New ISO 31000 Risk Management Principles and Guidelines

New ISO 31000 Risk Management Principles and Guidelines

Nov 10th, 2010

The New ISO 31000 Risk Management Principles and Guidelines’ comes at the end of a four-year development period, during which up to 60 experts, representing 30 countries, worked within an ISO international technical committee.

The ISO 31000 Guidelines are designed for a wide range of risk management practitioners, experienced or novice, and for those responsible for risk management oversight who are interested in benchmarking their risk management organisation and practices against a recognized international reference.

ISO 31000 describes voluntary risk management guidelines, not a prescriptive compliance requirement. The ISO 31000 chapter headings are:

2)Terms and definitions (which really is/should be an Appendix, as discussed later),
4)Framework, and

This architecture is both robust and relatively simple to apply.

The new standard:
•can apply to any activity or domain in any organization – public or private;
•will supplement or replace a variety of independent, national risk management standards;
•provides an umbrella’ for more than 60 recognized standards and guidelines that refer to risk management (per CEN – European Committee for Standardization);

Despite being labeled as an ISO standard, ISO 31000:
is a set of guidelines;
voluntarily applicable:
it is not prescriptive, and
there is no legal requirement; and
it is not intended for certification.

ISO 31000 provides a globally applicable RM Reference Guide with:

generic three-pillar architecture (principles, framework, process); and

risk management terminology (tree-structure): ISO/IEC Guide 73;

an international consensus and provides for a continuum of improvement through the iterative process and feedback loops or opportunities for lessons learned at each stage in the process.

Furthermore ISO 31000 will provide a single global reference for stakeholders in an organization who have an interest in risk management; provides a useful communication tool about both the organizational context and scope of risk management; will facilitate risk management education and training programs.

The principles of I SO31000 addresses the issue of risk management purpose and objectives. The framework establishes the mandate and commitment at senior management and board levels. It also requires a description of the internal and external organizational contexts. The process describes the implementation of risk management at the business unit level for day-to-day activities of risk assessment and risk treatment.

ISO 31000 clearly states (when addressing the risk management framework): ‘This framework is not intended to prescribe a management system, but rather, to assist the organization to integrate risk management into its overall management system. Organizations should adapt the components of the framework to their specific needs’. Indeed, lessons have been learned from the troubled implementation of the ISO 9000 series during the early years, and problems encountered with the creation of parallel quality management systems.

Although ISO 31000 does not impose any compulsory compliance, it would be a mistake to overlook its usefulness as a generic reference. A risk management team may find it helpful to compare its own risk management framework and process to that described in ISO 31000 and to track the similarities and differences.

The ISO/IEC Guide 73 ‘Risk Management – Vocabulary – Guidelines for Use in Standards’ was first published in June 2002. Guide 73 seeks to provide a reference language for risk and risk management, and is the source of terms and definitions. It will be useful in the very next future to compare this glossary against other public Glossaries that are compliant with most international standards and seem to be more complete and detailed in many areas.

Tagged with: , , , , , , ,

Category: Consequences, Hazard, Probabilities, Risk analysis, Risk management

2 responses to “New ISO 31000 Risk Management Principles and Guidelines”

  1. […] that PIGs correspond to State of the Art, yet we do not know any Risk Management Standard (ISO, COSO, ONR) that would formally advise to use PIGs, neither we know of any standard formal […]

  2. Emily Hilton says:

    Your Blog is very nice. Wish to see much more like this. Thanks for sharing your information

Leave a Reply

Your email address will not be published. Required fields are marked *

Riskope Blog latests posts

  • New achievements in risk assessment and management
  • 2-05-2023
  • New achievements in risk assessment and management will be attained thanks to SRK Consulting merging with Riskope. Indeed, we are…
  • Read More
  • Open letter to the organizer of the tailings dam round robin exercise
  • 29-03-2023
  • Dear Ryan, please receive this open letter to the organizer of the tailings dam round robin exercise. It explains our…
  • Read More
  • Landslides risk assessment and monitoring
  • 8-03-2023
  • During the first couple decades of our professional life we worked extensively with Landslides risk assessment and monitoring in the…
  • Read More
  • Get in Touch
  • Learn more about our services by contacting us today
  • t +1 604-341-4485
  • +39 347-700-7420

Hosted and powered by WR London.