Page 12 - 4.Kerangka kerja manajemen risiko
P. 12

SNI ISO 31000:2018

            5.4.2    Articulating risk management commitment

            Top management and oversight bodies, where applicable, should demonstrate and articulate
            their continual commitment to risk management through a policy, a statement or other forms
            that clearly convey an organization’s objectives and commitment to risk management. The
            commitment should include, but is not limited to:

            —  the organization’s purpose for managing risk and links to its objectives and other policies;

            —  reinforcing  the  need  to  integrate  risk  management  into  the  overall  culture  of  the

            —  leading  the  integration  of  risk  management  into  core  business  activities  and  decision-

            —  authorities, responsibilities and accountabilities;

            —  making the necessary resources available;

            —  the way in which conflicting objectives are dealt with;

            —  measurement and reporting within the organization’s performance indicators;
            —  review and improvement.

            The risk management commitment should be communicated within an organization and to
            stakeholders, as appropriate.
                                                                                                                  Hak cipta  Badan Standardisasi  Nasional,  Copy standar ini dibuat oleh BSN untuk Sistem Pembelajaran E-Learning SPK Badan Standardisasi Nasional
            5.4.3   Assigning organizational roles, authorities, responsibilities and accountabilities

            Top management and oversight bodies, where applicable, should ensure that the authorities,
            responsibilities and accountabilities for relevant roles with respect to risk management are
            assigned and communicated at all levels of the organization, and should:

            —  emphasize that risk management is a core responsibility;

            —  identify individuals who have the accountability and authority to manage risk (risk owners).

            5.4.4    Allocating resources

            Top  management  and  oversight  bodies,  where  applicable,  should  ensure  allocation  of
            appropriate resources for risk management, which can include, but are not limited to:

            —  people, skills, experience and competence;

            —  the organization’s processes, methods and tools to be used for managing risk;

            —  documented processes and procedures;

            —  information and knowledge management systems;

            —  professional development and training needs.

            The organization should consider the capabilities of, and constraints on, existing resources.

            © BSN 2018                               24 dari 34
   7   8   9   10   11   12   13   14