31000-2009 Risk Management Standard
In November 2009, the International Organization for Standardization (ISO) introduced the ISO 31000:2009 Risk Management Standard. The standard provides universally accepted guidelines about generic risk management processes. The Risk Management Standard is intended to replace the many differing standards, which stretch across industries, regions, and subjects. Including information on both the ISO Catalogue and the IEC (International Electrotechnical Commission) program of standards, the ISO 31000 Standard covers the following:
- ISO 31000 Principles and Guidelines on Implementation
- IEC 31010 Risk Management — Risk Assessment Techniques
- ISO/IEC 73 Risk Management — Vocabulary
As an informative resource for business executives, safety and risk auditors, risk analysts, line managers, individual contractors, and the many other employees and directors involved in risk management, the ISO 31000:2009 Risk Management Standard offers many individuals and teams a concise, updated, and globally standardized source of both established and proposed risk management processes. The online resource combines the ISO catalogue with the IEC program of standards under development. Users may choose to search using a single entity or a combination of entities from the following:
- Published standards
- Standards under development
- Withdrawn standards
- Projects deleted
Globally standardized, the ISO 31000:2009 Risk Management Standard assists managers and executives in pinpointing risky practices in both individual, small companies and large, global corporations. In fact, according to the ISO press release, ISO Chair Kevin W. Knight expects the ISO 31000 to “help industry and commerce, public and private, to confidently emerge from the (global financial) crisis” (http://www.iso.org/iso/pressrelease.htm?refid=Ref1266).
Built upon the basics established in the Australian/New Zealand Standard for Risk Management (est. 1995), the ISO 31000 draws from the well-established and solidly built Australian Standard while offering updated information, definitions, and standardized Risk Management ideas. Initial reviews of the ISO 31000 have been promising. Touted as a well-written standard, the layman’s terminology used transcends limitations of other standards directly written for existing Risk Management executives and professionals. Easily understood by layman and executives alike, the ISO 31000 offers companies a process-oriented manual easily utilized company-wide. However, drawbacks of the ISO 31000 Risk Management Standard include:
- Not control-oriented / does not offer practical implementation tools for Risk Managers to create reliable risk data
- Complete risk identification is not guaranteed
- No risk taxonomies, heat maps or templates provided
- Published without certification
For companies using ISO 9000 and ISO 18000 for quality management and safety, respectively, reviewers find the ISO 31000 a complementary standard to the companies’ existing ISO safety infrastructure. Companies established in other safety and management infrastructures benefit from adding Risk IT to the ISO 31000 purchase to map the ISO 31000 concepts to risk control.
With basically positive reviews, the well-written ISO 31000 can offer companies large and small an updated risk management standard necessary within the increasingly global environment. Further free information about the ISO 31000:2009 Risk Management Standard is available at http://www.iso.org/iso/home.htm. The site also offers a direct store for standard purchase.
Do you have any thoughts? Please share them below