HOME | Invitation | Register | Agenda| Speakers | Partners | Venue | Masterclasses | Vendors | Gala Dinner | Hotels
Special Greetings from the government of New York State
Kevin W. Knight Chairman, ISO/TC 262 – RISK MANAGEMENT and Chairman of the ISO Working Group that developed ISO 31000What Next For Standards on the Management of Risk – Nationally and Internationally
- Will ISO 31000 emerge as the dominant global standard?
- Moving from the “what” to the “how” of ISO 31000
- What does the global risk community want from Standards Bodies to assist with implementing ISO 31000?
- To certify or not? – That is the question
Provincial Treasury: Financial GovernanceThe Value of Risk Management and ISO 31000 in the Public Sector
- The value in practicing risk management in the public sector
- Implementation process
- Lessons learned
- ISO 31000 journey in the public sector
Senior Advisor in the Executive Office of the U.S. President, and Deputy Director of RiskManagement at the U.S. Department of Commerce and Office of Management and BudgetUsing Risk Management Standards to Drive Organizational Performance: Foundations to Success
- What is needed by public sector agencies to be successful at managing risk, opportunity and performance?
- The use of ISO 31000 in the public sector
- What role does culture play in successful risk management integration and implementation?
- How do public sector agencies apply risk management standards to manage program risk, goals and objectives?
Senior Vice President, Strategic Solutions, Sedwick, INC., USAAligning ISO 31000 with Success
- Risk’s effect on Success
- Why some risks matter more
- Risk discipline and strategic focus
- Next level risk management
G31000 members may participate during this time slot, in our new business circle event. Upon advance request, we will arrange an informal introduction for you to an attending industry leader whom you would like to meet at this casual private meeting on the first day of the conference. $75 fee for non-members.
In anticipation of our Gala Dinner, take the opportunity to return to your hotel or have a look around The Shops at Columbus Circle on the first three levels of the same building. (Note: Main entrance is in the front at 10 Columbus Circle.)
Time to relax, meet old friends and make new ones while enjoying a meal at A Voce. The dinner will take place on the 3rd floor of the same building as the conference. (Note: Main entrance is in the front at 10 Columbus Circle.) At this dinner, we initiate our first “G31000 GLOBAL AWARDS. G31000 seeks to distinguish those who have demonstrated knowledge, expertise and achievement in the global standard for improved decision-making, ISO 31000, by being the best trainees, trainers, applied ISO 31000 organizations, in the private or public sector.
Dress: Your choice of Business Casual or Business Formal.
How to implement or adapt your RM programme using ISO 31000 ?
ISO 31000 says: “The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed” In this session, we will learn how large companies have achieved the implementation of ISO 31000. What are the major barriers to effective risk management in organizations today? How Risk Maturity Models can be developed and used for benchmarking.
Session PartnersRico Ferrarese Senior Strategic Risk Manager at LEGO Group – Denmark
Rico will speak about his experience at LEGO Group where he undertook a systematic validation of the LEGO Group’s existing ERM approach against the ISO 31000 standard and provided a set of recommendations as to further alignment. Most of these recommendations have been implemented so that ERM at the LEGO Group is now largely aligned with ISO 31000Domenic Antonucci. CRO Chief Risk Officer at ADPC Abu Dhabi Ports Co – UAE
Risk Maturity Model dedicated to ISO 31000.
Domenic will introduce BenchMarker: an ISO31000 based maturity model checklist tool that he has developed to benchmark organisations against best Enterprise Risk Management practices. The tool has been designed to help brief CEOs and Boards with a strategic baseline and also to measure future ERM progress. Domenic will also share a preview of RiskMapper: a risk universe mapping tool to test the maturity of risk profiles, source and contextPat Croke. Managing Director, Hyperassure Ltd – Ireland
ISO 31000 Doing what comes naturally.
During this session you will gain an understanding of how ISO 31000 can be rolled out in an organization in either a top down or a bottom up manner. Pat will focus on the importance of context and how it changes at different levels of the organization. He will show how understanding these changes is important to achieving success with either approach. He will also discuss how the ISO 31000 framework can be used with multiple different risk management processes which are specifically tailored to a particular type of process such as Decision Making, Project Management, Information Technology, Health and Safety, etc.Jason Shohet – VP – Enterprise Operations and Technology Risk Management at CITIGROUP – USA
A “Slow Introduction” approach in the implementation of the ISO 31000.
Jason will explain how he used a “Slow Introduction” approach to implement ISO 31000 – sacrilege to some but aside from quitting and working somewhere else – sometimes the only option.Johannes Swanepoel. Program Manager, Risk Management at Enablon Software Solutions – USA.
How specialized software supports ISO31000, how we have implemented it.
Specialized risk management software should support decision making in every way possible. The ideal risk management solution would not be standalone, would not be a referred to as the “risk management application”, and would not be situated in the “ERM” department. Risk management application should be an intrinsic feature of all software applications that govern resources. It should facilitate, empower and record cognitive reasoning a manager undertakes when evaluating options to create a reproducible trail of thought and contribute to organizational learning purposes.
11:00 – 11:30 Networking and Refreshment break
11:30 – 13:00 Parallel Sessions 3
13:00 – 14:15 Lunch
14:15 – 15:45 Parallel Sessions 4
15:45 – 16:15 Networking and Refreshment break
G31000 – the new Platform for ISO 31000
The publication of ISO 31000 is a seminal point for risk management. This is the first internationally recognized risk management standard, created by risk management experts from around the world and incorporating twenty years of experience with AS/NZS4360. The standard has been adopted by most G20 countries providing a global reference for stakeholders. It can apply to any activity in any sector, and as a voluntary application it provides a framework for continuous improvement toward improved business performance rather than a bureaucratic compliance/reporting system. This session will explain why every risk management program should be based on the ISO 31000 Risk Management Standard
Session PartnersJacquetta Goy. Risk Manager at BCLC – Canada.
Jacquetta is in charge of developing the C31000 certification program. Candidates for certification will need to demonstrate a thorough understanding of the ISO 31000 Risk Management Standard, its principles, its vocabulary, its framework and its process.
Alex Dali. President, G31000 – France. Alex will introduce the LinkedIn discussion forum on ISO 31000 created in March 2009 and present the results of the First Global survey on ISO 31000 standard carried in October-December 2011. The Survey has received 1800+ responses from over 100+ countries, all sectors.Pat Croke. Managing Director, Hyperassure Ltd – Ireland.
Pat is in charge of developing the on-line risk management training course based on ISO 31000 which will support people trying to attain C31000 certification. He is also responsible for the roll out of the G31000 technology platform and will discuss what has been done to date and what is planned for the future
17:25 – 17:30 Conference Close
Aligning your Business Continuity program with the ISO 31000 standard.
In June 2010, Standards Australia and Standards New Zealand released AS/NZS 5050, the new business continuity standard, which aims to relate business continuity to the ISO 31000:2009, ‘Risk management – principles and guidelines’ framework, making risk assessment and management its central pillars. This session will discuss how to align your Business Continuity program with the ISO 31000 standard.
Session PartnersGeraint Bermingham – Director – Navigatus Consulting and Chair New Zealand Society for Risk Management, NZ Rep ISO31000 WG, Member joint Australian/NZ Risk Management standards committee. – New Zealand
Application of ISO31000 philosophy to Business Disruption Management ( Developing AS/NZS5050)
This presentation by Geraint describes the thinking behind the successful development of the first business disruption standard based on ISO31000. The presentation also covers two examples where these principles and the resulting approaches enabled highly effective responses by an international airline to two critical but quite different major disruption events.Lyndon Bird – Technical Development Director & Board Member, The Business Continuity Institute– U.K.
Aligning Business Continuity with Risk Management
In 2012, ISO will launch their Business Continuity specification standard ISO22301 with a supporting guidance standard ISO22313 expected within a few months. In these standards there is a requirement for aspects of Risk Assessment to be undertaken as part of the Business Continuity Management process. ISO31000:2009 is identified as a useful approach but it is not mandated by the BCM standard. This presentation considers whether formal risk management is a core pillar of a BCMS and if so, how an organisation might align their Business Continuity Management with the ISO 31000 standard.John Agius – Enterprise-Wide Risk & Business Continuity at GO Plcr – Malta
The RM to BC Route – How ISO 31000 benefits Business Continuity
Risk and Business Continuity Management have been developed overtime as a result of the effects of uncertainty that organizations face in achieving their objectives. The likelihood of deviations from set objectives, whether negative and/or positive, compels organizations to be proactive and prepared to intervene in good time to manage adverse effects and pursue opportunities. In the event of business disruptions organizations are obliged to provide for resiliency and to ensure that alternative arrangements are in place for business to continue to operate whatever the circumstances. John’s presentation tackles the process RM plays in establishing an effective and efficient BCMS and how ISO 31000 benefit this process.Brian Gray – Chief – Business Continuity Management Unit – United Nations – USA
Drivers of Performance: ISO 31000 and Business Continuity.
Dr. Louis Marinos – Senior expert – Risk Management at ENISA – Greece
- Business continuity was spawned from Disaster Recovery; risks were therefore focused on IT
- Over the past decade the context has changed: business continuity now must consider all-hazards and the financial crisis has put pressure on resources
- Risk management provides a common framework to convene, collaborate and communicate
- This process not only addresses risks, but generates serendipitous effects that strengthen organizational performance
Business Continuity, Risk Management and Preparedness: how to complete the puzzle?
Business Continuity connects to Risk Management and other Management disciplines. But:
- What are the methods to identify the common points?
- What are the possibilities to maintain the interfaces?
- What is the need in the community?
- What open issues have been identified?
How to move from COSO ERM to ISO 31000
COSO ERM framework has received a lot of criticism and has been proved difficult to implement. However, some companies have put tremendous effort into trying to achieve its implementation with the belief that there is no alternative. Since January 2011, the ANSI/ASSE has adopted ISO31000 as the American risk management standard. This session will explain why and how companies using COSO ERM should move towards ISO 31000 in order to realise a better risk management framework
Session PartnersSally Dix. VP, Standards and Guidance at IIA -The Institute of Internal Auditors, Global Headquarters – USA
Risk Management Strategy: Building the Approach that’s Right for Your Organization. We all share common goals: Optimizing our risk management strategies to assure our organizations’ goals and objectives are met. The experts agree, when it comes to risk management, one size does not fit all. Risk strategies that are effective for some organizations might stifle new opportunities or lead to unanticipated problems for others. It’s not just a matter of selecting a risk framework or deciding on a level of resources dedicated to risk management – it’s a matter of identifying and implementing the specific strategies and approaches that are the right ones for your organization and its unique culture. Sally Dix, Vice President, Standards and Guidance, for the Global Institute of Internal Auditors, combines theoretical knowledge and real world experience in this insightful presentation sharing new tips for making risk management work for you. How well the approach is tailored to your organization can make the difference in the success or failure of risk management at your organization.Norman Marks.CPA, CRMA is Vice President, Evangelist at SAP– USA
Turning towards the ISO 31000:2009 risk management standard. Norman will share how, when he was asked to start a risk management practice, in addition to leading internal audit, he turned first to the COSO ERM Framework. Finding it lacking as a way of explaining risk management to the board and executives, he adopted the ANZ Standard and practice guides. Although initially critical of the new ISO standard, he is now an advocate. He is recognized as such within internal audit circles, and has helped move the IIA away from sole endorsement of the COSO framework and towards adoption of the ISO risk language. He will share why he recommends ISO 31000:2009 as he makes presentations and engages with SAP customers around the world.Arnold Schanfield.Principal at Schanfield Risk Management Advisors, LLC– USA
Moving on from COSO ERM Arnold believes that COSO ERM was designed with good intentions, but that overall it is too complex and unwieldy, resulting in many companies giving up on designing their own program and paying external consultants to tell them how to implement risk management. Today, COSO ERM is the subject of some controversy. Based on his experience of both ISO 31000 and past COSO ERM implementations, Arnold will demonstrate how ISO 31000 improves on COSO ERM in a number of areas including referencing the “deadly sins” introduced by Grant Purdy and will give practical advice on how to navigate successfully from COSO ERM to ISO 31000 standard.Michael Parkinson. Member, International Internal Auditing Standards Board at The Institute if Internal Auditors. Director at KPMG – Australia
The new role of internal auditors
- Planning the program – supporting the organisation’s risk management process
- Reviewing the risk management process
- Focusing the individual engagement
- The feedback loop – internal audit informing risk management
How world-wide global risk management curriculum are moving to alignment with IS0 31000
A majority of institutions have fallen short of delivering educational programs that meet the needs of business in the area of managing risk. Many of the courses for instance are too general and there is an obsession with financial risk to the exclusion of all other forms of risk. This session features presentations that address the shortcomings that are so prevalent among the plethora of programs offering training and education in the area of risk management. The intent of this session is to demonstrate that some curriculum in RM have already adapted the content of the teaching to the principles, framework and process proposed in the ISO 31000 Risk Management Standard.
Session PartnersJohn Shortreed, Adjunct Professor at Department of Civil and Environmental Engineering Univ. of Waterloo– Canada
Bringing thirty years experience in research, education and standards in risk, John will give his views on how risk management education and training could be better designed and delivered so that it is consistent with ISO 31000, and fully integrated into the existing governance and management of any organization, in a simple, yet powerful and persuasive way, that overcomes existing inertia in the evolution of risk management.Anthony Davidson. Dean of the School of Graduate and Professional Studies – Manhattanville- Center for Excellence in Managing Risk. – USA
Anthony will speak about a new program recently launched at the Manhattanville College that tackles risk management from a totally holistic perspective, taking into account the multiple dimensions of risk. The premise is that Risk Management cannot be simply treated as a programme containing a methodology. It must be regarded as an organisational initiative, which needs to be adopted and practised by all constituents of the organisation, including not only all the departments and employees but also all stakeholders that impact the organisation. ISO31000 and its related elements should be viewed as contemporaneous guidelines for the purposes of establishing and ensuring a system-wide adoption of the risk construct, through an evolving implementation process.Carolyn Williams – Head of Thought Leadership at Institute of Risk Management.- UK
Supporting the Risk Management Profession
The IRM believes passionately that investment in education and continuing professional development leads to more effective risk management. This presentation will cover:
William Gifford – Risk Management Student Glasgow Caledonian University.- UK
- What is a profession and does it matter?
- IRM’s approach to risk management education
- Equipping ourselves for the future
The Student’s point of view
William will discuss his university degree experience and how he sees ISO 31000 taking his knowledge from theory to application of risk management in practice.
- What led me to Risk Management (RM)
- How GCU gave me an insight to RM thinking
- The importance of understanding the role of education in RM
- The common approach supplied through ISO 31000
- Why it is important for ISO 31000 and educational programmes to become aligned
Risk and Human factors
Understanding and managing people is a core risk management competency. People are usually considered as an organisation’s greatest asset and yet they are often also the greatest liability. This session will broaden your understanding of how a consideration of human factors assisted by ISO 31000 should be incorporated into your risk management practicePeter Blokland – Organisational coach, trainer & risk expert – General Manager at BYAZ bvba– Belgium
To manage risk, you will have to increase the quality of your perception. Managing risk is managing uncertainty as well as managing objectives. What you will see is what you will get, is certainly true in managing risks. The more opportunities you’ll see, the more risk you’ll take. The more dangers and threats you’ll discover, the better you will be able to cope with them.Frank Herdmann – Managing Partner – Auxilium Expatbiz Services and Auxilium Management Service. – Germany
Human Factors, Management, and Risk
Human Factors Management is at the core of life. It has to be tailored and aligned with an organization’s external and internal context. Complexity requires Human Factors Analysis and Classification Systems and/or Human Reliability Analysis. But for most entities a simple systemic approach is a good start for Risk Management.Norman Marks – Vice President, Evangelist at SAP – USA
Risk and Human Factors: Because People Run Businesses
Norman will review a couple of different ways the Human Factor affects risk management:
- As a source of error. The root cause of error is almost always people and risk managers must consider the risk of mistakes
- As an influence on risk decisions. Different people will evaluate, assess, and respond to risk in different ways. How then can the risk manager ensure the right risks are taken for the organization?
He will share his experiences and views on how to address these issues.
ISO31000 How does it relate to security and safety?.
ISO31000 is potentially the best thing to happen to security and safety management since Og the caveman picked up a club to defend his family. But just how do we use it, what are the benefits and equally importantly, what are the pitfalls? This panel of subject matter experts will attempt to answer these questions and more looking at a range of security and safety practice areas. Physical security, information technology, information, personnel and in particular, security and safety management.
Session PartnersJulian Talbot. Chief Executive Officer at Jakeman Business Solutions – Australia
Enterprise Security Risk Management. Enterprise Security Risk Management is much more than just scaling up security management across an organization. It means taking an integrated view of how each part of the organization affects the other and turning some complex analysis into a series of practical plans that people can understand and implement. It needs an entirely different mindset from traditional security management but fortunately we have a tool that is ideally suited to the job – ISO31000. This presentation is based on lessons learned in conducting enterprise security risk assessments for multibillion government and resources organizations operating on six continents. Come find out what worked, what didn’t – and why.Gilles Motet. Professor at the National Institute of Applied Sciences, Member of the French AFNOR Commission on Risk Management – France
Contribution of ISO 31000 to safety management.
ISO 31000 introduced a new definition of Risk based on uncertainty, and a new way for handling risks. First of all, the presentation will show that this new vision is in accordance with the change of concerns of stakeholders in safety domain. Then, the contributions of the original aspects of the risk management process to safety will be highlighted. Finally, we will explain how the Framework proposed by ISO 31000 allows the concept of risk acceptability to be challenged as recently required by stakeholders.Marc Siegel Commissioner heading the ASIS International Global Standards Initiative – Belgium
Risk and Security Management: Protecting and Creating Value
- To protect the value chain, organizations must move beyond traditional siloing of risks to a holistic approach.
- The ISO 31000 provides a framework for integration of security management into a enterprise-wide risk management strategy.
- To protect the value chain, organizations need to have a comprehensive strategy to manage both organizational and supply chain risk.
- Why ISO got it wrong!
Lorenza Jachia. Secretary, Working Party on Regulatory Cooperation and Standardization Policies at United Nations Economic Commission for Europe (UNECE). – Switzerland
Risk management has become an essential building block of regulatory systems in all areas – in food safety, environment, aviation, finance – to name just a few. The work of the UNECE aimed at guiding regulatory stakeholders in consistent and systematic application of risk management to establishing and running regulatory systems has been entrusted since 2010 to the Working party’s Group of Experts on Risk Management in Regulatory Systems (UNECE GRM). ISO 31000 is a tool that allows for a systematic integration of risk management best practice in all areas of regulatory activity
Raising the awareness about IS0 31000, worldwide
This panel discussion is intended to share experiences about how to raise awareness to encourage public and private organisation to adopt ISO 31000 as their reference in the management of risk. Starting with the 20 years long experience of Australia, the session will continue with Canada, then USA and possibly experiences in Europe.
Session PartnersKevin W Knight. Chairman of ISO Working Group that developed ISO 31000 – Australia.
The Australian perspective
Twenty years of Risk Management Standardisation – Past, Present and Future.
Although the original 1995 edition of the AS/NZS 4360 standard was developed from earlier risk-management ideas and processes it was nonetheless ground-breaking as the first standard published on risk management.Carol Fox Director, Strategic and Enterprise Risk Practice at RIMS, Vice-chairman at US TAG for ISO 31000 Risk Management – USA.
The USA perspective
Risk management standards and frameworks in the U.S.: Adopt or adapt?
RIMS 2011 benchmark survey on ERM will be discussed, including how risk practitioners are utilizing prevalent standards and frameworks.Alicia Swart. Risk Management Turnaround Specialist. Sola Fide Solutions: Risk and Strategy Consulting. – South Africa
The South African perspective
Taking ISO 31 000 to the next level in the South African Context
Geraint Bermingham. Director of Navigatus Consulting –New Zealand.
- Why the current South African Context is creating an ideal platform to actively position the value add of ISO 31000.
- South African opportunities to uniquely package ISO 31 000 solutions and ensure the value and buy in for organizations
- Raising ISO 31 000 awareness while leveraging from other business “buzz” words and disciplines.
The New Zealand perspective
The rapid adoption of ISO31000 in New Zealand
This presentation describes how ISO31000 was rapidly introduced and adopted by private and public commercial organisations as well as government agencies within New Zealand. The effect of the New Zealand context on how organisational think about risk – even before the second largest city was nearly destroyed by a series of earthquakes – is described and mention is made of the development of a range of ISO31000 derived standards covering natural hazards, social activities and a range of types of organisations.Alpaslan Menevse Operational Risk Manager at Sekerbank – Turkey
The Turkish perspective
The New Code of Commerce and ISO 31000 in Turkey
Evolutionary new code of commerce in Turkey will go in effect in 1st of July 2012. Prepared totally with a new vision, the code requires a risk oversight commitee with ERM functionality for all publicly traded firms in Istanbul Stock Exchange. The mandate will bring new opportunities to the risk management field since it allows organizations to outsource the risk advisory function.Awad Loubani Director, Quality and Risk Management Services in the Corporate Services and Strategic Planning Branch of Public Works and Government Services Canada (PWGSC). – Canada
The Canadian perspective
Angel Escorial Director General at Riskia, Member of the Spanish AENOR Commission on Risk Management – Spain
- Membership matrix of the CSA Technical Committee on Risk Management and the subsequent Standards Council of Canada Mirror Committee membership
- Comparative study of various RM standards in 2008
- Focus groups approach – different economic sectors across Canada
- Conducting 3 public reviews of CSA Q31001
- Cross work with other CSA TCs
- Canadian additions to ISO 31000
- CSA training and speaking opportunities
- Going forward: CSA senior management to have greater focus on RM as a critical area of their work
The Spanish perspective
- AENOR translated into Spanish ISO31000 in 2010
- Spread of ISO31000 through RM Associations, particularly by AGERS
- Increasing interest for information and training
- Global ISO31000 Survey 2011
Critical Success Factors in Implementing ISO 31000:2009John Lark. President,Coherent Advice – Canada.
Whether you are in a small organisation or large, there are some critical steps and solutions that can assure you a smooth transformation from your current approach to risk management to one based on ISO 31000:2009. This will include strategies to increase engagement of decision makers, avoid “blind spots”, and create a self-sustaining cost-effective team. There will be opportunities for questions and discussion to address particular challenges brought forward by participants.
Going beyond regulatory requirements
Today, banks are mandated to meet many different regulations including but not limited to Anti Money Laundering requirements, Sarbanes Oxley, Dodd Frank Wall St Reform Act, International Accounting Standards and Basel II / Basel III banking accord. This session will look at how ISO 31000 can assist in bringing these various regulatory initiatives together and not only be harmonious with Basel II, III but improve its operation.
Session PartnersJason Shohet – VP – Global Compliance & Risk Management at Citigroup – USA
ISO in a COSO world
Martin Davies. Managing Director at Causal Capital – Singapore
- Identifying internal and external stakeholders of a “silo” within a heavily-regulated bank – an AML example
- Using ISO 31000 principles to educate traders/bankers who expected you to mitigate risk for them
- Why banking operations struggle with identifying risk events – and how to address the problem
- Focus on achievement of objectives versus traditional focus on regulatory compliance
Alpaslan Menevse – Operational Risk Manager at Sekerbank – Turkey
- How can ISO 31000 bring risk departments together in banks
- Why Basel II, III does not conflict with ISO 31000
- Look at the top risk challenges for Banks and how can ISO 31000 assist with them
- A working mode for ISO 31000 in financial institutions
Changing the culture
Tim Leech. Managing Director Global Services at Risk Oversight Inc. – Canada
- Organizational Culture is one of the most important topics addressed by ISO 31000
- Most affected organizations have not built up common internal language.
- Resisting to the change will be one of the main threats of the next decade.
- Why ISO 31000 is the best candidate of holistic integrator of the organizations.
Using ISO 31000 for Sarbanes-Oxley Section 404 – What will it take to convince the U.S. and countries around the world that ISO 31000 is a “suitable” and far superior assessment framework for SOX 404 and similar representations? What will it take to eliminate the current control-centric SOX 404 silo and integrate SOX assessment efforts with ISO 31000 and ERM?
A Voce, which means “word of mouth” in Italian, has opened its second restaurant in New York City at Time Warner Center.
The restaurant’s Italian classics are inspired by the spirit of seasonal and regional simplicity.The combination of innovative and contemporary cuisine, an extensive wine list, attentive service and chic décor showcases the sophisticated establishment in a variety of ways.
10 Columbus Circle, 3rd Floor, NYC (Same Building as the Conference, enter from the Main Doors facing the park.)