qITIL中級課程風險管理_第1頁
qITIL中級課程風險管理_第2頁
qITIL中級課程風險管理_第3頁
qITIL中級課程風險管理_第4頁
qITIL中級課程風險管理_第5頁
已閱讀5頁,還剩58頁未讀 繼續(xù)免費閱讀

下載本文檔

版權說明:本文檔由用戶提供并上傳,收益歸屬內容提供方,若內容存在侵權,請進行舉報或認領

文檔簡介

qlTIL中級課程風險管理

Contents

CHAPTER1:INTRODUCTION

1.1Purposeofthisguide

1.2Whatismanagementofrisk?

Inthisguideriskisdefinedasuncertaintyofoutcome,whetherpositiveopportunityornegative

threat.Theterm'managementofrisk'incorporatesalltheactivitiesrequiredtoidentifyandcontrol

theexposuretoriskwhichmayhaveanimpactontheachievementofanorganisation'sbusiness

objectives.

Everyorganisationmanagesitsrisk,butnotalwaysinawaythatisvisible,repeatableand

consistentlyappliedtosupportdecisionmaking.Thetaskofmanagementofriskistoensurethat

theorganisationmakescosteffectiveuseofariskprocessthathasaseriesofwelldefinedsteps.

Theaimistosupportbetterdecisionmakingthroughagoodunderstandingofrisksandtheirlikely

impact.

Therearetwodistinctphases:riskanalysisandriskmanagement.Riskanalysisisconcernedwith

gatheringinformationaboutexposuretorisksothattheorganisationcanmakeappropriate

decisionsandmanageriskappropriately.

Managementofriskinvolveshavingprocessesinplacetomonitorrisks,accesstoreliableandupto

dateinformationaboutrisks,therightbalanceofcontrolinplacetodealwiththoserisks,and

decisionmakingprocessessupportedbyaframeworkofriskanalysisandevaluation.

Managementofriskcoversawiderangeoftopics,includingbusinesscontinuitymanagement,

security,programme/projectriskmanagementandoperationalservicemanagement.Thesetopics

needtobeplacedinthecontextofanorganisationalframeworkforthemanagementofrisk.Some

risk-relatedtopics,suchassecurity,arehighlyspecialisedandthisguidanceprovidesonlyan

overviewofsuchaspects.

1.3Whymanagementofriskisimportant

Acertainamountofrisktakingisinevitableifyourorganisationistoachieveitsobjectives.Effective

managementofriskhelpsyoutoimproveperformancebycontributingto:

?increasedcertaintyandfewersurprises

?betterservicedelivery

?moreeffectivemanagementofchange

?moreefficientuseofresources

bettermanagementatalllevelsthroughimproveddecisionmaking

reducedwasteandfraud,andbettervalueformoney

innovation

?managementofcontingentandmaintenanceactivities.

1.4Whoisinvolvedinriskmanagement

Inpractice,everyoneinanorganisationisinvolvedinriskmanagementtosomeextentandshould

beawareoftheirresponsibilitiesinidentifyingandmanagingrisk.However,therearesomeaspects

forwhichresponsibilitymustbeassignedtoindividuals.Withoutclearresponsibility(andthe

authoritytosupportthatresponsibility)someriskswillbemissedoroverlooked.

Inthepublicsector,therearetwomajorroleswithaclearresponsibilitytoensurerisksaremanaged

(therewillbeequivalentstotheserolesinprivatesectororganisations).Theserolesare:

?anAccountingOfficer(orequivalentseniormanager),whoisresponsibleforthe

organisation'soverallexposuretorisk.TypicallythispersonwillbetheChiefExecutive

Officer(CEO);theseniormanagerintheorganisation.Theymaydelegatesomeofthe

actionsbutcannotforgotheresponsibility

?aseniormanageractingasaproject'owner;whoisresponsibleforriskrelatingtoaspecific

programmeorprojectandfortherealisationofassociatedbusinessbenefits.

Audienceforthisguidance

Businessmanagers,processowners,strategicplanners,projectandprocurementteams,business

continuityplannersandsecurityteamsaretheprimaryaudienceforthisguidance,togetherwith

theirserviceproviders.

Itwillalsobeofinteresttoauditors,withtheirresponsibilityforensuringeffectivecorporate

governance.

1.5Howtousethisguide

Chapter1introducesthestructure,processandcultureofmanagementofrisk,explainingwhy

organisationsneedtodeviseandimplementeffectivestrategiesinordertomaximiseopportunities

andminimisethreatstotheachievementoftheirbusinessobjectives.Itidentifieskeypersonnelin

themanagementofriskandthetargetaudiencefortheguidance.

TheAnnexesprovidesupportingdetail:

1.6Theresearchforthisguidance

CHAPTER2:PRINCIPLES

Thischapteroutlinesthekeyprinciplesunderpinningtheeffectivemanagementofrisk.

2.1Criticalsuccessfactorsformanagementofrisk

Thekeyelementsthatneedtobeinplaceifriskmanagementistobeeffective,andinnovation

encouraged,include:

?clearlyidentifiedseniormanagementtosupport,ownandleadonriskmanagement

?riskmanagementpoliciesandthebenefitsofeffectivemanagementclearlycommunicated

toallstaff

?existenceandadoptionofaframeworkformanagementofriskthatistransparentand

repeatable

?existenceofanorganisationalculturewhichsupportswellthought-throughrisktakingand

innovation

?managementofriskfullyembeddedinmanagementprocessesandconsistentlyapplied

?managementofriskcloselylinkedtoachievementofobjectives

?risksassociatedwithworkingwithotherorganisationsexplicitlyassessedandmanaged

?risksactivelymonitoredandregularlyreviewedonaconstructive'no-blame'basis.

Jointworkingandpartnershipsofteninvolvemorecomplextypesofriskthatcanadverselyaffect

thedeliveryofbusinessservices.Forexample,ifpartoftheserviceprovidedbyoneorganisationis

delayedorofpoorquality,thesuccessofthewholecollaborationcanbeputatrisk.Youmustmake

surethatyourorganisationknowsabouttheriskmanagementapproachesofyourpartners.Sharing

informationaboutriskmanagementmeansthatrisksincollaborativeprogrammescanbeidentified

andmanagedinaproactiveway.

Publicsectorconcerns

TheModernisingGovernmentinitiativeseekstoencouragethepublicsectortoadoptwellmanaged

risktakingwhereitislikelytoleadtosustainableimprovementsinservicedelivery.Moreeffective

riskmanagementwillimprovethepublicsector'sabilitytoundertaketheincreasinglycomplexand

cross-cuttingprojectsthataredemandedbytheModernisationagenda.Publicsectororganisations

needtohaveinplacetheskills,managementstructuresandorganisationalstructurestotake

advantageofpotentialopportunitiestoperformbetterandtoreducethepossibilityoffailure.

Thekeyareasthathavetobeaddressedare:

?theneedfora'riskowner'atseniorlevel,foranactivity(strategy,programmeorproject).

Heorsheissupportedbyriskownersateverydayworkinglevelsasappropriateforthe

activityandriskexposure

?theneedforimprovedreportingandupwardreferralofmajorproblems

?opportunitiesandthepotentialresolutionapproaches

theneedforsharedunderstandingofriskmanagementatalllevelsintheorganisationand

withpartners,combinedwithconsistenttreatmentofrisk

managingprojectriskinthewidercontextofprogrammesofchangeandthebusiness.

Meetingtheneedsofcorporategovernance

Corporategovernanceistheongoingactivityofmaintainingasoundsystemofinternalcontrolto

safeguardshareholders'investmentandthecompany'sassets.

TheTurnbullReportstatesthat:

'acompany/sobjectives,itsinternalorganisationandtheenvironmentwhichitoperatesinare

continuallyevolvingandasaresulttherisksitfacesarecontinuallychanging.Asoundsystemof

controlthereforedependsonathoroughandregularevaluationofthenatureandextentoftherisks

towhichthecompanyisexposed.Sinceprofits[orbusinessresults]areinparttherewardfor

successfulrisktakinginbusiness,thepurposeofinternalcontrolistohelpmanageandcontrolrisk

ratherthaneliminateit.'

Corporategovernanceframeworksmustensurethatmanagementisheldaccountablefora

corporation'sperformanceandthatownersareabletomonitorandinterveneintheoperationsof

management.

Theseprinciplesapplyequallytothepublicandprivatesectors.Whereascorporationsfocusmainly

onshareholderreturnsandthepreservationofshareholders'value,thepublicsector'sroleisto

implementprogrammescosteffectivelyinaccordancewithGovernmentlegislationandpolicies.

Policyonmanagementofrisktosupportcorporate

governance

Tosupportcorporategovernance,thereneedstobeariskmanagementpolicyinplace.Thispolicy

should:

?beappropriateforthesizeandnatureofyourorganisation,itsbusinessandoperating

environment

?beclearabouttheroles(and,ifpossible,individuals)thatareresponsibleforrisk

?beclearaboutescalationcriteriainrelationtoriskmanagement(i.e.zwhentoreferdecision

makingupwards)

?ensurethatprocesses,andthecuIture/infrastructure,toidentifyandmanageriskareputin

place;theseprocessesmustberepeatable

setupthemechanismformonitoringthesuccessoftheapplicationofthepolicy(including

reportstomanagement,atleastannually)

?ensurethatinternalcontrolmechanismsareinplaceforindependentassessmentthatthe

policyisimplemented(andchecked).

2.2Whatisatriskandwhy?

Relatingmanagementofrisktosafety,securityandbusiness

continuity

Managementofriskshouldbecarriedoutinthewidercontextofsafetyconcerns,securityand

businesscontinuity.

?Healthandsafetypolicyandpracticeisconcernedwithensuringthattheworkplaceisa

safeenvironment.

?Securityisconcernedwithprotectingtheorganisation'sassets,includinginformation,

buildingsandsoon.

?Businesscontinuityisconcernedwithensuringthattheorganisationcouldcontinueto

operateintheeventofadisaster;suchaslossofaservice,floodorfiredamage.

Figure1:Reasonsforariskmanagementprocess

Reducingriskinlargescaleprojects

Experiencehasshownthatprogrammesandprojectsattemptingalargescale,comprehensive

businesschangearelesslikelytobesuccessfulthanthosetakingalessambitious,step-by-step

approach.Althoughthelatterincreasesmanagementactivity,witheachoftheelementsneedingto

becontrolledandcoordinated,theadvantagesarethatactivitiesare:

?easiertomanage

?simplertoimplementwithinthebusinessenvironment

?easiertoacceptformallyas,typically,thespecificationiseasiertodocumentandthus

simplertoverifythatithasbeenmet

?abletooffermoreoptionsforcontingency

?morelikelytoaccommodatefastmovingchangesintechnology,orinthepoliticalor

financialenvironment

abletooffermoredecisionpoints,allowinggreatercontroloftheproject.

2.3Decisionsaboutrisk

Decisionsaboutriskneedtobebalancedsothatthepotentialbenefitsareworthmoretothe

organisationthanitcoststoaddresstherisk.

Forexample,innovationisinherentlyriskybutcouldachievemajorbenefitsinimprovingservices.

Theabilityoftheorganisationtolimititsexposuretoriskwillalsobeofrelevance.

Youshouldaimtomakeanaccurateassessmentoftherisksinagivensituationandanalysethe

potentialbenefits.Therisksandopportunitiespresentedbyeachcourseofactionshouldbedefined

inordertoidentifyappropriateresponse.

Scopeofdecisions

Decisionsaboutriskwillvarydependingonwhethertheriskrelatestolong,mediumorshort-term

goals.

Strategicdecisionsareprimarilyconcernedwithlong-termgoals;thesesetthecontextfordecisions

atotherlevelsoftheorganisation.Therisksassociatedwithstrategicdecisionsmaynotbecome

apparentuntilwellintothefuture.Thusitisessentialtoreviewthesedecisions,andassociatedrisks,

onaregularbasis.

Medium-termgoalsareusuallyaddressedthroughprogrammesandprojectstobringaboutbusiness

change.Decisionsrelatingtomedium-termgoalsarenarrowerinscopethanstrategicones,

particularlyintermsoftimeframeandfinancialresponsibilities.

Therearealsoconsiderationsaboutwhatcanrealisticallybeachievedinonechangeinitiative.

Deliveryofeachofthecomponentsofachangeinitiative(whetheraprogramme,projectorstage)

mustprovidesomedirectbenefittotheorganisationasaresultofitsdelivery.Thiscouldbeby

delivering:

?amajorcomponenttosupport/buildtowardstheintendedoutcome-forexample,

providingatelephonehelplinefirstaspartofanewinformationserviceandthenadding

websiteservicestoexpandthefacilitiesavailabletothepublic

?theproducttopartoftheendusercommunityandthen'rollingout'totherestofthat

community-forexample,introducinganewinformationserviceintheNorth-Eastand

graduallymakingitavailablenationwide.

Whenmanaginganyprojectitisessentialtoensuremajordecisionsaremadeappropriately.A

projectwillsupportsomebusinesschangeandsorequiresomethingtobeproducedandthenput

intouse.

0

Figure2:Mainstagesoftheprocurementprocess

2.4Whererisksoccur

Theriskmanagementprocessshouldbemostrigorouslyappliedwherecriticaldecisionsarebeing

made.

?strategicorcorporate

programme

project

operational.

Inpractice,thelevelsoverlap;however,itishelpfultoclarifytheoccurrenceofrisksattheselevels

toinformthekindofdecisionsyouarelikelytomake.

0

Figure3:Organisationalmanagementhierarchy

Itisimportanttonotethatariskmaymaterialiseinitiallyatonelevelbutsubsequentlyhaveamajor

impactatadifferentlevel.ArecentexampleisaHighStreetbankfacingtechnicalfaultsatthe

operationallevel;ultimatelycustomers'confidenceinthebank'sonlineservicebecameastrategic

risk.Thishighlightstheneedforrelevantinformationaboutriskstobesharedthroughoutthe

organisation.

Table1:Riskrelatedtoorganisationallevels

LevelExamplesoftypicalrisksconsideredatthislevel

Strategic/corporateCommercial,financial,political,environmental,directional,cultural,acquisition

andqualityrisks.Thereisafocusonbusinesssurvival,continuityandgrowth

forthefuture.Whenprogramme,projectandoperationalrisksexceedset

criteria-e.g.notacceptable,outsideagreedlimits,couldaffectstrategic

objectives,informationneedstobeescalatedtothislevelsothatappropriate

decisionscanbetaken.

ProgrammeProcurement/acquisition,funding,organisational,projects,security,safety,

qualityandbusinesscontinuityrisks.Whenprojectandoperationalrisksexceed

setcriteria一e.g.notacceptable,outsideagreedlimits,couldaffectprogramme

objectives,informationneedstobeescalatedtothislevelsothatappropriate

decisionscanbetaken.

ProjectPersonal,technical,cost,schedule,resource,operationalsupport,qualityand

providerfailure.Operationalissues/risksshouldbeconsideredatthislevelas

theyaffecttheprojectandhowitneedstoberun.Informationonstrategicand

programmerelatedrisksshouldbecommunicatedtothislevelwheretheycould

affectprojectobjectives.Projectmanagersshouldcommunicateinformationon

riskstootherprojectsandoperationsasappropriate.

OperationsPersonal,technical,cost,schedule,resource,operationalsupport,quality,

providerfailure,environmentalandinfrastructurefailure.AIIthehigherlevels

haveinputtothislevel;specificconcernsincludebusinesscontinuity

management/contingencyplanning,supportforbusinessprocessesand

customerrelations.

Additionalfactors

Additionalfactorsmayincreasethecomplexityofassessingoverallexposuretorisk.Theseinclude:

?interdependencies,orlinksbetweenprojectsand/orrelatedissues,wheretheimpactof

oneormoreriskscouldaffectothers,possiblycreatinga'domino'effect.Youshouldensure

thatanyknowninterdependenciesareidentifiedandassessedsothatappropriateaction

canbeplanned

?therelationshipbetweenbusinessbenefitsandriskstodelivery,whereachievementof

benefitsisdependentonsuccessfuldeliveryofaproject.Youshouldcontinuallycheck

whetherchangingplansaffecttheachievementofbenefits.

2.5Aframeworkformanagingrisk

Aframeworkformanagementofrisksetsthecontextinwhichriskswillbeidentified,analysed,

controlled,monitoredandreviewed.Itmustbeconsistentwithprocessesthatareembeddedin

everydaymanagementandoperationalpractices.Itaddresses:

?howrisksareidentified

?howinformationabouttheirprobabilityandpotentialimpactisobtained

?howrisksarequantified

?howoptionstodealwiththemareidentified

?howdecisionsonriskmanagementaremade,suchasfurtherriskreduction

?howthesedecisionsareimplemented

?howactionsareevaluatedfortheireffectiveness

howappropriatecommunicationmechanismsaresetupandsupported

howstakeholdersareengagedthroughouttheprocess.

2.6Riskownership

Fortheorganisation,ownershipoftheriskmanagementframeworklieswiththeAccountingOfficer

(orequivalentseniormanageratBoardlevel).Individualseniormanagersowntheprogrammeor

projectandareresponsibleforthemanagementoftheoverallriskofthatactivity.However,these

rolesdonotownalltheindividualrisks.Riskownershipmustbeclearlydefined,documentedand

agreedwiththeindividualownersatalllevels,sothattheyunderstandtheirvariousroles,

responsibilitiesandultimateaccountabilitywithregardtothemanagementofrisk.Theownerofa

riskmaynotbethepersontaskedwiththeassessmentormanagementoftherisk,butheorsheis

responsibleforensuringthemanagementofriskprocessisapplied-theremaybeseparateowners

toactuallydealwiththerisks.

Itisimportanttoidentifywhoowns:

?thesettingpolicyandtheorganisation'swillingnesstotakerisk

?themanagementofriskprocessatthedifferentlevels-thatis,strategic,programme,

project,operationallevels

?differentelementsofthemanagementofriskprocess,suchasidentifyingthreats,through

toproducingriskresponsesandreportingondecisions

?implementationoftheactualmeasurestakeninresponsetotherisks

?interdependentrisksthatcrossorganisationalboundaries,whethertheyarebusiness

processes,operationalservicesorprojects.

Forexample,foraseniormanagerwithresponsibilityforaproject,ownershipofriskcouldbe

definedasfollows:

Seniormanagersresponsibleforprojectsmustassurethemselvesthatanumberoftypesofriskare

beingtrackedanddealtwithaseffectivelyaspossible.Themechanismsinplaceformonitoringand

reportingriskwillvaryaccordingtothesizeandcomplexityoftheprojectorprogramme,ranging

fromtheuseofasimpleriskregistertotheappointmentofariskmanagerreportingdirectlytothe

seniormanager.Clearly,thedegreeofdelegationadoptedbytheseniormanagerwillvary,butheor

shemustbesurethatthecriticalissuesarebeingaddressed;forexample,throughchairingthe

projectboardorbydevelopingstrongmechanismsforreportingproblems.

Checklist:ownershipofriskandtheprocess

?Haveownersbeenallocatedforallthevariouspartsofthecompletemanagementofrisk

process?

Arethevariousrolesandresponsibilitiesassociatedwithownershipwelldefined?

?Dotheindividualswhohavebeenallocatedownershipactuallyhavetheauthorityand

capabilitytofulfiltheirresponsibilities?Forexample,suppliersmaybetaskedwithrisk

ownership.

?Havethevariousrolesandresponsibilitiesbeencommunicatedandunderstood?

?Arethenominatedownersappropriateandawareoftheirnomination?

?Isownershipreassessedonaperiodicbasis,orintheeventofachangeinthesituation;

andifnecessary,canitbequicklyandeffectivelyreallocated?

?Doallrisks,andwhereappropriatetheirmitigationactions,haveclearlyidentifiedowners?

Aretheseownersappropriate?

2.7Embeddingtheriskmanagementculture

Identifyingappropriatepolicies,standardsandpracticesisthefirststageofcreatingarisk

managementculture.Oncetheseareinplacetheyneedtobetotallyembeddedinindividuals

throughtheenactmentoftheirrolesandassociatedresponsibilities.

Awarenessofandresponsibilityforriskissuesmustbelinkedexplicitlytokeyobjectives,inorderto

buildasustainableriskmanagementculture.Thereshouldbedelegatedresponsibilityforrisksat

everylevelofobjectivesintheorganisation.Thisisthemajorsupporttoembeddingrisk

managementintotheorganisationanditsculture,withriskmanagementseenasanintrinsicpartof

thewayanorganisationworks.Asthepeopleinanorganisationchange,itisessentialtoensurea

continuingunderstandingofrolesandresponsibilitiesrelatedtomanagingrisk.

Theriskenvironmentisconstantlychangingtoo.Yourorganisation'sprioritiesandtherelative

importanceofriskswillshiftandchange.Assumptionsaboutriskhavetoberegularlyrevisitedand

reconsidered,perhapsbyannualreviewoftherisksassociatedwitheachofthekeyorganisational

objectives.

Establishingappropriatecompetenciesandbehaviours

Animportantaspectofsettingupariskcultureistoensureitisrelevanttotheorganisation.Risk

managementisamajorfacetofeffectivecorporategovernance.

Thoseresponsibleforcorporategovernanceneedtohaveknowledgeandunderstandingof:

?strategicplanning

?legalrequirements

?agreementsandcontracts

?communicationtechniquesandinformationmanagement

?staffmatters,includinghowstaffcanbemotivatedandinvolved

?educationopportunitiesandcontinualprofessionaldevelopment

?continuousimprovementand/oranalyticaltechniques

?howtheorganisationismonitoredandevaluated

?resourcemanagement,includingequalopportunitiesanddelegation.

Althoughmanagerstendtoworkinspecificareasoftheorganisation,eitherbasedontechnical

specialismorbusinessfunction,theyallneedtoidentifyandmanagerisk.Todothistheyneedtobe

ableto:

?ensurethatthesituationisproperlyscoped

?identifyandassesstherisk

?createvalidoptionsforreducingrisktoanacceptablelevel

?collectappropriateandmeaningfulinformationtoassessriskandtheoptions,andthento

monitortherisk

?usesoundreasoningwhenmakingatrade-offbetweenthecostsandbenefitsofmanaging

arisk

?makeaclearcommitmenttoaparticularcourseofaction.

Forplanning,themajorareastoconsiderare:

?decidingonthelikelihoodofaspecificeventoccurring

?prioritisingareastoaddress/actionstoinstigate.Thisrequiresunderstandingthe

implicationsoftheoptionsavailable

?assigningownershipofrisksandactions,containmentorcontingent,tobedeployedina

timelymanner

?ensuringthatcontinuityplanscancopewiththecurrentandpotentialfuturesituation,not

withhowthingswereintherecentpast.

Visibleinformationonrisk

Informationonriskanditsmanagementneedstoreachthepeoplewhohavetotakeactionormake

decisions.Thisinformationwillflowdownwardsandupwardsbetweentheorganisationallevels.

Therewillalsobesidewaysflowsacrosseachlevel,betweenprogrammesorprojects.Thevertical

flowsarethemostimportantastheyreflectlevelsofresponsibilityfordecisionmaking.

Forexample,adecisionmaybemadeatthestrategiclevelthataffectstheprogressofcurrent

programmes.Conversely,thecollectiverisksrelatingtotheprogressofcurrentprogrammesmay

haveastrategicimpact.

Theseexamplesillustratewhyrisksshouldbeidentifiedandhandledateachlevelbeforetheyare

passedupordowntothenextlevel.Goodcommunicationmechanismsareessentialtoavoidthe

followingproblems:

?inadequatecommunicationfromlowerlevels,wherepeoplehave'handson'knowledge,to

thelevelwheredecisionsaremade,leadstounrealisticexpectationsfromsenior

management

?inadequatecommunicationfromthetopdowncanmeanthatprojectsarenolonger

supportingthebusinessdirection.

Communications

Toaddresstheseproblemsyouwillneedtoensurethatappropriatecommunicationmechanisms

existandareadopted.Yourorganisationshould:

?ensurethereissufficientcommunicationtokeystakeholders,whetherinternalorexternal,

tosupporttheirneeds

?ensurethatpeopleareaware,informedandunderstandtheirpartinmanagingrisk

?considerwhetherthereisaneedtoimproveinternalcommunications

?considertrainingneedsandhowthesecanbemetadequately

?ensurepeoplehavetherightinformationattherighttimetofulfiltheirresponsibilities(and

howtorecogniseifthisdoesnothappen).

Ensuringthatyourcontrolsareadequate

Theremustbeadequatecontrolmechanismstomeettheneedsofcorporategovernance.Thesewill

bedescribedintheriskpolicyandimplementedthroughtheriskmanagementframework.Specific

controlswillbeintroducedacrosstheorganisationtocopewithcertaincircumstances,suchas

throughtheuseofprogrammeandprojectmanagement.

Onceanappropriatesetofcontrolsisadopted,anindependentauditwillcheckthattheyareinplace,

adequateandinuse.

2.8Budgets

Themanagementofriskprocessmustbeembeddedintheorganisation,ratherthanbeingtacked

onasanafterthought.Th

溫馨提示

  • 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
  • 4. 未經(jīng)權益所有人同意不得將文件中的內容挪作商業(yè)或盈利用途。
  • 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內容本身不做任何修改或編輯,并不能對任何下載內容負責。
  • 6. 下載文件中如有侵權或不適當內容,請與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。

評論

0/150

提交評論