ATTENTION: This page is intended to be viewed online and may not be printed or copied.
Annex A
(informative)
A.6 Leadership
A.6.1 Management Commitment
The top management of the organization (such as the managing director or chief executive) should demonstrate commitment and resolve to implement the ORMS in the organization. Without top management commitment, no management system can succeed. Top management should demonstrate to its internal and external stakeholders a visible commitment to managing risks and promoting a culture facilitating good business management and enhanced resilience. To initiate and sustain the ORMS effort, top management should communicate to all persons working on behalf of the organization the importance of:
-
Making organizational and individual competence inherent in everything the organization does;
-
Emphasizing that respect for laws, regulations and contractual obligations and voluntary commitments is an integral component of ORMS;
-
Integrating ORMS throughout the organization; and
-
Looking at problems as opportunities for improvement.
The top management should provide evidence of its commitment to the development and implementation of the ORMS and continually improve its effectiveness by:
-
Communicating to the organization the importance of meeting the requirements of this Standard;
-
Setting and communicating the policy and risk criteria;
-
Validating risk appetite and the outcomes of the risk assessment process are within set levels of risk tolerance;
-
Ensuring that ORMS objectives are established at all levels and functions;
-
Appointing one or more individuals within the organization to be responsible for the management system;
-
Ensuring that the responsibilities and authorities for relevant management system roles are assigned and communicated within the organization;
-
Allocating appropriate resources for the management system;
-
Demonstrating commitment to the management system and risk minimization;
-
Promoting awareness of risk and ORMS requirements throughout the organization;
-
Leading by example; and
-
Participating in reviews and driving the continual improvement process.
It is essential that top management of the organization sponsors, provides the necessary resources, and takes responsibility for creating, maintaining, testing, and implementing a comprehensive ORMS. This will insure that management and staff at all levels within the organization understand that the ORMS is a critical top management priority and are empowered to support risk and business decision-making processes. It is equally essential that top management engage a “top down” approach to the ORMS so that management at all levels of the organization understand accountability for system maintenance as part of the overall governance priorities.
A.6.2 ORMS Policy
The ORMS policy is the driver for implementing and improving an organization’s ORMS. This policy should therefore reflect the commitment of top management to:
-
The sanctity of human life and safety as a top priority;
-
The pursuit of opportunities;
-
Avoid, prevent, and reduce the likelihood and consequences of undesirable and disruptive events;
-
Comply with applicable legal, regulatory, contractual and voluntary commitments and other requirements;
-
Respect human rights (including commitments to social responsibility and minimizing the organization’s adverse impacts on stakeholders, the environment and the community); and
-
Continual improvement.
The ORMS policy is the framework that forms the basis upon which the organization sets its objectives and targets. The ORMS policy should be sufficiently clear to be capable of being understood by internal and external stakeholders and should be periodically reviewed and revised to reflect changing conditions and information. Its area of application (i.e., scope) should be clearly identifiable and should reflect the unique nature, scale, and impacts of the risks of its activities, functions, products, and services.
The ORMS policy should be communicated to all persons who work for or on behalf of the organization, including its clients, customers, supply chain partners, subcontractors, and relevant members of the local community. Communication to subcontractors and other external parties can be in alternative forms to the policy statement itself, such as rules, directives, and procedures. The organization’s ORMS policy should be defined and documented by its top management within the context of the ORMS policy of any broader corporate body of which it is a part and with the endorsement of that body.
A ORMS planning team – including senior leaders from all major organizational functions and support groups – should be appointed to ensure wide-spread acceptance of the ORMS.
A.6.3 Resources, Roles, Responsibilities, and Authorities
The resources needed for the ORMS should be identified. These include human resources and specialized skills, equipment, internal infrastructure, technology, information, intelligence, and financial resources. Top management should ensure the availability of resources essential for the establishment, implementation, control, testing, and maintenance of the ORMS.
The management system is implemented by people within the organization. One or more qualified persons should be appointed and empowered to implement, test or exercise, and maintain the ORMS. Top management should conduct its own periodic reviews and audits of the overall ORMS. A ORMS planning team, including senior leaders from all major organizational functions and support groups, may be appointed to ensure wide-spread acceptance of the ORMS.
Next: Annex A - Planning