:30 – 13:00 – Parallel Sessions 3A

28

Marc Siegel | Commissioner, Global Standards Initiative, ASIS International | USA


Security and Safety

To protect the value chain, organizations must move beyond traditional siloing of risks to a holistic approach.

The ISO 31000 provides a framework for integration of security management into a enterprise-wide risk management strategy.

To protect the value chain, organizations need to have a comprehensive strategy to manage both organizational and supply chain risk.

Why ISO got it wrong!

Lorenza Jachia | Secretary, Working Party on Regulatory Cooperation and Standardization Policies at United Nations Economic Commission for Europe (UNECE) | Switzerland

Risk management has become an essential building block of regulatory systems in all areas – in food safety, environment, aviation, finance – to name just a few. The work of the UNECE aimed at guiding regulatory stakeholders in consistent and systematic application of risk management to establishing and running regulatory systems has been entrusted since 2010 to the Working party’s Group of Experts on Risk Management in Regulatory Systems (UNECE GRM). ISO 31000 is a tool that allows for a systematic integration of risk management best practice in all areas of regulatory activity.

Risk and Security Management: Protecting and Creating Value

Initiatives by regulatory authorities

29

Kevin W Knight | Chairman of ISO Working Group that developed ISO 31000 | Australia


Raising the awareness about IS0 31000, worldwide

This panel discussion is intended to share experiences about how to raise awareness to encourage public and private organisation to adopt ISO 31000 as their reference in the management of risk. Starting with the 20 years long experience of Australia, the session will continue with Canada, then USA and possibly experiences in Europe.

Raising awareness

Follow-up of 20 years of Risk Management Standardisation - Past, Present and Future. Although the original 1995 edition of the AS/NZS 4360 standard was developed from earlier risk-management ideas and processes it was nonetheless ground-breaking as the first standard published on risk management…

Awad Loubani | Director, Quality and Risk Management Services in the Corporate Services and Strategic Planning Branch of Public Works and Government Services Canada (PWGSC) | Canada

Membership matrix of the CSA Technical Committee on Risk Management and the subsequent Standards Council of Canada Mirror Committee membership

Comparative study of various RM standards in 2008

Focus groups approach - different economic sectors across Canada

Conducting 3 public reviews of CSA Q31001

Cross work with other CSA TCs

Canadian additions to ISO 31000

CSA training and speaking opportunities

Going forward: CSA senior management to have greater focus on RM as a critical area of their work

The Canadian perspective

Tuesday 11:30 – 13:00 – Parallel Sessions 3B

The Australian perspective

30

Carol Fox | Director, Strategic and Enterprise Risk Practice at RIMS, Vice-chairman at US TAG for ISO 31000 Risk Management | USA

The American perspective


Risk management standards and frameworks in the U.S.: Adopt or adapt? RIMS 2011 benchmark survey on ERM will be discussed, including how risk practitioners are utilizing prevalent standards and frameworks.

Geraint Bermingham | Director of Navigatus Consulting | New Zealand

ISO31000 was adopted unchanged in Australian and New Zealand as AS/NZS ISO 31000 within months of the original being published.

A coordinated programme was developed to educate all government and private sectors of its content and use.

Standards NZ and The NZ Society for Risk Management joined forces to prepare and deliver the programme.

The programme included seminars at each major city and drew in an unexpectedly large numbers of attendees.

31000 follows 4360 as being the ‘best seller’ standard in both Australia and New Zealand.

31000 is gaining rapid uptake - particularly within the Government sector.

An outstanding issue is an ongoing belief by some that it is simply an update of AS/NZS4360 whereas the principles and framework content is new and of significant value.

The rapid adoption of ISO31000 in New Zealand

The New Zealand perspective

31


Alicia Swart | Risk Management Turnaround Specialist. Sola Fide Solutions: Risk and Strategy Consulting | South Africa

Why the current South African Context is creating an ideal platform to actively position the value add of ISO 31000.

South African opportunities to uniquely package ISO 31 000 solutions and ensure the value and buy in for organizations

Raising ISO 31 000 awareness while leveraging from other business "buzz" words and disciplines.

Taking ISO 31 000 to the next level in the South African Context

The South African perspective

Tuesday 13:00 - 14:15 Lunch

Alpaslan Menevse | Operational Risk Manager at Sekerbank | Turkey

Evolutionary new code of commerce in Turkey will go in effect in! 1st of July 2012. Prepared totally with a new vision, the code requires a risk oversight committee with ERM functionality for all publicly traded firms in Istanbul Stock Exchange. The mandate will bring new opportunities to the risk management field since it allows organizations to outsource the risk advisory function.

Turkish perspective

The New Code of Commerce and ISO 31000 in Turkey

Angel Escorial | Director General at Riskia, Member of the Spanish AENOR Commission on Risk Management | Spain

Spanish perspective

The New Code of Commerce and ISO 31000 in Turkey

AENOR translated into Spanish ISO31000 in 2010

Spread of ISO31000 through RM Associations, particularly by AGERS

Increasing interest for information and training

Global ISO31000 Survey 2011

32

Jason Shohet | Vice President of Enterprise Operations and Technology Risk Management at CITIGROUP | USA


Going beyond regulatory requirements

Today, banks are mandated to meet many different regulations including but not limited to Anti Money Laundering requirements, Sarbanes Oxley, Dodd Frank Wall St Reform Act, International Accounting Standards and Basel II / Basel III banking accord. This session will look at how ISO 31000 can assist in bringing these various regulatory initiatives together and not only be harmonious with Basel II, III but improve its operations.

Finance & Banking

Martin Davies | Managing Director at CAUSAL CAPITAL | Singapore

How can ISO 31000 bring risk departments together in banks

Why Basel II, III does not conflict with ISO 31000

Look at the top risk challenges for Banks and how can ISO 31000 assist with them

A working mode for ISO 31000 in financial institutions

Identifying internal and external stakeholders of a “silo” within a heavily-regulated bank – an AML example

Using ISO 31000 principles to educate traders / bankers who expected you to mitigate risk for them

Why baking operations struggle with identifying risk events – and how to address the problem

Focus on achievement of objectives versus traditional focus on regulatory compliance

Tuesday 14:15 – 15:45 – Parallel Sessions 4A

33

Alpaslan Menevse | Operational Risk Manager at Sekerbank | Turkey

Organizational Culture is one of the most important topics addressed by ISO 31000

Most affected organizations have not built up common internal language.

Resisting to the change will be one of the main threats of the next decade.

Why ISO 31000 is the best candidate of holistic integrator of the organizations.


Finance & Banking

Tim Leech | Managing Director Global Services at Risk Oversight Inc | Canada

Using ISO 31000 for Sarbanes-Oxley Section 404What will it take to convince the U.S. and countries around the world that ISO 31000 is a “suitable” and far superior assessment framework for SOX 404 and similar representations?! What will it take to eliminate the current control-centric SOX 404 silo and integrate SOX assessment efforts with ISO 31000 and ERM?

John Lark | President at Coherent Advice | USA

John is a recognized leader in r isk management w i th over 10 years o f experience. In November of 2010 he was awarded the distinguished CPRM certification by the Risk Management Institution of Australasia. John is also a member of the Canadian Standards Association Technical Committee on the new Canadian Risk Management Standard Q31001 and the new international risk management standard CAN/CSA ISO 31000.

Training on ISO 31000

Tuesday 15:45 - 16:15 Networking & Refreshment Break

Tuesday 14:15 – 15:45 – Parallel Sessions 4B

34

G31000 - the new Platform for ISO 31000


The G31000 Platform was launched in 2011 to enable organisations to work with the Global Institute for Risk Management Standard, a not-for-profit organisation, to deliver the overall G31000 mission of: Promoting the ISO 31000 Risk Management Standards worldwide.The First international conference on ISO 31000 will officially start the activities of the G31000

Pat is in charge of developing the on-line risk management training course based on ISO 31000 which will support people trying to attain C31000 certification. He is also responsible for the roll out of the G31000 technology platform and will discuss what has been done to date and what is planned for the future.

Pat Croke | Managing Director at Hyperassure Ltd | Ireland

Jacquetta Goy | Risk Manager at BCLC | Canada

Jacquetta is in charge of the certification of individuals. Candidates for the C31000 Certificate need to demonstrate a thorough understanding of the ISO 31000 Risk Management Standard, its principles, its vocabulary, its framework and its process.

Alex Dali | President of G31000 | France

Alex had the inspiration and is the lead for G310000, bringing all the ideas together. He will present the results of the global survey on ISO 31000 carried out between October-December 2011.

Tuesday 16:15 - 17:25 Plenary Session

Tuesday 17:25 - 17:30 Closing

Speakers and Moderators’ Biographies

36

Chairman of the ISO

Working Group that

developed ISO 31000

Kevin W Knight is known for his active work in developing, explaining and encouraging the use of Standards with respect to the management of risk. He is a founding member of the Standards Australia/Standards New Zealand Joint Technical Committee that produced the original AS/NZS 4360 Risk Management Standard in 1995 and its subsequent revisions in 1999 and 2004.

Kevin was Convenor of the International Organisation for Standardisation (ISO)

Working Group that produced ISO/IEC Guide 73:2002 – RM Terminology and he Chaired the ISO Working Group that developed ISO 31000:2009 Risk management — Principles and guidelines and the revised ISO Guide 73:2009 Risk Management Vocabulary published in November 2009. He currently Chairs ISO Project Committee 262 - Risk Management.

Kevin W Knight

Australia

CONFERENCESPEAKERS


Enterprise-Wide Risk &

Business Continuity

at GO Plcr

John is a Risk-and-Business-Continuity manager having strong industry and academic experience in the profession a n d t h e a s s o c i a t e d re s i l i e n c e disciplines. Originating from electronics and Computing John moved from DRP in Data Processing and MIS way back in the 1970’s to RM and BC as known today.

John Agius

Malta

37

Chief Risk Officer at ADPC

Abu Dhabi Ports Co

Domenic Antonucci

UAE

Domenic is currently responsible for initiating and aligning mega-project and enterprise-wide risk management (ERM) for Abu Dhabi Ports Company (ADPC). Domenic specializes in implementing ERM wi th in ear l y r i sk matur i t y organizations and building risk practitioner tools and techniques for implementing ISO 31000:2009 and formerly AS/NZ 4360:2004. Previously with Marsh Risk Consulting, he prefers alternating between organisation head of risk and

consulting roles in the UAE, Middle East, Africa, Asia and Australia. He enjoys over 30 years experience with Shell strategic planning, anti-terrorism and business management consulting across many sectors. An Australian ex-patriot, he holds a Masters Degree and is a PMI-RMP Risk Management Professional.

CONFERENCESPEAKERS


Director of Navigatus

Consulting

Geraint Bermingham

New Zealand

G e r a i n t h a s 3 0 y e a r s o f r i s k management experience, originally as a nuclear submarine engineer with the British Royal Navy and then as a consul t ing r isk engineer in the infrastructure and power industries c o v e r i n g b o t h t e c h n i c a l a n d environmental areas.



38

Lyndon Bird is a Director of The Business Continuity Institute. He has an honours degree in Chemistry and a Masters in Management from the University of Manchester. He helped found the BCI in 1994, and was awarded the Institute’s highest grade of FBCI.

Prior to taking his current executive role with the BCI, he has served as a voluntary member of the elected BCI Board for six years including three years as Chairman.

Lyndon was also a founding member of Continuity Planning Associates BV in The

Netherlands. He has worked exclusively in the Business Continuity world for over 25 years as a consultant, presenter, author and business manager. He was voted BCM Consultant of the year in 2002 and given the prestigious Lifetime Award in 2004 by Continuity, Insurance & Risk Magazine.

Technical Development

Director & Board Member,

The Business Continuity

Institute

UK

Lyndon Bird

CONFERENCESPEAKERS


Peter is a former Belgian Air Force pilot, Staff Officer and aircraft accident investigator. During his career he occupied flying duties as an F-16 fighter pilot, a basic and advanced flying training instructor, operations and t r a i n i ng o ffice r and even tua l l y Commanding Officer (CO) of a flying training squadron.

As a staff officer, he took up duties in Training Command and the Aviation Safety Directory. He finished his career

at NATO’s Allied Command Operations at SHAPE (BE) – where he was involved in nuclear command and control. As an instructor and staff officer, he always took pleasure in sharing and passing on his knowledge and experience.

In 2008 he started a second career as a business expert and organisational coach. He is also the founder of Total Respect Management (TR"M™), a management model, based on Respect (Leadership), Risk (Risk Management) and Results (Excellence).

Organisational coach, trainer

& risk expert General

Manager at BYAZ bvba

Peter Blokland

Belgium

39

Pat i s the manag ing d i rec to r o f Hyperassure Ltd., a company that provides social media based r isk management software solutions as well as consultancy and training. He has over 30 years experience in the multi-national ICT sector, much of it at a senior level. During his time with Hewlett-Packard and Digital E q u i p m e n t C o r p o r a t i o n h e w a s responsible for designing and developing some of their largest global software systems. He also led Hewlett-Packard's

Semantic Web Research Group which was researching leading edge web technologies and took part in a number of European Union Framework 5 and 6 consortia. He is a member of the National Standard Authority of Ireland's (NSAI) risk management advisory committee and contributed to NWA 31000:2010 which is Ireland's National guidance on implementing ISO 31000:2009 Risk Management Principles and guidelines. He is also a member of the ISO/TC 262 project committee which was set up to develop ISO 31004 "Risk Management - Guidance for the implementation of ISO 31000." Pat holds a Master of Science degree from The Open University in Computers for Commerce and Industry.

Managing Director,

Hyperassure Ltd

Ireland

Pat Croke

CONFERENCESPEAKERS


Alex is well known today through his very active work in raising awareness of R i s k M a n a g e m e n t S t a n d a r d s , particularly on ISO 31000. Holding a Msc in Chemical engineering, a degree Business Administration and a post-master in Risk Management, he has worked in the last 17 years on many aspects of risk management : industrial risk management, loss prevention, natural disaster risk management, business impact analysis, business

in ter rupt ion, bus iness cont inu i ty management, standards and regulations. Today, Alex is a recognized as the founder of the Global Institute for Risk Management Standards, G31000, the global ISO 31000 platform and the active owner/moderator of the LinkedIn group which has reached 4000+ members. He is an invited professor in several universities and institutes, trainer for workshops and writing articles on ISO 31000.

President of G31000

France

Alex Dali

40

Kevin W Knight is known for his active work in developing, explaining and encouraging the use of Standards with respect to the management of risk. He is a founding member of the Standards Australia/Standards New Zealand Joint Technical Committee that produced the original AS/NZS 4360 Risk Management Standard in 1995 and its subsequent revisions in 1999 and 2004.

Kevin was Convenor of the International Organisation for Standardisation (ISO)

Working Group that produced ISO/IEC Guide 73:2002 – RM Terminology and he Chaired the ISO Working Group that developed ISO 31000:2009 Risk management — Principles and guidelines and the revised ISO Guide 73:2009 Risk Management Vocabulary published in November 2009. He currently Chairs ISO Project Committee 262 - Risk Management.

Dean of the School of

Graduate and Professional

Studies - Manhattanville

center of excellence for

Managing Risks

USA

Anthony Davidson


CONFERENCESPEAKERS

Martin is a risk framework architect who designs pricing, control and risk reporting systems for banks, brokerages, exchanges , ene rgy houses and regulators. Primarily he is a banker with more than 20 years experience working with various risk management disciplines including: operational risk, credit risk, counterparty risk and market risk and across many different institutions across the emerging markets. He is business unit focussed with good insight into

structured finance, project and trade finance but from a risk and valuation perspective. He has a good understanding of markets including Rates, FX, Equities and Money Markets and has developed several risk systems for quantifying risk exposure, limit taking and control hedging. He is a top grade programmer with detailed experience in SQL, R-Project, Visual Studio / C++ and he quantifies risk using various statistical models such as Copula’s, EVT or Bayesian networks.

Managing Director at

Causal Capital

Singapore

Martin Davies

41

Sally and her team are responsible for liaising with the IIA volunteer structure to support the IIA’s process for maintaining and updating the IPPF (Definition of Internal Auditing, The Code of Ethics, Standards and Guidance). !She has been tasked with the aspirational goal of leading the evolution of her Standards & Guidance team in delivering thought leadership to the internal audit profession.! She is a member of the IIA’s strategic task force to develop the capability to be agile in the deve lopment o f gu idance /knowledge to keep internal audit professionals current and relevant. In

her current role, she had the opportunity to provide candid feedback on exposure draft issues to COSO and the PwC authors of the new COSO IC framework.!

Her career in internal audit prior to joining The IIA in October 2011 involved leading internal auditing and compliance organizations in medium to large publically traded companies in the high tech and telecom industries (ATMEL Corporation - a $2.6 bil l ion semiconductor company - headquartered in San Jose, CA; AT&T Wireless, based in Seattle, WA; Verizon Wireless, based in Warren, New Jersey; and AirTouch Communications, spin-off of Pacific Telesis Group, headquartered in San Francisco, CA, and acquired by Vodafone in 1999).!

VP, Standards and

Guidance The Institute of

Internal Auditors, Global

Headquarters

USA

Sally Dix

CONFERENCESPEAKERSFIRST INTERNATIONAL CONFERENCE ON ISO 31000

Angel Escorial is CEO of Riskia and m e m b e r o f A G E R S ( S p a n i s h Association of Risk Management). Angel is Civil Engineer and has a BSc in Physics. He has over 25 years experience in RM consulting he is the project leader of the ISO31000 and Environmental Risk WG in AGERS. s e m i c o n d u c t o r c o m p a n y - headquartered in San Jose, CA; AT&T Wireless, based in Seattle, WA; Verizon Wireless, based in Warren, New Jersey; and AirTouch Communications, spin-off of Pacific Telesis Group, headquartered in San Francisco, CA, and acquired by Vodafone in 1999).!

Director General at Riskia,

Member of the Spanish

AENOR Commission on

Risk Management

Spain

Angel Escorial

42

USA

Carol Fox

Carol Fox is Director of Strategic and Enterprise Risk Practice for RIMS, a global not-for-profit associat ion d e d i c a t e d t o a d v a n c i n g r i s k management for organizational success. RIMS produces networking, professional d e v e l o p m e n t a n d e d u c a t i o n opportunities for its membership of more than 10,000 risk management professionals who operate in more than

120 countries. !Prior to joining RIMS, Ms. Fox was senior director of risk management at Convergys Corporation, a publically traded, global relationship management company. A graduate of Miami University (Ohio), she serves on the advisory board for its Center for Business Excellence. Ms. Fox also holds the Associate in Risk Management (ARM) designation from The Institutes. She has authored and contributed to numerous published articles and whitepapers on a variety of risk management topics. Treasury & Risk named her as one of its 2011 100 Most Influential People in Finance.

Director, Strategic and

Enterprise Risk Practice at

RIMS, Vice-chairman at US

TAG for ISO 31000 Risk

Management

Senior Strategic Risk

Manager at LEGO Group

Rico FerrareseRico Ferrarese, Senior Strategic Risk Manager LEGO Group holds an M. Sc and an MBA and has a past education as an officer in the Danish army.

Mr. Ferrarese has been working on developing and implementing strategic risk management within the LEGO Group for the past three years, and is currently focused on the Sales and Marketing organization.

During these past years, Mr. Ferrarese has provided a systematic validation of

the LEGO Group ERM approach vs. the ISO 31.000 standard and provided a set of recommendations as to further alignment. Most of these recommendations have been implemented leaving the LEGO Group largely in compliance with ISO 31.000 .

Furthermore Mr. Ferrarese has been working with proactive risk management to ensure that design of business projects and strategies had risk management embedded in the design.

Denmark

CONFERENCESPEAKERS


43

Scotland

William Gifford

The significance of risk management in business abruptly entered William Gifford’s life on the stoke of noon, one regular working Tuesday afternoon in May 2004. That day’s catastrophic events ended a successful twenty year manufacturing career and changed William’s life and career path forever. In September 2008 he started on his four year journey to gain a BA First Class Honours in Risk Management from Glasgow Caledonian University:

That graduation takes place in June 2012. Throughout his degree, William achieved strong marks that culminated in distinction awards at each and every level of assessment and special recognition from Glasgow Caledonian University’s Division of Accounting, Finance and Risk for the best individual performance at level 3. William is attending the Paris conference as a guest speaker, to take part in the special education session aimed at exploring future educational curriculum alignment with ISO 31000.

Student at the Glasgow

Caledonian University

Senior Vice President,

Internal Audit and Chief

Risk Officer of Hydro One

John Fraser is Senior Vice President, Ivnternal Audit and Chief Risk Officer of Hydro One Networks Inc., one of North America’s largest electricity transmission and distribution companies.

He is a Fellow of the Ontario Institute of Chartered Accountants, a Fellow of the Association of Chartered Certified Accountants, a Certified Internal Auditor, and a Certified Information Systems Auditor.

He has over 30 years experience in the risk and control field mostly in the financial services sector, including areas such as finance, fraud, derivatives, safety, environmental, computers and

operations. John Fraser is currently the Chair of the Conference Board of Canada’s Strategic Risk Council and a recognized authority and frequent speaker on enterprise risk management. He co-edited the 2010 university text-book “Enterprise Risk Management: Insights and Analysis on Today's Leading Research and Best Practices.

John Fraser

Canada

CONFERENCESPEAKERS


44

Risk Manager at BCLC

Jacquetta Goy


Canada

Jacquetta Goy joined BCLC in 2008 as their first risk manager, with the responsibi l i ty of establ ishing an enterprise wide risk management program. Prior to that she spent 14 years in the English health service, where she was responsible for setting up and developing the r isk, qual i ty and governance programs for an inner city healthcare organization. This involved preparing for a variety of accreditation reviews and inspections, managing

quality assurance, audit, complaints, clinical risk, investigations and root cause analysis. Jacquetta has both participated in and organized a number of conferences on both risk and quality management. Jacquetta studied International Politics at Aberystwyth University, Wales, has a Master’s in Public Health from St George’s University of London and is a member of the Canadian Strategic Risk Council.

CONFERENCESPEAKERS

After 10 years of being Cold, wet and hungry, Brian left the Canadian Army in 1999 to join the United Nations World Food Programme. Since then he has worked in over 70 countries in logistics, s e c u r i t y , a d m i n i s t r a t i o n a n d programming. His two field postings were Sierra Leone and Iraq. Brian has been central to the development of business continuity in the United Nations. He assumed his current position at the end of 2009, and is responsible for the viability of business continuity

planning across the United Nations Secretariat.

Chief - Business Continuity

Management Unit

United Nations

USA

Brian Gray

45

Managing Partner at

Auxilium Expatbiz Services

and Auxilium Management

Service

Frank Herdmann

Germany

Frank is an experienced C-level manager with a background in the financial, operational and legal fields. Highly-skilled a t work ing in mu l t ip le- ta rgeted assignments in both the public and private sector, he has been active in sales and marketing, international finance, export finance, barter trade, project management, commercial real estate, corporate finance, administrative control, public relations, merchant banking and labor. He has a demonstrated track record in generating improved efficiency and higher profit margins for businesses. Frank is currently

the Managing Partner of Auxilium Management Service. Here he uses his strengths to focus on supporting and consulting for small and medium size organizations. He believes that understanding and emphasis on adequate risk management should always be part of the management triangle. Prior to starting AMS over a period of 17 years Frank was Managing Director of several companies active in barter trade, real estate and transaction consulting.

CONFERENCESPEAKERS


Secretary, Working Party

on Regulatory Cooperation

and Standardization

Policies at United Nations

Economic Commission for

Europe (UNECE)

Lorenza Jachia

Switzerland

Since April 2008, Lorenza Jachia is the Secretary of the UNECE Working Party on “Regulatory Cooperation and Standardization Policies”. A current area of priority for the Working Party is how risk management tools can be used as the basis for the design of regulatory systems. Lorenza holds a Masters Degree from the Graduate Institute for International Studies (Geneva) and a Bachelors degree from Bocconi University (Milan). She has

been working at the United Nations since 1995. A trade economist, she provides training and advisory services to policy-makers and negotiators of free trade area agreements, including on the deep aspects of economic integration, such as the approximation of technical regulations and regulatory cooperation. She is the co-author of a forthcoming publication on “Risk Management in Regulatory Systems”.

46

Counsellor, Public

Governance and Territorial

Development

OECD

Stephane Jacobzone

France

M r. J a c o b z o n e c u r r e n t l y h a s responsibility for the High Level Risk Forum at the OECD. His experience includes regulatory issues, economic and governance aspects of the public sector as well as health related issues. He organized a major conference on the future of regulatory policy at the OECD, including 350 participants from 51 countries in 2010, jointly with the Bertelsmann Stiftung and the European

Commission.! He conducted recent analytical projects on the governance of regulatory oversight, the implications of the financial crisis for quality regulation in the financial sector, the institutional design for utility sectors, including the regulation or energy, transport and telecommunications, the comparative assessment of regulatory management systems, and led multidisciplinary regulatory reform reviews in 9 countries, (including Australia, Mexico, Brazil, France, Italy, Korea, Mexico, Norway, Sweden, Switzerland). He was in charge of coordinating the Ministerial meeting of the Public Governance Committee in Venice in November 2010. ! In prior assignments, Mr. Jacobzone supported the launch of the OECD health activities, including assessing the economic implications of ageing and the diffusion of new health technologies for public finances and health systems as well as the regulation of pharmaceuticals. Mr.! Jacobzone is a former alumni of the Ecole Polytechnique and ENSAE, France, and began his carrier at the French Ministry of Finance. He taught at Sciences Po, ENA and ENSAE, and authored over 14 books and reports, and over forty articles. He is a member of the French Who's Who.


47


John is a recognized leader in risk management with over 10 years of experience. In November of 2010 he was awarded the distinguished CPRM certification by the Risk Management Institution of Australasia. John is also a member of the Canadian Standards Association Technical Committee on the new Canadian Risk Management Standard Q31001 and the new international risk management standard CAN/CSA ISO 31000.

President, Coherent Advice

USA

John Lark

CONFERENCESPEAKERS

Christopher Lajtha became an independent r isk management resource in June 2005 – creating a French-based company to provide independent expert services to mult inat ional r isk & insurance management teams. ADAGEO offers single-source or composite expertise via an evolving network of similarly-experienced and independent risk management professionals.

Between 199 and 2004, Chris was the Corporate Risk & Insurance Manager of the Schlumberger Group. He joined Schlumberger in 1981 and worked in various risk management roles for Schlumberger subsidiary operations, based both in Europe and North America.

After leaving University in 1977, Chris worked for Sedgwick Forbes (U.K.) Ltd as a Lloyd’s broker and with B.T.R. Industries as the acting insurance manager – both located in London.

Chris graduated from Manchester University with a Bachelor of Science degree. He qualified as a Fellow of the Chartered Insurance Institute [FCII] in 1981 and as an Associate in Risk Management [ARM] in 1995. In 2001, he completed a European Fellowship in Applied Risk Management [EFARM].

Chris is a frequent speaker at national risk management conferences and has been an active member of several international risk management forums for many years.

Principal at ADAGEO,

independent risk and

insurance management

resource company

France

Christopher Lajtha

48

Awad is currently working as Director, Quality and Risk Management Services in the Corporate Services and Strategic Planning Branch of Public Works and Government Services Canada (PWGSC).

Awad led the deve lopment and implementation of PWGSC Integrated Risk Management (IRM) Policy. He is keeping evergreen the Corporate, Operational, Conflict of Interest and IT Risk Profiles. Awad continues to update

it to continuously reflect, at a macro level, the risks embedded in the transformation agenda, Deficit Reduction Action Plan, and in business lines carrying out their business activities.

Awad is represented the public sector in Canada on the ISO/TMB Risk Management Working Group of Experts during the 2005-2010 period. During the October 2007- November 2011, Awad served as the Chairperson of the Technical Committee of Canadian Standards Association that was tasked to develop a Canadian Standard and Handbook to implement the ISO/TMB Risk Management Framework. Awad was recently elected as the Head of Canadian delegation to the ISO PC-262, which was set up to develop ISO 31004 Risk Management-Guidance for the implementation of ISO 31000.

Director, Quality and Risk

Management Services in

the Corporate Services and

Strategic Planning Branch

of Public Works and

Government Services

Canada (PWGSC)

Canada

Awad Loubani


CONFERENCESPEAKERS

Managing Director

Global Services at

Risk Oversight Inc

Tim J. Leech FCA CIA CRMA CFE CCSA is Managing Director Global Services with Risk Oversight Inc. (“RO”) He has over 25 years experience in the fields of ERM, internal audit and forensic accounting field and global experience helping public and private sector organisations with internal audit transformation initiatives, and the d e s i g n , i m p l e m e n t a t i o n a n d maintenance of integrated GRC/ERM frameworks. He has been recognised for

outstanding contributions to the profession by the Ontario Institute of Chartered Accountants, Institute of Internal Auditors, and Association of Certified Fraud Examiners.

Tim Leech

Canada

49


CONFERENCESPEAKERS


CONFERENCESPEAKERS

Jan is a recognized and published thought leader and advisor on the subject of enterprise and integrated risk management design, assessment and implementation.

Jan works with decision makers across private and public sector organizations from transportation, health, chemical, oil and gas, financial services, social services, utilities, telecommunications and biotechnology sectors. Her career

includes extensive involvement in the design, implementation, assessment and management of enterprise wide risk management (including strategic, operational, project and procurement risk): to date she has provided advisory support provided to over 60 Canadian organizations. Jan has designed and delivers training for the Canadian Standards Association and RIMS on ISO 31000 series of international and national products across North America and held leadership risk management roles inside public and private sector organizations.


CONFERENCESPEAKERSNorman is Vice President, Evangelist at SAP, where he focuses on thought l e a d e r s h i p a ro u n d “ b e t t e r r u n business”. He focuses on governance, risk management, internal audit, compliance, enterprise performance, and business intelligence.

Prior to Business Objects’ acquisition by SAP in 2008, he was their Vice President of Internal Audit responsible for internal auditing, risk management,

the Sarbanes-Oxley Section 404 (SOX) program, and license compliance.

Norman has been chief audit executive of major global corporations since 1990, and is a globally-recognized thought leader in the professions of internal auditing and risk management. In addition, he has served as chief risk officer, compliance officer, and ethics officer, and managed what would now be called the IT governance function (information security, contingency planning, methodologies, standards, etc.)

CPA, CRMA, Vice

President,

Evangelist at SAPUSA

Norman Marks

Project leader for ISO 31004,

ISO/PC 262 Risk Management

committee

Jan Mattingly

Canada

50

CONFERENCESPEAKERS


Dr. Marino is senior expert at ENISA in the area of Risk Management with extensive experience in the management and operation of security and the coordination of European expert groups.

Currently, he is responsible Manager for Project in the area of Emerging Threat Landscape. He is also involved in issues regarding Economics of Security. His expertise is on:

• Integration of Risk Management with operational and governance processes.

• Security management with regard to critical business areas, such as financial institutions, B2B and telecommunications.

• Systems security with focus on Internet security, security in large networks for telecommunication, security in banking applications and operating systems.

• Security standards and good practices, such as Risk Management, Continuity Management, Common Criteria.

• Co-author of the security part of CEN/TC 224 - ISO/TC 68/SC 6.

Alpaslan Menevse CISA, CRISC is O p e r a t i o n a l R i s k M a n a g e r a t Sekerbank . Among h is cu r ren t responsibilities are integrating ISO 31000 into all banking processes at tactical and operational level. He has a special interest in the "Human Side of Change Management" within the perspective of ERM and ISO 31000.

Operational Risk Manager at Sekerbank

Alpaslan Menevse

Turkey

Senior expert - Risk Management

at ENISA

Dr. L. Marinos

Greece



51

CONFERENCESPEAKERS


Gilles Motet is a Professor at the National Institute of Applied Sciences, researcher at the French National Research Center (LAAS-CNRS) and Scientific Director of the Foundation for an Industrial Safety Culture. He participated in the development of the ISO 31000.

Professor at the National Institute of

Applied Sciences

Gilles Motet

France

Member, International Internal Auditing

Standards Board at the Institute of Internal Auditor.

Chairman of the Committee OB-007 at

Standards Australia. Director at KPMG

Michael Parkinson CIA CRMA CISA CRISC is an internal auditor of more than 25 years experience. After 10 years in Information Technology and Government Finance he became an IT internal auditor in the early 1980s. He has served as Vice Chairman of the Institute of Internal Auditors and as Vice President of ISACA. He is currently the chair of Standards Australia Committee OB-007 (Risk Management) and is an Australian delegate to ISO PC 262 (Risk Management). Michael serves on the

International Internal Auditing Standards Board. He has written extensively on internal auditing and on risk management. In particular he was co-author of AS HB 158-2010: Delivering Assurance using ISO 31000.

Michael Parkinson

Australia

52

Internal Audit and Risk Professional with diversified industry expertise including consumer products, higher education, life sciences, manufacturing, not for profit, retail, trading companies a n d h i g h e r e d u c a t i o n . R i s k management (enterprise-wide, risk assessments, control self assessments, corporate governance and r isk mitigation strategies) and financial/compliance audits (Sarbanes Oxley, other regulatory reviews, business

ethics audits, fraud investigations and acquisitions/due diligence), operational audits (cost savings/recoveries, process reengineering and root cause analysis). Familiarity with the major risk, internal control and governance frameworks from around the globe including AS/NZS 4360:2004, COBIT, Combined Code, CoCo, COSO ERM, ISO 31000, HB 436, HB 158, and King. Strong leadership, team building, communication and influencing skills. Delivers measurable results. Strong passion for internal audit profession and the risk discipline.

Director of The Education

and Research Center for

Managing Risk at

Manhattanville College

Principal at Schanfield Risk

Management Advisors, LLC

USA

Arnold Schanfield


CONFERENCESPEAKERS

VP of Enterprise

Operations and

Technology Risk

Management at Citigroup

Jason provides global oversight of self-assessment programs. He holds certifications in the governance of enterprise IT, auditing information systems, and IT infrastructure. He has twenty years of experience in operations, audit, regulatory compliance and risk management fields – most of that time in government and financial sectors. He has provided risk management expertise covering operations in market and credit

risk, anti-money laundering, financial reporting, technology infrastructure, continuity of business and supplier management functions. Jason is also a graduate of a U.S. service academy and served for 11 years as an officer in the U.S. Naval Reserve.

USA

Jason Shohet

53


CONFERENCESPEAKERS

John is a traffic and transportation engineer who became involved in risks of dangerous goods after the 1979 Mississauga train derailment. In 1982 he became the director of the Institute for Risk Research (IRR) until 2010. He participated in the Krever Inquiry on the safety of the Blood System in Canada. Other health studies have concerned risks and benefits of pharmaceutical drugs and Xenotransplantation. Recently, the IRR managed a series of 5

international meetings on Clean Air and Health resulting in new policies in the UK and the US. In the last 30 years John has been involved with risk studies in transportation (marine, rail, trucks, transit, and pipelines), chemical plant safety, risk communications, management of "public risks", water supply, food safety, and so forth. He gives about 5 talks a year on risk management particularly implementing 31000. Recent contributions to risk management have been in the area of Enterprise Risk Management with chapters on ISO 31000 in a 2009 Wiley business book and a 2010 article in the Journal of Policy Engagement. John has served on 3 Canadian standards committees (including CSA 31001 (2011)) and 3 ISO standards committees (including ISO 31000) over the last 20 years.

Adjunct Professor at

Department of Civil and

Environmental Engineering

University of Waterloo

Canada

John Shortreed

Program Manager, Risk

Management at Enablon

Software Solutions

Johannes Swanepoel is a program manager at Enablon Software Solutions ensuring that risk management activities are a l igned wi th ISO31000 and embedded in all applications that Enablon produce in the Sustainable Development domain. Johannes has 10 y e a r s ’ e x p e r i e n c e c o n s u l t i n g , developing, implementing and selling of specialised risk management software to organizations worldwide.

USA

Johannes Swanepoel

54

CONFERENCESPEAKERS


Risk Management

Turnaround Specialist.

Sola Fide Solutions: Risk

and Strategy Consulting

Alicia Swart

South Africa

Alicia Swart is a risk turnaround specialist in the consulting industry of South Africa. She has developed a strong reputation for her ability to roll out a thorough ISO 31 000 aligned Integrated Risk Management Program.

Commissioner, Global

Standards Initiative,

ASIS International

Marc Siegel

USA

Dr. Marc Siegel is the Commissioner heading the ASIS International Global Standards In i t ia t ive deve loping in te r na t iona l and na t iona l r i sk management, resilience, security, and continuity standards as well as p r o v i d e s t r a i n i n g o n t h e i r implementation.! He is a RABQSA Internat iona l cer t ified Bus iness Improvement Lead Auditor, as well as a certified Trainer and Skills Assessor.!! As an Adjunct Professor in the College of Business Administration and the Master’s Program in Homeland Security at San Diego State University, Dr. Siegel

pioneered the concept of applying a systems approach to security and resilience management for organizations and their supply chains.! His work includes providing training and guidance on implementation of risk, resilience and security management systems, as well as risk management in regions of conflict and weakened governance for the protection of assets and human rights.

55

Chief Executive Officer at

Jakeman Business

Solutions

Julian Talbot

Julian is the Chief Executive Officer with JBS, a $25 million business st rategy and r isk management consulting house. JBS not only helps clients with risk management advice but uses it’s own advice and applies ISO31000 as its strategic management and decision-making system. Julian is a Fellow of the Risk Management Institution of Australasia, Director of the Security Risk Management and

Analysis Association (SARMA) and a Research Associate with the Australian Homeland Security Research Centre. !Previous roles include Manager of Property and Security for the Australian governments most extensive international network operating in over 60 nations (Austrade), Manager of Security for Australia's largest natural resources project, Woodsides $22 billion North West Shelf Venture and Senior Risk Advisor for the Australian Department of Health and Ageing.


Australia

CONFERENCESPEAKERS

Carolyn Williams, Head of

Thought Leadership at

Institute of Risk

Management

Carolyn Williams

UK

Carolyn Williams is Head of Thought Leadership at the Institute of Risk Management, the leading international educational and training body for the risk management profession, where she is responsible for communicating the work of the Institute to a variety of audiences. She has an MA in Politics, Philosophy and Economics from Oxford University and is a Chartered Insurance Practitioner as well as a Member of the Institute of Risk Management by examination. She joined IRM in 2006 from Lloyd’s of London, where she was responsible

most recently for risk management training and communication. She is also a member of the Chartered Insurance Institute’s Qualifications, Examinations and Assessments Committee and also represents the IRM on a number of other bodies including the Metropolitan Police Covert Operations Ethics Committee.

56


KEY CONFERENCE TOPICSUnderstand why Enterprise Risk Management (ERM) should be based on ISO

31000

Learn how ISO 31000 can add value in building a solid risk management framework and at each stage of the risk management process

Know how and why ISO 31000 is the global reference for risk management standards

Get informed currently of the perspective of the future ISO 31004 guide for implementing ISO 31000 risk management standard

Embed ISO 31000 into the day-to-day decision making process

Benchmark emerging ERM frameworks and structures across various entities and understand how ISO 31000 ties risk management to corporate goals and objectives

57


CONFERENCE VENUEThe conference will take place, in the heart of Paris, at a modern conference center in Paris "Triangle d'Or", the most prestigious business district in the French capital: EUROSITES GEORGE V, 28 avenue George V, 75008 Paris, France.

The venue and nearby hotels are in the area of the Champs-Elysées Avenue. You can find a convenient hotel using the following search engine proposed in the conference website :

www.G31000conference2012.org

PARIS FRANCE MAY 2012

http://www.G31000conference2012.org

http://www.G31000conference2012.org

58

EUROSITES-George V 28, Avenue George V - 75008 Paris Tel.: +33(0)1 53 82 60 00

http://www.eurosites.fr/en/Eurosites_George_V.php

Ideally located between Etoile and Concorde, in the most prestigious business district in Paris,Eurosites George V is easily accessible.

BY METRO George V (line 1). Alma Marceau (line 9)

BY BUS Routes 32, 42, 63, 72, 73, 80 and 92

CAR PARK Vinci Champs Élysées and Alma George V.


CONFERENCE VENUE

EUROSITES-George V



59


CONFERENCE PARTNERS

60

MEDIA PARTNERSFIRST INTERNATIONAL CONFERENCE ON ISO 31000

61


CONFERENCE ORGANISERThe Global Institute for Risk Management Standards provides clients with business information and knowledge on the ISO 31000 Risk Management Standard which enables them to reinforce business performance and their decision-making process, thus giving a valuable competitive advantage and making a positive contribution to their success.The Global Institute for Risk Management Standards is involved in the creation of G31000, a global platform for ISO 31000, and initiating multiple initiatives around the ISO 31000 standard.

The official launch of G31000 is scheduled at the Conference in May 2012.

CONFERENCE QUOTEWhy the management of risk should be based on ISO 31000?

The absolute aim of the ISO 31000 Risk Management Standard is to help managers to make decisions to enhance the performance of the organisation.

62


GENERAL INQUIRIESRIMEC SARL20, rue Berzélius 75017 ParisFrance

Tel! +33 (0) 1 77 14 16 38Fax +33 (0) 1 82 09 67 72

Email : [email protected]

PARTNERSHIP AND MEDIA-PARTNER OPPORTUNITIESIf your organisation would like to be associated with the First international conference on ISO 31000, please contact us at:

[email protected]

[email protected]

Alex Dali | President of G31000 | France

Pascal Germain | Partner at RIMEC SARL | France

LINKEDIN GROUPJoin our ISO31000_Conference_2012 LinkedIn sub-group to be able to start networking with your peers before and after the conference.

Short link: http://goo.gl/QDjgv

To download the full brochure and make your reservation, you are invited to go to the website : www.G31000conference2012.org

REGISTRATION

Graphic Design by Michele Harper Design

www.micheleharperdesign.com








http://goo.gl/QDjgv

http://goo.gl/QDjgv

http://www.iso31000conference.com/




iso31000 38th cut may 20...iso 31000 provides a single global reference for stakeholders in an...

Documents