Page 10 - 4.Kerangka kerja manajemen risiko
P. 10

SNI ISO 31000:2018



            5.2    Leadership and commitment

            Top  management  and  oversight  bodies,  where  applicable,  should  ensure  that  risk
            management is integrated into all organizational activities and should demonstrate leadership
            and commitment by:

            —  customizing and implementing all components of the framework;

            —  issuing a statement or policy that establishes a risk management approach, plan or course
                of action;

            —  ensuring that the necessary resources are allocated to managing risk;

            —  assigning  authority,  responsibility  and  accountability  at  appropriate  levels  within  the
                organization.

            This will help the organization to:

             —  align risk management with its objectives, strategy and culture;

             —  recognize and address all obligations, as well as its voluntary commitments;

            —  establish  the  amount  and  type  of  risk  that  may  or  may  not  be  taken  to  guide  the
                development of risk criteria, ensuring that they are communicated to the organization and
                its stakeholders;

            —  communicate the value of risk management to the organization and its stakeholders;                 Hak cipta  Badan Standardisasi  Nasional,  Copy standar ini dibuat oleh BSN untuk Sistem Pembelajaran E-Learning SPK Badan Standardisasi Nasional

            —  promote systematic monitoring of risks;

            —  ensure that the risk management framework remains appropriate to the context of the
                organization.

            Top management is accountable for managing risk while oversight bodies are accountable for
            overseeing risk management. Oversight bodies are often expected or required to:

            —  ensure that risks are adequately considered when setting the organization’s objectives;

            —  understand the risks facing the organization in pursuit of its objectives;

            —  ensure that systems to manage such risks are implemented and operating effectively;

            —  ensure that such risks are appropriate in the context of the organization’s objectives;

            —  ensure that information about such risks and their management is properly communicated.

            5.3    Integration

            Integrating  risk  management  relies  on  an  understanding  of  organizational  structures  and
            context. Structures differ depending on the organization’s purpose, goals and complexity. Risk
            is  managed  in  every  part  of  the  organization’s  structure.  Everyone  in  an  organization  has
            responsibility for managing risk.
            Governance guides the course of the organization, its external and internal relationships, and
            the rules, processes and practices needed to achieve its purpose. Management structures
            translate governance direction into the strategy and associated objectives required to achieve

            © BSN 2018                               22 dari 34
   5   6   7   8   9   10   11   12   13   14