New ISO 31000 Risk Management Principles and Guidelines
Nov 10th, 2010
The New ISO 31000 Risk Management Principles and Guidelines’ comes at the end of a four-year development period, during which up to 60 experts, representing 30 countries, worked within an ISO international technical committee.
The ISO 31000 Guidelines are designed for a wide range of risk management practitioners, experienced or novice, and for those responsible for risk management oversight who are interested in benchmarking their risk management organisation and practices against a recognized international reference.
ISO 31000 describes voluntary risk management guidelines, not a prescriptive compliance requirement. The ISO 31000 chapter headings are:
1)Scope,
2)Terms and definitions (which really is/should be an Appendix, as discussed later),
3)Principles,
4)Framework, and
5)Process.
This architecture is both robust and relatively simple to apply.
The new standard:
•can apply to any activity or domain in any organization – public or private;
•will supplement or replace a variety of independent, national risk management standards;
•provides an umbrella’ for more than 60 recognized standards and guidelines that refer to risk management (per CEN – European Committee for Standardization);
Despite being labeled as an ISO standard, ISO 31000:
is a set of guidelines;
voluntarily applicable:
it is not prescriptive, and
there is no legal requirement; and
it is not intended for certification.
ISO 31000 provides a globally applicable RM Reference Guide with:
generic three-pillar architecture (principles, framework, process); and
risk management terminology (tree-structure): ISO/IEC Guide 73;
an international consensus and provides for a continuum of improvement through the iterative process and feedback loops or opportunities for lessons learned at each stage in the process.
Furthermore ISO 31000 will provide a single global reference for stakeholders in an organization who have an interest in risk management; provides a useful communication tool about both the organizational context and scope of risk management; will facilitate risk management education and training programs.
The principles of I SO31000 addresses the issue of risk management purpose and objectives. The framework establishes the mandate and commitment at senior management and board levels. It also requires a description of the internal and external organizational contexts. The process describes the implementation of risk management at the business unit level for day-to-day activities of risk assessment and risk treatment.
ISO 31000 clearly states (when addressing the risk management framework): ‘This framework is not intended to prescribe a management system, but rather, to assist the organization to integrate risk management into its overall management system. Organizations should adapt the components of the framework to their specific needs’. Indeed, lessons have been learned from the troubled implementation of the ISO 9000 series during the early years, and problems encountered with the creation of parallel quality management systems.
Although ISO 31000 does not impose any compulsory compliance, it would be a mistake to overlook its usefulness as a generic reference. A risk management team may find it helpful to compare its own risk management framework and process to that described in ISO 31000 and to track the similarities and differences.
The ISO/IEC Guide 73 ‘Risk Management – Vocabulary – Guidelines for Use in Standards’ was first published in June 2002. Guide 73 seeks to provide a reference language for risk and risk management, and is the source of terms and definitions. It will be useful in the very next future to compare this glossary against other public Glossaries that are compliant with most international standards and seem to be more complete and detailed in many areas.
Tagged with: coaching, compliant, education, holistic, management, operational, risk, sustainability
Category: Consequences, Hazard, Probabilities, Risk analysis, Risk management
[…] that PIGs correspond to State of the Art, yet we do not know any Risk Management Standard (ISO, COSO, ONR) that would formally advise to use PIGs, neither we know of any standard formal […]
Your Blog is very nice. Wish to see much more like this. Thanks for sharing your information