Courtesy: ISO 32000 Document management Government regulations require that companies working in certain industries control their documents. These industries include accounting (for example: 8th EU Directive, Sarbanes–Oxley Act), food safety (e.g., Food Safety Modernization Act in the US), ISO (mentioned above), medical device manufacturing (FDA), manufacture of blood, human cells, and tissue products (FDA), healthcare (JCAHO), and information technology […]
Author Archives: owner
Courtesy: ISO 32000 Document management A document management system (DMS) is a system used to receive, track, manage and store documents and reduce paper. Most are capable of keeping a record of the various versions created and modified by different users (history tracking). In the case of the management of digital documents such systems are based on computer programs. […]
Courtesy: ISO 31000 Risk management internal auditor training In addition to information technology audit, internal auditors play an important role in evaluating the risk-management processes of an organization and advocating their continued improvement. However, to preserve its organizational independence and objective judgment, Internal Audit professional standards indicate the function should not take any direct responsibility for making […]
Courtesy: ISO 31000 risk management internal auditor training ISO 31000: the new International Risk Management Standard ISO 31000 is an International Standard for Risk Management which was published on 13 November 2009. An accompanying standard, ISO 31010 – Risk Assessment Techniques, soon followed publication (December 1, 2009) together with the updated Risk Management vocabulary ISO Guide […]
Courtesy: ISO 31000 Risk management internal auditor training ERM frameworks defined There are various important ERM frameworks, each of which describes an approach for identifying, analyzing, responding to, and monitoring risks and opportunities, within the internal and external environment facing the enterprise. Management selects a risk response strategy for specific risks identified and analyzed, which may include: […]
Courtesy: ISO 31000 Risk management internal auditor training The chosen method of identifying risks may depend on culture, industry practice and compliance. The identification methods are formed by templates or the development of templates for identifying source, problem or event. Common risk identification methods are: Objectives-based risk identification – Organizations and project teams have objectives. Any […]
Courtesy: ISO 31000 Risk management internal auditor training Principles The International Organization for Standardization (ISO) identifies the following principles of risk management: Risk management should: Create value – resources expended to mitigate risk should be less than the consequence of inaction Be an integral part of organizational processes Be part of decision-making process Explicitly address uncertainty and assumptions Be […]
Courtesy: ISO 31000 Risk Management internal auditor training Opportunity cost represents a unique challenge for risk managers. It can be difficult to determine when to put resources toward risk management and when to use those resources elsewhere. Again, ideal risk management minimizes spending (or manpower or other resources) and also minimizes the negative effects of […]
Courtesy: ISO 31000 Risk management Strategies to manage threats (uncertainties with negative consequences) typically include avoiding the threat, reducing the negative effect or probability of the threat, transferring all or part of the threat to another party, and even retaining some or all of the potential or actual consequences of a particular threat. The opposite […]
Courtesy: ISO 31000 Risk management Accordingly, senior position holders in an enterprise risk management organisation will need to be cognisant of the implications for adopting the standard and be able to develop effective strategies for implementing the standard, embedding it as an integral part of all organizational processes including supply chains and commercial operations. In domains that concern […]