Notice to readers:

Share on facebook
Share on email
Share on twitter
Share on linkedin

STATEMENT WITHDRAWAL – RE: WILLOWTON GROUP

Good day,

It has come to our attention that the statement made on 11 September 2019, in an email newsletter, was published prior to Risk ZA Corporate Sustainability (Pty) Ltd. obtained all the relevant facts and, as a result, may have been misleading.

Risk ZA Corporate Sustainability (Pty) Ltd. expresses its apologies to Willowton Group for the statement and hereby withdraws the statement made on 11 September 2019 in its entirety. Risk ZA Corporate Sustainability (Pty) Ltd. has been informed by Willowton Group that the incident is currently under investigation and the cause of the incident is presently unknown.

Further details relating to the incident can be obtained from Willowton Group directly.

Sincerely, 
Risk ZA Corporate Sustainability (Pty) Ltd.

You can share this blog post on your preferred social media platform:

Share on facebook
Share on email
Share on twitter
Share on linkedin

ISO 31000:2018 Risk Management – Accelerate Business Performance

Share on facebook
Share on email
Share on twitter
Share on linkedin

The World Economic Forum describes the current competitive business landscape in a word: disruptive. How well an organisation approaches risk management in a climate of volatility can affect its ability to make robust and informed strategic decisions and achieve its objectives.

Download our FREE GUIDE ISO 31000:2018 How do I get started? where we investigate the 8 Principles that set out the requirements for a risk management initiative.

Traditionally, risk management played a supporting role at board level. However, over the past decade, organisations have adopted the view that risk management must be embedded in the general management of an organisation, and fully integrated across an enterprise with functions such as finance, strategy, internal control, procurement, continuity planning, human resources, and compliance.

Voices of stakeholders have become louder in their demand for transparency and accountability in managing the impact of risk, and evaluating the ability of leadership to embrace opportunities. The use of technology and economic globalisation have made risks increasingly entwined, placing even more emphasis on sound risk management within any organisation.

To keep pace with a rapidly evolving world and future threats, the International Organization for Standardization published a revised version of its Risk Management Standard in February 2018. Essentially, ISO 31000:2018 reflects the evolution of risk management thinking from a separate ‘siloed’ activity to an integrated management function. The overarching strategy of the standard is to embed risk management best practices on a micro-level within organisations so as to manage threats that stand in the way of enterprises achieving their objectives, and create value by finding and exploiting opportunity. This should grab the attention of anyone looking to gain competitive advantage, improve operations, or reduce costs within their organisation.

ISO 31000:2018 - Five Things to Know

1. It is clear and concise

The standard delivers a clear and concise guide to help all organisations manage risks. Risk management concepts are simply explained, giving diverse organisations and people the ability to access the tools that can drive change in order to protect and create value. ISO 31000:2018 is supplemented by ISO Guide 73:2009, a vocabulary index used to support ISO 31000:2018, and ISO 31010:2009 that focuses on risk assessment concepts, processes and the selection of risk assessment techniques.  ISO 31000:2018 has been trimmed down to just 15 pages, and risk management principles reduced from 11 to 8, which streamlines the process for implementation.

2. It is easy to implement

All organisations make decisions that shape their future every day. ISO 31000:2018 provides guidance on how to manage uncertainty to meet objectives, and how to implement risk management to support strategic decision making. This promotes intelligent risk taking at all levels of a business. Risk management best practices promote critical thinking about the role of uncertainty in decision making, and encourage the identification, assessment, and treatment of uncertainty that can impact daily business activities. Small organisations with limited room for exposure to adverse internal and external risks now have the ability to access invaluable tools to create a tolerable risk environment and protect value.

3. It creates and protects value

Creating and protecting value is the central tenant of ISO 31000:2018. If processes are not adding value, they are simply adding costs. The standard helps enterprises improve performance by embedding risk management into all business decision-making processes and making risk-based thinking a daily activity.

4. It reinforces integration

Integration is mentioned throughout the standard. Here are a few examples:

  • Risk management should be part of the organisational purpose, governance, leadership and commitment, strategy, objectives and operations.
  • Properly designed and implemented, the risk management framework ensures that the risk management process is a part of all activities throughout the organisation.
  • The organisation should continually improve the suitability, adequacy and effectiveness of the risk management framework and the way the risk management process is integrated.
  • The risk management process should be an integral part of management and decision-making and should be integrated into the structure, operations and processes of the organisation.

5. It focuses on leadership

Support from top management is essential for successful implementation of the risk management framework and processes. Leadership support for risk management becoming a strategic planning and decision-making tool creates a risk aware culture at all levels of the organisation.

CONCLUSION

ISO 31000:2018 can help create and protect value for any organisation by providing a flexible framework. If individuals are given the tools to promote critical thinking on how uncertainty can impact meeting objectives then the organisation should see an increase in value from an integrated risk management framework.

Ready to get started?

Risk ZA is a leading provider of enterprise risk management training programmes, which aim to improve your business performance. Contact us on +27 (0) 31 569 5900, email info@riskza.com or visit www.riskza.com.

PLUS! Download our FREE GUIDE ISO 31000:2018 How do I get started? where we investigate the 8 Principles that set out the requirements for a risk management initiative.

For more information or guidance on which ISO standard(s) and services would best suit the needs of your organisation, please email Risk ZA at info@riskza.com or contact us on 0861 Risk ZA / +27 (0) 31 569 5900.

You can share this blog on your preferred social media platform:

Share on facebook
Share on twitter
Share on linkedin
Share on email

ISO 14001:2015 – Internal Audits Drive Real Improvements

ISO 14001:2015 - Internal Audits Drive Real Improvements

Confronted with dramatic environmental challenges, plus a slew of regulatory requirements, many organisations have implemented environmental management systems (EMSs). An ISO 14001:2015 based EMS is the most popular, used to meet compliance obligations, monitor environmental policies and procedures, manage resources and control environmental harms.

ISO 14001:2015 is a systems-based management tool centering around the Plan-Do-Check-Act method, which drives continual improvement. The standard outlines in Clause 9.2 that internal audits at set intervals are necessary to support the theme of continual improvement underpinning the management system.

The purpose of internal audits is to ensure that the organisation’s environmental policies, objectives, compliance obligations and performance requirements are met and recorded, and that any corrective action is taken where necessary.

DOWNLOAD FREE GUIDE

Our FREE Downloadable Guide How To Conduct An Environmental Management Systems Audit explores more about the ISO 14001 Environmental Audit process. You can get hold of it by clicking the button below.

What to expect from an ISO 14001:2015 audit

A key point to emphasise is that the intended outcomes of ISO 14001:2015 have not changed. The EMS must:

  • Protect the environment.
  • Meet compliance obligations.
  • Enhance environmental performance.

ISO 14001:2015 does, however, have a number of new requirements that will change the focus of an audit, which include:

  • Context of the organisation
  • Leadership
  • Planning
  • Support
  • Documentation
  • Operations
  • Performance evaluation
  • Improvement

ISO 14001:2015 - Clause 9: Performance evaluation

Performance evaluation is about measuring and evaluating an EMS to establish whether it meets the organisation’s planned outcomes. Evaluation provides valuable information for continual improvement by:

  • Evaluating the EMS’s effectiveness.
  • Establishing whether requirements of the standard are being met.
  • Verifying whether compliance obligations have been met.
  • Reviewing the EMs’s suitability, adequacy, effectiveness and efficiency.
  • Demonstrating that planning has been properly implemented.
  • Assessing the performance of processes against outcomes.
  • Determining the need or opportunities for improvement.

Monitoring, measurement, analysis and evaluation

Monitoring in the sense of ISO 14001 means checking, reviewing, inspecting and observing  planned activities to ensure that they are occurring as intended. So, for example, if an operational control states that water quality will be inspected twice weekly, then this is a monitoring process. Monitoring and measurement :

  • Evaluates environmental performance;
  • Analyses root causes of problems;
  • Assesses compliance with compliance obligations;
  • Identifies areas for corrective action;
  • Improves performance and efficiency.

The Internal audit programme

Unlike an audit schedule or audit plan, an audit programme includes the full life-cycle of auditing. From the very decision to use audit as a tool through planning and initiating the audit, performing, reporting and follow-up, to improvement of the entire programme and its constituent parts.

All parts of the EMS should be audited at minimum yearly, this is typically dealt with in an annual audit schedule. The entire EMS can be audited at once or in parts for more frequent audits. To establish the frequency of EMS audits, consider:

  • The nature of your operations;
  • Risks and opportunities;
  • Statutory and regulatory requirements and compliance obligations;
  • Significant environmental aspects / impacts;
  • Results of your monitoring programme;
  • Results of previous audits.

There are two principle considerations when auditing:

Compliance/conformance audits – ensure that management arrangements, like procedures, are being followed in order to comply with the requirements of ISO 14001.

Performance Audits –  ensure that the outputs of the management arrangements are achieving their intended outcomes. For example, the results of engineering controls applied to mitigate air pollution are achieving the legal limits.

ISO 14001 demands an approach that combines both a compliance/conformance and a performance approach to auditing.

Who should perform an environmental audit?

ISO 19011:2018 – Guidelines for auditing management systems – contains information on how to choose an Environmental Auditor. Environmental Auditors should have personal attributes, such as ethics, open-mindedness, perceptiveness and tact. They should understand audit principles, procedures and techniques, and have gained experience by conducting audits. They should know the subject matter they are auditing against and how this applies to different organisations.

Audit Team Leaders should be able to plan and resource effectively, have good communication and leadership skills. Environmental Auditors should complete training and have attained an appropriate level of education. When seeking an External Auditor consider the skills outlined here.

Auditor qualifications

All auditors need to receive initial and ongoing training. EMS auditors should be trained in auditing techniques and management system concepts, environmental regulations, and facility operations. For performance audits, an auditor needs to have a good understanding of the standard and the EMS, and a broad understanding of environmental issues. Auditors should be reasonably independent of the area or activity that is being audited and can definitely not audit their own work.

An effective audit programme should:

  • Develop audit procedures and protocols.
  • Establish an appropriate audit frequency.
  • Train auditors.  
  • Maintain audit records.
  • Link audit results to the corrective action system.

NEW! ISO 19011:2018: Guidelines for auditing management systems

Auditors are the ears and eyes of top management because they can provide an independent appraisal of an organisation’s operations and activities. In addition, a skillful auditor will add value to a management system by finding opportunities for improvement. It’s important to note that ISO 19011:2018 has significantly raises the bar on what constitutes essential competencies that management-systems auditors need to possess or acquire.

Revisions to ISO 9001:2015 (QMS), ISO 14001:2015 (EMS), and ISO 45001:2018 (OH&S) are all based on Annex SL of ISO Directive 1, the ISO High Level Structure. Consequently, ISO 19011 includes an annex to deal with how to audit organisational context, leadership and commitment, compliance and the supply chain, amongst others. The new standard will help with the effective audit of these management systems and facilitate a uniform approach to the auditing process where multiple systems are in place.

DOWNLOAD FREE GUIDE

Our FREE Downloadable Guide How To Conduct An Environmental Management Systems Audit explores more about the ISO 14001 Environmental Audit process. You can get hold of it by clicking the button below.

For more information or guidance on which ISO standard(s) and services would best suit the needs of your organisation, please email Risk ZA at info@riskza.com or contact us on 0861 Risk ZA / +27 (0) 31 569 5900.

You can share this blog on your preferred social media platform:

Share on facebook
Share on twitter
Share on linkedin
Share on email

ISO 45001:2018 – How to become an OHS Auditor

How to become an OHS Auditor
Share on facebook
Share on twitter
Share on linkedin
Share on email

ISO 45001:2018 has been heralded as a ‘game changer’ in the world of voluntary safety management standards. Earlier this year, ISO 45001 was approved by voters of countries from around the world, and has been praised by the American Society of Safety Professionals as a ‘watershed moment’. It is one of the most significant developments in workplace safety over the past 50 years, presenting an opportunity to move the needle on reducing occupational health and safety risks.

The addition of ISO 45001 to the suite of ISO management system standards reinforces that Occupational Health & Safety is a key area of business performance for organisations, and that OH&S is about a lot more than legal compliance. When it is well integrated into the management of an organisation, good OH&S management is an enabler and an asset for a business rather than a cost.

To assist you in understanding the requirements for an ISO 45001:2018 OHS Management System Auditor, we have created a free guide with points from ISO 19011:2018: 10 STEPS TO AUDITING AN ISO 45001:2018 OHS MANAGEMENT SYSTEM.

Key considerations in the new standard

  • Setting the organisational context. Organisations will have to look beyond their own health and safety issues and consider what society expects from them, in regard to health and safety issues.
  • Increased top management accountability in a number of areas.  
  • Worker engagement. Siloed management systems have hampered effective OH&S management, and in respect of ISO 45001 workers need the opportunity to contribute and participate in all aspects of the Health & Safety Management System.  
  • Communication and risk management. ISO 45001 requires that risks and opportunities be established with all workers as part of the planning and implementation process of an OHSMS and that consultation be ongoing.

Auditing of Occupational Health & Safety management systems forms an important part of the process to demonstrate continual improvement. Continual improvement is a core component of every ISO management system. ISO 45001 further refines this, and ‘preventive action’ now becomes a distinct concept of the system as a whole. This means organisations will need to adopt a systemic approach for measuring and monitoring OH&S performance and compliance on a regular basis, as an integral part of the management system function.

Auditors needed for ISO 45001 OHS Management systems

As more organisations move towards seeking validation of their management system against ISO 45001, the demand for auditors will continue to rise. Whether you are new to safety management systems or transitioning from OHSAS 18001, the journey towards becoming a competent ISO 45001 auditor begins by becoming familiar with:

  • The high level structure for management systems based on Annex SL and how this affects auditing.
  • The new requirements for understanding the organisation and its context and how they may be audited.
  • The new and enhanced requirements for leadership and worker participation and how this affects auditing.
  • Risk-based thinking in an OHSMS and how this extends to requirements for risks and opportunities and how these may be audited.
  • The changes from a procedural approach to a process approach and how they may be audited.
  • How to adapt your auditing technique to accommodate the new and amended requirements in ISO 45001:2018.
  • Migration time frames for ISO 45001 and their impact on existing OHSAS 18001 certified organisations.

How can Risk ZA assist you?

To encourage the internal and supplier auditing functions, Risk ZA has developed a practical 2 Day ISO 45001:2018 Auditing course. The course provides the theoretical and practical knowledge of OHS auditing required to determine the conformance of the management system arrangements and its performance; based on outcomes. Delegates complete practical exercises and other assessments which relate to the requirements of ISO 45001:2018, hazards and other significant factors which influence the organisations OHS performance.

Persons attending this course will be able to facilitate internal Occupational Health & Safety management system audits based on the ISO 45001:2018 Standard and the ISO 19011 Standard for management system auditing. Plan and facilitate audits, set and recommend corrective actions, follow up and close out audit findings.

This course is recommended for Occupational Health and Safety Practitioners, Line Managers, Supervisors, and Management.

Download our free guide

Uncover the tools necessary for an ISO 45001:2018 Auditor by downloading our FREE downloadable guide: 10 STEPS TO AUDITING AN ISO 45001:2018 OHS MANAGEMENT SYSTEM

For more information or guidance on which ISO standard(s) and services would best suit the needs of your organisation, please email Risk ZA at info@riskza.com or contact us on 0861 Risk ZA / +27 (0) 31 569 5900.

You can share this blog on your preferred social media platform:

Share on facebook
Share on twitter
Share on linkedin
Share on email
management-system