Page 11 - 4.Kerangka kerja manajemen risiko
P. 11

SNI ISO 31000:2018

                  desired  levels  of  sustainable  performance  and  long-term  viability.  Determining  risk
                  management accountability and oversight roles within an organization are integral parts of the
                  organization’s governance.

                  Integrating  risk  management  into  an  organization  is  a  dynamic  and  iterative  process,  and
                  should be customized to the organization’s needs and culture. Risk management should be a
                  part  of,  and  not  separate  from,  the  organizational  purpose,  governance,  leadership  and
                  commitment, strategy, objectives and operations.

                  5.4    Design

                  5.4.1    Understanding the organization and its context

                  When  designing  the  framework  for  managing  risk,  the  organization  should  examine  and
                  understand its external and internal context.

                  Examining the organization’s external context may include, but is not limited to:

                  —  the  social,  cultural,  political,  legal,  regulatory,  financial,  technological,  economic  and
                      environmental factors, whether international, national, regional or local;

                  —  key drivers and trends affecting the objectives of the organization;

                  —  external stakeholders’ relationships, perceptions, values, needs and expectations;

                  —  contractual relationships and commitments;
                                                                                                                  Hak cipta  Badan Standardisasi  Nasional,  Copy standar ini dibuat oleh BSN untuk Sistem Pembelajaran E-Learning SPK Badan Standardisasi Nasional
                  —  the complexity of networks and dependencies.

                  Examining the organization’s internal context may include, but is not limited to:

                  —  vision, mission and values;

                  —  governance, organizational structure, roles and accountabilities;

                  —  strategy, objectives and policies;

                  —  the organization’s culture;

                  —  standards, guidelines and models adopted by the organization;

                  —  capabilities, understood in terms of resources and knowledge (e.g. capital, time, people,
                      intellectual property, processes, systems and technologies);

                  —  data, information systems and information flows;

                  —  relationships with internal stakeholders, taking into account their perceptions and values;

                  —  contractual relationships and commitments;

                  —  interdependencies and interconnections.

                  © BSN 2018                               23 dari 34
   6   7   8   9   10   11   12   13   14