Recommendations for the development of a risk management standard. National risk management standards and principles of their functioning

Standards COSO and FERMA. In the document “Risk Management of Organizations. Integrated model”, developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO), provides the basis for the development of concepts for building an RMS and recommendations for the implementation of a rational procedure for its creation.

However, domestic non-profit organization RusRisk also recommends the risk management standard of the Federation of European Risk Managers Associations (FERMA), created in 2002 by the Institute for Risk Management (IRM), the Association risk management and insurance (AIRMIC) and the National Forum on Risk Management in the Public Sector.

On fig. Figures 5.2 and 5.3 present the risk management processes in the COSO and FERMA standards.

Rice. 5.2.

Rice. 5.3.

The FERMA standard is based on the terminology of the International Organization for Standardization (ISO/IEC Guide 73:2002 "Risk management. Terms and definitions"). So, unlike the standards of individual countries, the FERMA standard defines risk as “a combination of the likelihood of an event and its consequences”, which is a limitation of the document. At the same time, RMS in the FERMA standard is placed at the center of the strategy management system, and strategic, operational and financial risks and hazards are called the most important.

The FERMA standard also contains:

• ? a concise description of the main elements of the risk management procedure, taking into account the dependence of the content of information on the type of its recipient;
• ? a list of organizational units involved in the work of the RMS, and the main requirements for the formation of documentation accompanying risk management.

It is advisable to use the FERMA standard in corporations that are more involved in production area, or, in economic terms, in the real sector of the economy.

• ? risk is a combination of the likelihood of an event and its consequences;
• ? reliance on systems approach;
• ? optimization of risk management procedures based on the analysis of business processes, content, favorable and unfavorable factors;
• ? efficient management of capital and resources;
• ? lowering the level of uncertainty of the influence of factors;
• ? observance of the interests of owners and improvement of the image of the organization;
• ? professional development of employees and creation of an organizational knowledge base;
• ? optimization of business processes.

COSO standards are intended to a greater extent for application in corporate structures that are actively involved in exchange trading.

In accordance with this standard, the RMS is based on the following provisions:

• ? assessment of risk appetite, due to the strategic goals of the organization;
• ? improving procedures for the formation of adequate actions in relation to risks;
• ? lowering the level of uncertainty of the environment;
• ? identification of the maximum list of risks and impact on them;
• ? identification of favorable factors and realization of the given chances;
• ? effective capital management.

Comparison of the evolution of the content of standards (eg Australian, American) shows their gradual transition to a more generalized form, highlighting the key stages of the risk management process. In addition, the development of risk management standards, including their modernization and addition in individual countries, indicates that these processes cannot end, as the business context is constantly changing and new dangers, threats and risks arise.

New international standards. The development of international standards continues. The uniformity of terms is provided by ISO/IEC Guide 73:2002 “Risk management. Terms and definitions” (ISO/IEC Guide 73 “Risk Management Vocabulary Guidelines for use in standards”), published in 2002.

In 2009, the International Organization for Standardization published ISO 31000 “Risk Management. Principles and guidelines on implementation" (Risk Management. Principles and guidelines on implementation). There are also standards for certain types activities (oil and gas, production of medical equipment, etc.).

The ISO 31000 standard was developed on the basis of the already mentioned Australian-New Zealand standard. The risk management process in the ISO standard is shown in fig. 5.4. As follows from Fig. 5.1 and 5.4, the risk management process diagrams in the ISO standard and the Australian/New Zealand standard are very similar. However, in addition to differences in the interpretation of elements similar in name, the ISO standard is characterized by the simultaneous implementation of the processes of identification, analysis and risk assessment, which is not provided for in the Australian-New Zealand standard.

Establishing a context involves an analysis of the external and internal environment organizations, namely:

• ? establishing an external context - assessing links with external environment and external threats;
• ? establishing an internal context - determining the elements of a system representing an organization, internal relations, resource support, target and strategic settings;
• ? setting the context of risk management - highlighting the processes that RMS can affect;
• ? identification of risk criteria that determine the need to influence it and which may belong to the sphere of business organization, technology, law, economics, social and environmental issues etc., reflect the attitude of the persons involved to the risk, the provisions of regulatory

Rice. 5.4.

comrade Such criteria, in particular, include the results of assessing the implementation of risk factors;

Description of the risk management system to be processed by departments.

During the risk assessment, the following processes are also implemented in parallel:

• ? risk identification - probable sources of risk factors are established and the results of their implementation are evaluated;
• ? risk analysis - the probabilities and results of the implementation of risk factors are established. Can be carried out qualitative or quantitative analysis or analysis using combined methods;
• ? risk assessment - based on the results of risk analysis, the risk assessment process identifies the risk that can be affected.

• ? risk treatment - a rational procedure for influencing the risk is selected, an action plan is drawn up and implemented, the residual risk is assessed and described. When planning processing, the following are determined: the content of the impact procedure and the required resources, the distribution of rights and obligations, the effectiveness of the procedure, the content reporting documentation and monitoring technology;
• ? monitoring and review - continuous documentation of all activities and their consequences.

The integrated risk management procedure consists of several elements.

• 1. Planning the risk management procedure. This procedure management should be integrated into the organization's policy, strategy, asset and liability management, investment management, audit, anti-crime technologies, etc.
• 2. Formation of risk management policy. The policy should be documented and contain a description of: target settings and management technology, correlation between the content of the policy and strategies, procedures for influencing risk, procedures for assisting persons involved in risk management, procedures for measuring and documenting the management process, procedures for periodically measuring RMS, top management functions in relation to the management process.

Unlike the COSO concept, where risk management is presented as a process aimed at identifying events and managing the risk associated with them, in ISO standards, risk management is a coordinated action to manage and control an organization based on risk. Accordingly, the risk management process is the systematic application of management policies, procedures and practices to the activities of communicating, consulting, contextualizing and identifying, analyzing, evaluating, influencing, monitoring and reviewing risk.

The RMS model described in the standard (Figure 5.5) is designed to improve the efficiency of organization management.

The appendices to the standard state:

• ? the need for continuous improvement of management and communication processes;
• ? the importance of establishing responsibility, control and practical implementation of risk management procedures;
• ? the leading role of risk management in the structure of the organization.

Risk management as a management technology over the past 10-15 years has been experiencing a period of its active development abroad and in Russia. Of particular importance is the issue of developing a common understanding of the purpose and objectives of the risk management system, the terminology used, the organizational structure and the risk management process itself, adapted to modern Russian conditions. World practice offers one of the universal approaches to solving this problem - unification and standardization in the field of risk management.

According to the definition of the International Organization for Standardization (ISO - ISO), a standard is a normative document that is developed on the basis of consensus, adopted by a body recognized at the appropriate level and establishes rules for general and repeated use, general principles and characteristics relating to various activities or their results, and which aims to achieve an optimal degree of order in a particular area. Standards should be based on the generalized results of science, technology and practical experience and aimed at achieving optimal benefits for society

In recent years, there has been a clear tendency to replicate in a number of countries, including Russia, risk management standards developed for the first time 10–15 years ago and relating mainly to man-made dangerous factors. These include GOST 27.310-95 “Analysis of the types, consequences and criticality of failures”, GOST R 51901-2002 “Reliability management. Risk analysis of technological systems”, GOST R 51897‑2002 “Risk management. Terms and definitions”, as well as GOST s ISO / TO 12100-1 and 2 - 2002 “Equipment safety. Basic concepts, general principles of design” and others.

GOST R 51901.2-2005 Risk management. Reliability management systems,

GOST R 51901.13-2005 Risk management. Fault tree analysis and a number of others Within 5-6 years, 8 risk management standards were developed, and this work is far from being completed. In 2009, a new standard was prepared and adopted in August 2010 - ISO 31000 "General guidelines for the principles and implementation of risk management".

Increased attention on the part of consultants in the field of risk management operating in the Russian market is given to the document “Risk Management of Organizations. Integrated Model” developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO)

The Russian Risk Management Society, in addition to the COSO recommendations, considers the Federation of European Risk Managers Associations (FERMA) Risk Management Standard, which is a joint development of the Institute for Risk Management (IRM), the Association for Risk Management and Insurance (AIRMIC) and the National Forum for Risk Management in the Public Sector (ALARM) (2002).

In addition to international risk management standards, there are also national risk management standards adopted in states with Anglo-Saxon law (Australia, New Zealand, Japan, Great Britain, South Africa, Canada).

Rice. 3 - History of risk management standardization.

Simultaneously with the national management standards, numerous requirements of regulators to build and improve the risk management process of companies related to industry specifics appeared. Among the industry risk management standards, the most well-known are the standards affecting the activities of insurance companies, reinsurance companies (Solvency, Solvency II) and banks (Basel, Basel II, Basel III).

Risk management standards provide for the unification of:

The terminology used in this area;

Components of the risk management process;

Approaches to building the organizational structure of risk management.

However, despite the unification carried out within each risk management standard, the terminology is unified, the methods and goals of risk management differ in different standards. On Fig. 3 presents national and international standards, the terminology of which is minimally different. When trying to combine different standards, confusion is possible, since the definition basic terms are different in them.

Standard “Risk Management of Organizations. Integrated Model” developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO). This document provides a conceptual framework for enterprise risk management and provides detailed guidance on how to establish an enterprise risk management system within an organization.

The organization's risk management process as interpreted by COSO consists of eight interconnected components:

1) definition of the internal environment;

2) goal setting;

3) determination (identification) of risk events;

4) risk assessment;

5) risk response;

6) controls;

7) information and communications;

8) monitoring.

Thus, in relation to the definition of the components of the risk management process, the document under consideration follows the understanding of the process already established in the risk management standards.

Rice. 4 - COSO CUBE.

In world practice, the standard, called the “COSO Cube” (Fig. 4), establishes the relationship between the goals of the organization (strategic, operational goals, reporting and compliance with the law), the organizational structure of the company (levels of the company, division, economic unit, subsidiary) and already identified components of the risk management process.

1. Indoor environment

Lays the foundation for an approach to risk management. Includes:

Board of Directors;

Philosophy of risk management;

risk appetite;

Honesty and ethical values;

The importance of competence;

organizational structure;

Delegation of powers and distribution of responsibility;

Personnel management standards.

2. Goal setting

Objectives must be defined before management begins to identify events that may affect their achievement.

The company's management has a properly organized process for selecting and setting goals, and these goals correspond to the mission of the organization and the level of its risk appetite.

3. Risk assessment

Risks are analyzed taking into account their likelihood of occurrence and degree of impact in order to determine what actions should be taken in relation to them.

Risks are assessed in terms of inherent and residual risk.

4. Identification of potential events

Internal and external events that affect the achievement of the objectives of the organization should be determined taking into account their separation into risks or opportunities.

Opportunities should be taken into account by management in the process of formulating strategy and setting goals.

5. Risk response

Management chooses a risk response method:

Evasion;

Adoption;

decline;

Broadcast.

The developed measures make it possible to bring the identified risk in line with the acceptable level of risk and the risk appetite of the organization.

6. Control procedures

Policies and procedures are designed and established in such a way as to provide “reasonable” assurance that the response to emerging risk is effective and timely.

7. Information and communication

Necessary information defined, recorded and communicated in a form and timeframe that enables employees to perform their duties.

Effective exchange of information within the organization vertically and horizontally.

8. Monitoring

The organization's entire risk management process is monitored and adjusted as necessary.

Monitoring is carried out as part of ongoing management activities or through periodic evaluations.

The Federation of European Risk Management Associations (FERMA) risk management standard is a joint development of the Institute for Risk Management (IRM), the Association for Risk Management and Insurance (AIRMIC) and the National Forum for Risk Management in the Public Sector (ALARM) (2002).

Unlike the COSO ERM Standard discussed above, in terms of the terminology used, this standard adheres to the approach adopted in the documents of the International Organization for Standardization (ISO / IEC Guide 73 Risk Management - Vocabulary - Guidelines for use in standards). In particular, risk is defined by the standard as “a combination of the probability of an event and its consequences” (Fig. 4).

Rice. 5 - Risk management process according to FERMA standards.

Risk management is seen as central part strategic management of an organization whose task is to identify risks and manage them. At the same time, it is noted that risk management as one system risk management should include a program for monitoring the implementation of tasks, an assessment of the effectiveness of ongoing activities, as well as a reward system at all levels of the organization.

In accordance with the FERMA Standard, four groups of organizational risks are distinguished: strategic, operational and financial, as well as hazard risks.

In addition, the document contains:

1. a brief description of key stages of the risk management process, within which attention is drawn to detailed description requirements for detailing information in risk reports depending on the consumer of this information (among the consumers of internal reports are the board of directors of the company, its separate structural unit, a specific employee of the organization; external reports - external counterparties of the organization). In particular, a company risk report to external users of information should include a description of:

system methods internal control, namely, the characteristics of the areas of responsibility of the organization's management in matters of risk management;

Ways to identify risks and their practical application in the current system organization risk management;

The main instruments of the internal control system in relation to the most significant risks;

Existing risk monitoring and tracking mechanisms.

2. Description of the organizational structure of risk management (board of directors - structural unit - risk manager), as well as the main requirements for the development of regulatory documents in the field of risk management at the corporate level (Organizational Risk Management Program).

The appendix to the standard gives examples of risk analysis methods and technologies used in practice. Experts recognize the Australian and New Zealand Risk Management Standard as one of the most complete and elaborated national standards in the field of risk management. The AS/NZS 4360 standard has a general (non-industry) character; its main provisions have been adapted for building risk management systems by a number of transnational companies.

Rice. 6 - Risk Management Process, AS/NZS 4360

According to AS/NZS 4360, risk management at the company level is a combination of five successive stages and two end-to-end processes (Fig. 6). At the same time, risk management in the standard is understood as “a set of culture, processes and structures focused on the use of potential opportunities while managing negative impacts”.

Stage 1. Definition of the environment (environment)

Among the factors that determine the need for analysis and identification of the internal environment of the company, the following should be highlighted:

Risk management should be carried out in the context of the defined goals and objectives of the organization;

One of the main risks of the company is the occurrence of obstacles in the process of achieving the set strategic, operational, project and other goals;

A clear formulation of the principles of the company's organizational policy and goals will help determine the main directions of corporate policy in the field of risk management;

The goals and objectives of the company by business segments, as well as the targets formed during the implementation of individual corporate projects, should be considered in accordance with the goals of the company as a whole. Within the framework of the risk management stage under consideration, a range of target performance indicators is also determined, a list of elements of the company's strategy, parameters of its functioning, which will be influenced by risk management processes, is made, and a balance of possible costs and benefits is ensured (the so-called risk management environment identification stage). Required resources and accounting procedures should also be determined.

Stage 2. Risk identification

At this stage, the risks due to the characteristics of the external and internal environment analyzed in the previous stage should be identified: all possible sources of risk are considered, as well as the available information on the perception of risk (risk awareness) by stakeholders, both internal to the organization and external . Special requirements are imposed on the quality of information (the highest possible level of relevance, completeness, accuracy and temporal correspondence with the resources available to obtain it) and its sources. It is important that the personnel involved in risk identification have full knowledge of the processes or activities that are being analyzed. The latter necessitates the participation in this process of special working groups composed of experts of various profiles.

Stage 3. Risk analysis

The result of passing the stage under consideration is the determination of the level of risk, reflecting the assessment of the consequences and probability of risk events. Use quantitative and qualitative analysis. Value and Significance qualitative analysis significantly increase if the definition of risk is formed by a wide range of stakeholders.

Stage 4. Risk assessment

The task of this stage is to make a decision on the acceptability / inadmissibility of the risk (with regard to the acceptable risk, the risk treatment procedures provided for in stage 5 of the considered risk management process are not applied).

Risk assessment involves the study of the levels of control of a risk event, the costs of implementing an impact, the potential costs and benefits associated with a risk event. The results of the work of experts at this stage may require a revision of the risk criteria established at the first stage of the process (thus, the task of ensuring that all significant risks fall into the scope of analysis is solved).

Stage 5. Risk treatment

At this stage, work is carried out with assessed and ranked risks, in respect of which a decision has been made on their unacceptability / inadmissibility for the company in accordance with the criteria defined on initial stages the risk management process under consideration. Alternative risk treatment options:

Avoidance of risk, carried out either by terminating activities associated with an unacceptable level of risk for the company, or by choosing other, more acceptable lines of activity that meet the objectives of the organization, or by choosing an alternative, less risky methodology in relation to the organization of the process or line of activity under consideration.

Reducing the likelihood of a risk event and (or) possible consequences implementation; it is important to consider that a balance must be found between the level of risk and the costs associated with reducing the risk to a given level. When the developed approaches to reduce risk are categorized as justified, while having high implementation costs, necessary costs require budgeting. The procedures recommended under this alternative are: control; process improvement; training and staff development; audit and determination of compliance with established rules.

Sharing risk with third parties. It should be borne in mind that the transferor faces a new risk associated with the inability of the organization that accepted the risk to effectively manage it.

Risk retention. This alternative applies to residual as well as unidentified risks.

Conclusion

Despite the differences in the goals and methods of risk management, each standard states the need for the continuity of risk monitoring and control processes.

Risk assessment is an integral part of risk management, which provides a structured process that aims to identify which organizational objectives may be affected by risks. Risk assessment is used to analyze risks in terms of consequences and their likelihood, before an organization decides on further action, if required.

Risk assessment provides decision makers and responsible parties with a clear understanding of the risks that may affect the achievement of objectives, as well as information on the adequacy and effectiveness of controls. The standard provides a basis for deciding on the most appropriate approach and will be used to make decisions for specific risks as well as to choose between different options.

The choice of a certain standard as the main one for an enterprise is a serious task, sometimes an organization uses several standards at the same time, which leads to uncertainties in risk management processes. The choice of a risk management standard or its balanced extension requires a detailed understanding of the requirements of each standard and how they are applied (implemented) in practice, and also depends on the level of maturity of both the risk management processes and the organization's information technology management processes.

List of used literature.

1. GOST 1.1-2002 “Interstate standardization system. Terms and Definitions".

2. GOST R 51897 – 2002 “Risk management. Terms and Definitions".

3. Organizational risk management. integrated model. Summary of COSO, 2004.

4. Organizational risk management. Integrated Model // Risk Management, Nos. 5–6, 7–8, 9–10, 11–12, 2007; 1–2, 2008.

5. Risk Management Standards of the Federation of European Associations of Risk Managers, 2003.

6. I. Philopoulos. Policy making and institutional framework for risk assessment in the EU. Recommendations for establishing a risk assessment system in the country.

7. AS/NZS 4360:2004 - Risk Management, issued by Standards Australia.121

8. CSA (1997) Risk Management: Guideline for Decision-Makers - A National Standard of Canada / Canadian Standards Association (1997 reaffirmed 2002) CAN/CSA-Q850-97.

9. Draft International Standard ISO/DIS 31000 "Risk management - Principles and guidelines on implementation", ISO, 2008.

10. Kevin W. Knight Risk Management – ​​a journey, no destination. January, 2006.

11. Kevin W. Knight. Risk Management: an integral component of corporate governance and good management. ISO Bulletin, October 2003.

12. Marc Saner. Information Brief on International Risk Management Standards. Institute On Governance, Canada, November 30, 2005.

13. Enterprise Risk Management - Integrated Framework Executive Summary.-Committee of Sponsoring Organization of the Treadway Commission (COSO), 2004.

14. GOST R 51898-2002 Safety aspects. Rules for inclusion in standards.

Similar information.

Currently, Russia has a huge number of state standards, of which only a small proportion, less than 1% are standards related to entrepreneurial risks, and in fact it is this species risk is extremely important for any business entity. The world practice of risk management considers the standard to be a model worth striving for. There are few standards in the field of risk management. At the same time, the roots of the existing Russian risk management standards, as well as a huge number of recommended industry practices, come from abroad, laying the foundation for the principles of foreign reality.

For general idea about risk management standards, you need to familiarize yourself with some of them: the FERMA standard, some of the postulates of the Sarbanes-Oxley Act, the COSO II standard and the South African standard - KING II.

The FERMA risk management standard was developed jointly by The Institute of Risk Management in the UK, The Association of Insurance and Risk Management and The National Forum for Risk Management in the Public Sector (The National Forum for Risk Management in the Public Sector) and adopted in 2002. The scheme laid down in the document serves as the basis for the implementation of the risk management system. These risk management standards contain: definition of risk, risk management, explanation of internal and external factors risks, risk management processes, risk assessment procedures, risk analysis methods and technologies, risk management activities, as well as the responsibilities of the risk manager. According to this document, risk is considered as a combination of probability and its event, and risk management is considered as a central part of the strategic management of an organization. For example, the main functions of a risk specialist, according to the FERMA standard, are the development and implementation of a risk management program, coordination of interaction between various structural divisions organization, development of programs to reduce unplanned losses and organization of measures to maintain the continuity of business processes. The main idea of ​​this standard is that the adoption of the standard is necessary to reach agreement on the terminology used, the process of practical application of risk management, the organizational structure of risk management, and the goals of risk management. It is especially important to understand that risk management is not just a tool for commercial and public organizations, but a guide for any action (both in the short and long term).

One of the few legally approved standards in the field of risk management is the Sarbanes-Oxley Act. This law deals primarily with issues of internal control and the reliability of financial statements, and also indirectly regulates the risk management process. The law does not provide guidance on the development of specific financial control procedures. The standard proposes the analysis of incoming data on the progress of processes and the verification of compliance through an audit.

In 2001, the Committee of Sponsoring Organizations of the Treadway Commission (COSO), together with PriceWaterHouseCoopers, initiated a project to develop the principles of risk management (Enterprise Risk Management - Integrated Framework). In accordance with the developed principles, risk management is a process that covers all the activities of an enterprise, in which employees are involved in various levels management; a tool to achieve the set strategic goals; risk identification and management technology; a way to insure the activities of the enterprise against possible errors of management or the board of directors.

The South African standard "KING II" is a collection of standard solutions in the practice of risk management, is constantly updated and serves as a training manual for risk managers. This standard does not focus on certain specific business and corporate governance, but, at the same time, the ideology of the process and the desired stages are clearly expressed. Thus, careful adaptation of procedures to the specifics of a particular company can lead to the desired result.

I must say that most of the analyzed standards - "COSO II", "FERMA" - operate on the basis of the agreement of their participants. One of the few statutory standards for risk management is the Sarbanes-Oxley Act. But even this law does not guarantee the success of actions and procedures.

However, the existing foreign standards for building a risk management system, as practice shows, are poorly applicable in the Russian reality, or are partially applicable. Therefore, in Russian Federation on the basis of foreign ones, their own standards in the field of risk management were developed, which we will dwell on in more detail.

The standards of the 51901 series “Risk Management” provide general guidelines for the application of risk management in an enterprise, contain a methodology for using various methods on risk assessment, taking into account the specifics of the application of a particular method in assessing individual economic risks. So, GOST R 51901.1-2002 “Risk management. Risk Analysis of Technological Systems” establishes guidelines for the selection and implementation of risk analysis methods, mainly for assessing the risks of technological systems; GOST R 51901.2-2005 “Risk management. Reliability management systems” describes the concepts and principles of the reliability management system, defines the main processes of this system (planning, resource sharing, management and adaptation processes) and reliability tasks at the stages life cycle products related to planning, design, measurement, analysis and improvement; GOST R 51901.3-2007 “Risk management. Guidelines for Reliability Management” establishes guidelines for the management of reliability in the design, development, evaluation of products and process improvement; GOST R 51901.4-2005 “Risk management. Guidelines for use in design" establishes general provisions risk management in design, its sub-processes and influencing factors; GOST R 51901.5-2005 “Risk management. Guidelines for the Application of Reliability Analysis Methods” contains a brief overview of commonly used reliability analysis methods, descriptions of the main methods and their advantages and disadvantages, input data and other conditions of use; GOST R 51901.6-2005 “Risk management. Reliability Improvement Program” establishes requirements and makes recommendations for eliminating weaknesses from hardware objects and software in order to improve reliability; GOST R 51901.10-2009 “Risk management. Fire risk management procedures at the enterprise” contains the main provisions of fire risk management and establishes the basic principles for the analysis and interpretation of fire risk; GOST R 51901.11-2005 “Risk management. Research of danger and working capacity. Application Guidance provides guidance on hazard and system operability investigations using the set of guide words defined in this International Standard, and provides guidance on the application of the HAZOP investigation method and procedures, including the definition, preparation, examination and final documentation; GOST R 51901.12-2007 “Risk management. Failure Modes and Consequences Analysis Method” establishes methods for analyzing failure modes and consequences of failure modes, consequences and criticality and gives recommendations for their application; GOST R 51901.13-2005 “Risk management. Fault tree analysis” establishes a fault tree analysis method and contains guidance on its application; GOST R 51901.14-2007 “Risk management. Structural scheme Reliability and Boolean Methods” describes methods for constructing a system reliability model and using this model to calculate its reliability and readiness indicators; GOST R 51901.15-2005 “Risk management. Application of Markov methods” establishes guidelines for the application of Markov methods for reliability analysis; GOST R 51901.16-2005 “Risk management. Increasing reliability. Statistical Criteria and Evaluation Methods” describes models and quantitative methods reliability improvement estimates based on system failure data obtained in accordance with the reliability improvement program. These procedures allow you to determine point estimates, confidence intervals, and test hypotheses for system reliability enhancement characteristics.

Thus, the standards of the 51901 series “Risk Management” describe in detail the use of various methods and approaches to assessing and analyzing risks, aimed specifically at their practical implementation and use in the enterprise. For clarity, many standards consider practical examples.

The risk management standards of the IEC, ISO series are based on the translation of international standards developed by the International Electrotechnical Commission, international organization according to ISO standardization. The main objects of ISO standardization are represented by industries: mechanical engineering, chemistry, ores and metals, information technology, construction, medicine and healthcare, environment, quality assurance systems. IEC standards more specific than ISO standards and more suitable for direct application. Great importance IEC attaches to the development of safety standards - main goal standardization in the field of security is the search for protection against various types of danger.

IEC activities include: traumatic hazard, electric shock hazard, explosion hazard, equipment radiation hazard, incl. and from ionizing radiation, biological hazard, etc. For example, GOST R IEC 62305-1-2010 “Risk management. Lightning protection. Part 1. General principles” establishes the general principles of lightning protection of buildings, structures and their parts, including the people in them, engineering networks related to the building (structure) and other objects; GOST R ISO 17776-2010 “Risk management. Guidelines for the selection of methods and tools for hazard identification and risk assessment for offshore oil and gas production installations” contains a description of the main methods recommended for hazard identification and risk assessment related to the development and operation of offshore oil and gas fields, including seismic exploration, topographic surveys, exploration and development drilling, field development, including provision of resources, as well as decommissioning and disposal of related equipment; GOST R ISO 17666-2006 “Risk management. Space systems» establishes principles and requirements for integrated risk management for space project, on the basis of which the implementation of the integrated enterprise policy into the risk management system is carried out during the implementation of the project by each project participant at all levels (consumer, first-level supplier, suppliers lower level); GOST R IEC 61160-2006 “Risk management. Formal Design Review provides guidance on how to perform design review procedures as a means of stimulating product and process improvement. The standard establishes guidance for planning and conducting project reviews and provides detailed description participation in the analysis of reliability specialists, maintenance, repair and maintenance.

The ISO/IEC Joint Programming Committee deals with the distribution of responsibility between the two organizations on issues related to related fields of technology, the standards developed by the committee include ISO/IEC 16085:2006 “Systems and software development. Life cycle processes. Risk management” and the identical GOST R ISO/IEC 16085-2007 “Risk management. Application in the life cycle processes of systems and software”, which establishes a risk management process for ordering, supplying, developing, operating and maintaining software.

In addition to the listed standards related to the management of economic risks, there are specialized ones that regulate the process of risk management in such areas as medicine, ecology, information technology, etc.

Nowadays, professionals have come to realize that in order to create effective system risk management needs to be developed common foundations regulatory framework organization's risk management systems. But due to the fact that there are many ways to achieve this goal, it is almost impossible to combine all areas in a single document. That is why already existing standards risk management is not meant to be normative. However, following the components of the considered standards and choosing at the same time various ways and methods, organizations will be able to achieve their goals in terms of risk management.

Literature

1.Potapkina M. Risk management standards: methods of application in Russian reality [ Electronic resource]. Access mode: www.buk.irk.ru/library/potapkina1.doc.

2. International risk management standards”. Teaching aid [Electronic resource]. Access mode: www.minzdravsoc.ru/.../Mezhdunarodnye_standardy_upravleniya_riskami.doc.

3. International standardization. ISO. IEC [Electronic resource]. Access mode: http://www.asu-tp.org/index.php?option