British Standard Bs 31100

[Achill Baldwin]

BS31100 provides recommendations for the framework, process and implementation of risk management and should be used for:

Ensuring that your business achieves its objectives

Ensuring risks are proactively managed in specific areas or activities

Overseeing risk management in your company

Providing assurance on your risk management strategy

Reporting to stakeholders, e.g. through annual financial statements, corporate governance reports or corporate social responsibility reports.

BS 31100 establishes the principles and terminology for risk management. It also gives recommendations for the model, framework, process and implementation of risk management gained from experience and good practice.

This key standard for risk management is useful to CEOs, CFOs, CROs, CIOs, COOs and CTOs; chairmen and company secretaries; managing, IT and finance directors; risk, insurance, claims and business continuity managers; information security specialists; underwriters; Health and Safety officers; and heads of legal affairs.

It is well known that more and more organisations are now taking more interest in the field of Business Continuity Management (BCM), in particular with regards to business continuity and disaster recovery. Any form of BCM is an important aspect of any organisation and one that is linked in part to Risk Management or Enterprise Risk Management.

British Standards BS 31100:2011 defines BCP as: A holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause, and which provides a framework for building organisational resilience with the capability for an effective response to safeguard the interests of its key stakeholders, reputation, brand and value-creating activities. So, we can see from the above definition that the purpose of business continuity is just that, to identify what is going to affect an organisation and how it is going to be affected although above and beyond that, then business continuity planning is also about how to protect and continue in the event of an incident. It is difficult to understand why it is only in recent years that many businesses have understood the value of BCM and why it is so important in terms of business and strategic goals. Larger organisations have ensured that they have the necessary skills, experience and knowledge in terms of business continuity planning and will either recruit BCM specialists internally or outsource to one of the experienced consultancies. Smaller organisations must follow suit and ensure that they have the relevant planning and responses in place, and this is where experienced BCM consultants can assist.

We have many happy clients that employ our services. If you are looking for a strategic, experienced security partner, to minimize your risk exposure. Please contact us for an informal discovery meeting.

We deliver intelligent security services including our flagship services of Close Protection, Asset Protection and Predictive Intelligence based Physical Security Operations Centre (PSOC), that assist clients in achieving business continuity and peace of mind. These services are delivered mainly in the UK although also in Europe and the Middle East using our infrastructure of competent and professional staff. Our belief in professionalism and customer focus is the key to our strength as can be seen by our long-standing client base. The integration of technology designed internally by us, further confirms our place as a leading security provider and our distinctive competence and different approach to the standard security provider.

We have many happy clients that employ our intelligence, electronic security and protective services. If you are looking for a strategic, experienced security partner, to minimize your risk exposure. Please contact us for an informal discovery meeting.

Matthew Leitch is a consultant, author, researcher, and educator currently focused on completing two important new books while continuing work with his good friends at Z/Yen. Matthew lives and works (under uncertainty of course) from his home in Surrey, south of London, in the United Kingdom.

Matthew has had a varied career so far, but has been an independent consultant since 2003. Before that he worked as a consultant and auditor with PricewaterhouseCoopers, after training as an accountant and auditor at Fraser Russell. Before that he developed software and wrote technical marketing literature.

The many organizations that have sent people to educational events by Matthew are too numerous to mention, as are the many who have bought his books, but Matthew's consulting and in-house educational clients have included: British Telecommunications, the Department for Communities and Local Government, The Department for Transport, UBS, Oxfordshire County Council, Benfield, Wates, the United Kingdom Accreditation Service, BP, and the Devon and Cornwall Police Authority.

Matthew was a member of RM/1 (risk management), a committee at the British Standards Institution working on risk management standards, between 2007 and the end of 2018. He was initially a co-opted expert and subsequently represented the Centre for Risk Research (part of the Southampton Business School). He helped draft BS 31100:2008, the code of practice on risk management, and later worked very hard on the revised and expanded version of that document, BS 31100:2011. He has been awarded two Distinguished Service Certificates by BSI, and they're not given out often.

In recent years Matthew has been tutoring young people in mathematics, usually to help them with GCSE and A level exams. This work is with his amazing wife, Sarah Watkins, herself a sought after tutor and the business brains behind the tutoring. However, the tutoring business is being retired in 2023/2024 to allow us time to do other things.

Similarly, Matthew's 10+ years as a visiting lecturer and dissertation supervisor at the Southampton Business School (University of Southampton) came to an end in 2023 to free up time for other things.

British standard BS 31100 menetapkan prinsip manajemen risiko seperti standar internasional ISO 31000 yang juga mencakup daftar rinci tentang prinsip-prinsip yang disarankan manajemen risiko. Manajemen risiko yang sukses akan:

AS NZS 4360:2004 menyebutkan bahwa manajemen riisko beroperasi pada seperangkat prinsip dengan beberapa definisinya. Manajemen risiko pun memilki tahapan-tahapan yaitu identifikasi, analisis dan pengendalian risiko

Pada tahap ini dilakukan identifikasi terhadap risiko yang akan dikelola. Identifikasi harus dilakukan terhadap semua risiko, baik yang berada di dalam ataupun di luar organisasi.

Identifikasi risiko haruslah mengenai pertimbangan berikut:

a. Apa yang dapat terjadi?

Tujuannya adalah untuk menyusun daftar risiko secara komprehensif dari kejadian-kejadian yang dapat berdampak pada setiap elemen kegiatan. Pada dasarnya tahap ini memberikan eksplorasi gambaran permasalahan yang dihadapi. Tahap ini nantimya akan memberikan besaran konsekuensi yang dapat terjadi. Konsekuensi merupakan sebuah variabel penting untuk menentukan level risiko nantinya.

Pendekatan yang digunakan untuk identifikasi risiko diantaranya adalah checklist, penilaian berdasarkan pengalaman dan pencatatan, flow charts, brainstorming, analisis sistem, analisis skenario dan tekhnik sistem rekayasa.

Metode identifikasi merupakan tekhnik yang dikembangkan untuk mengenal dan mengevaluasi berbagai bahaya yang terdapat dalam proses kerja. Beberapa metode yang dapat digunakan dalam mengidentifikasi potensi bahaya dalam kegiatan industri adalah sebagai berikut (Kolluru,1996).

1. What if/check list

Dalam metode ini, setiap proses dipelajari melalui pendekatan brainstorming untuk memformulasikan setiap pertanyaan meliputi kejadian yang akan menimbulkan konsekuensi yang tidak diinginkan. Masing-masing pertanyaan dibagi ke dalam tahapan operasi,tekhnik, pemeliharaan dan inspeksi.

Setiap pertanyaan tersebut mempertimbangkan skenario terjadinya insiden, identikasi konsekuensi, penilaian kualitatif untuk menentukan tingkat keparahan konsekuensi, kemungkinan dari semua risiko yang ada dan pembuatan rekomendasi untuk mengurangi bahaya. Metode what if/ checklist dapat digunakan untuk mengidentifikasi bahaya potensial dari setiap tahapan proses. Metode ini akan efektif apabila dilakukan oleh tim yang berpengalaman untuk evaluasi suatu proses.

2. HAZOPS

Hazard and Operability Study (HAZOPS) digunakan untuk mengidentifikasi permasalahan dari operasional proses yang dapat mempengaruhi efisiensi produksi dan keselamatan. HAZOPS merupakan metode identifikasi risiko yang berfokus pada analisis terstruktur mengenai operasi yang berlangsung.

Dengan menggunakan HAZOPS, kita harus mempelajari setiap tahapan proses untuk mengidentifikasi semua penyimpangan dari kondisi operasi yang normal, mendeskripsikan bagaimana bisa terjadi dan menentukan perbaikan dari penyimpangan yang ada.

3. FMEA

Failure Mode and Effect Analysis (FMEA) merupakan metode identifikasi risiko dengan menganalisis berbagai pertimbangan kesalahan dari peralatan yang digunakan dan mengevaluasi dampak dari kesalahan tersebut. Kelemahan metode ini adalah tidak mempertimbangkan kesalahan manusia. Dalam hal ini, FMEA mengidentifikasi kemungkinan abnormal atau penyimpangan yang dapat terjadi pada komponen atau peralatan yang terlibat dalam proses produksi serta konsekuensi yang ditimbulkan.

4. FTA

Fault Tree Analysis (FTA) merupakan suatu teknik yang dapat digunakan untuk memprediksi atau sebagai alat investigasi setelah terjadinya kecelakaan dengan melakukan analisis proses kejadian. FTA nantinya akan menghasilkan penilaian kuantitatif dari probabilitas kejadian yang tidak diinginkan.

FTA merupakan metode yang paling efektif dalam menemukan inti permasalahan karena dapat menentukan bahwa kerugian yang ditimbulkan tidak berasal dari satu kegagalan. FTA merupakan kerangka berpikir terbalik di mana evaluasi berawal dari insiden kemudian dikaji penyebabnya.

3a8082e126