News > New ISO standard signals Risk Management is maturing

New ISO standard signals Risk Management is maturing

Published on the 26/01/2010 | Written by Newsdesk


ISO 31000 aims to help organisations develop, implement and continuously improve their risk management framework…

In November international standards body the ISO released a new global standard, ISO 31000:2009, Risk management – Principles and guidelines, which it says will help organizations of all types and sizes to manage risk effectively.

ISO 31000 aims to provide principles, a framework, and a process for managing any form of risk in a transparent, systematic and credible manner within any scope or context.

At the same time, the ISO also published ISO Guide 73:2009, Risk management vocabulary, which complements ISO 31000 by providing a collection of terms and definitions relating to the management of risk.

“All organisations, no matter how big or small, face internal and external factors that create uncertainty on whether they will be able to achieve their objectives. The effect of this uncertainty is ‘risk’ and it is inherent in all activities,” says Kevin Knight, chair of the ISO working group that developed the standard.

“In fact, it can be argued that the global financial crisis resulted from the failure of boards and executive management to effectively manage risk. ISO 31000 is expected to help industry and commerce, public and private, to confidently emerge from the crisis.”

The new standard recommends that organizations develop, implement and continuously improve a risk management framework as an integral component of their management system.

“ISO 31000 is a practical document that seeks to assist organizations in developing their own approach to the management of risk. But this is not a standard that organizations can seek certification to,” Knight says.

“By implementing ISO 31000, organizations can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management. ISO Guide 73 will further ensure that all organizations are on the same page when talking about risk.”

PricewaterhouseCoopers partner Paul Nickels says the arrival of ISO 3100 is a sign that the discipline of business risk management is maturing.

Nickels’ advice, however, is that organisations should try to avoid getting caught up on the question of which standard they should follow.

“The first thing to do is to just get on and develop your own ‘commonsense standard’ then as that is implemented and bedded down within the organisation, look to improve on it through the use of ISO, or another similar standard,” he says.

“What we see too often is organisations pick a risk standard like ISO and going from being able to crawl one day to trying to run a standards marathon the next. It’s important to take small steps. If you’ve done some level of commonsense risk assessment then you can work out those areas of exposure which then you might do a deeper dive using one of the risk frameworks like ISO to aid you in that understanding.”

PDF and hardcopy versions of the New Zealand version of the new ISO standard, AS/NZS ISO 31000:2009, can be purchased from the standards New Zealand website:
www.standards.co.nz

Post a comment or question...

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

MORE NEWS:

© Copyright iStart Since 2001…

ERP Buyer's Guide Leaderboard 728x90

SUBSCRIBE NOW
Processing...
Thank you! Your subscription has been confirmed. You'll hear from us soon.
Follow iStart to keep up to date with the latest news and views...
ErrorHere