Future ISO 31000 standard on risk management
by Kevin W. Knight AM*, Chair, ISO working group on Risk Management
omewould suggest that the global financial crisis was caused by a failure of risk management rather than the failure of boards and top management to effectively manage risk. The future ISO 31000, Riskmanagement – Principles and guidelines, is expected to help industry and commerce, public and private, to confidently emerge from the crisis. This much-awaited International Standard is expected to bepublished in the third quarter of 2009. Without risk, there is no reward or progress. Unless risk is managed effectively, organizations cannot maximize opportunities and minimize threats. Risk is all aboutuncertainty, or more importantly, the effect of uncertainty on the achievement of objectives. This is where ISO 31000 is clearly different from existing guidelines in that the emphasis is shiftedfrom something happening – the event – to the effect on objectives. Every organization has objectives to achieve, and in order to achieve them, any uncertainty that could interfere with their realizationmust be effectively managed.
Applicable and adaptable to all
ISO 31000 sets out principles, a framework, and a process for the management of all forms of risk, including safety and environment,in all organizations, regardless of size. It does not mandate a one-size-fits-all approach, but emphasizes tailoring the principles and guidelines to the specific needs and structure of theorganization. Following a list of terms and definitions, the standard sets out 11 princi* Member of the General Division of the Order of Australia (AM). ISO Focus June 2009
© ISO Focus,www.iso.org/isofocus
not be an add-on, or a separate activity divorced from the mainstream management of the business.
A strategic process
The risk management process contained in ISO 31000...