Updated ISO 31000 risk management standard keeps things simple
Source: Asia Insurance Review | Apr 2018
The International Organization for Standardization (ISO) has issued a newly revised version of the ISO 31000, Risk management – Guidelines. The updated ISO 31000:2018 is a clearer, shorter and more concise guide to help organisations improve planning and decision-making through the use of risk management principles.
The following are the key changes from the previous edition of 2009:
- Review of the principles of risk management, which are the key criteria for its success.
- Focus on leadership by top management who should ensure that risk management is integrated into all organisational activities, starting with the governance of the organisation.
- Greater emphasis on the iterative nature of risk management, drawing on new experiences, knowledge and analysis for the revision of process elements, actions and controls at each stage of the process.
- Streamlining of the content with greater focus on sustaining an open systems model that regularly exchanges feedback with its external environment to fit multiple needs and contexts.
Mr Jason Brown, Chair of technical committee ISO/TC 262 on risk management that developed the standard, said: “The revised version of ISO 31000 focuses on the integration with the organisation and the role of leaders and their responsibility. Risk practitioners are often at the margins of organisational management and this emphasis will help them demonstrate that risk management is an integral part of business.”
Simpler language for clarity
Each section of the standard was reviewed in the spirit of clarity, using simpler language to facilitate understanding and make it accessible to all stakeholders. The 2018 version places a greater focus on creating and protecting value as the key driver of risk management and features other related principles such as continual improvement, the inclusion of stakeholders, being customised to the organisation and consideration of human and cultural factors, said the ISO.
Risk is now defined as the “effect of uncertainty on objectives”, which focuses on the effect of incomplete knowledge of events or circumstances on an organisation’s decision making. This requires a change in the traditional understanding of risk, forcing organisations to tailor risk management to their needs and objectives – a key benefit of the standard.
ISO 31000:2018 provides guidelines, not requirements, and is therefore not intended for certification purposes. This gives managers the flexibility to implement the standard in a way that suits the needs and objectives of their organisation. A