Dedicated international standard for managing risk in organisations revised by BSI

BSI, the business standards company, has published the revised international standard for risk management BS ISO 31000:2018 Risk Management: Guidelines. The purpose of this standard is to assist a given organisation to integrate risk management into all of its activities and functions.

Properly implemented, risk management improves performance, encourages innovation and supports the achievement of objectives. With that in mind, BS ISO 31000 provides Best Practice guidance on how an organisation can create a framework for risk management strategy which aligns with its broader goals.

Risk can take many shapes and forms including economic, political and environmental. BS ISO 31000 is intentionally broad in its scope in order to assist organisations with managing risk of any kind, and is consequently applicable to organisations in all sectors.

A notable change in this revision is a review of the principles of risk management. One of these is continual improvement. This means it’s not enough for an organisation to create a risk management framework which is never revisited or reviewed. To be effective, the risk management framework needs to take into account the context of the organisation and its current risk management practices so that gaps can be addressed. The different parts of the framework and how they work together should always be adapted for specific needs.

Human and cultural factors are also key. For example, different opinions will affect risk appetite and the judgement and perception of risk. A traditional hierarchical organisation may have very different attitudes towards risk when compared to a collaborative, innovation-based company.

This revision highlights the importance of top management not only implementing risk management, but promoting it. Ultimately, the effectiveness of risk management depends on its integration into an organisation at all levels.

Anne Hayes, head of the governance and resilience sector at the BSI, said: “Effective risk management is about all levels of an organisation strategically planning for today and tomorrow. BS ISO 31000 provides structured risk management guidance for organisations such that they can prepare effectively for the future. Having a plan in place is in the best interests of everyone’s safety, security and resilience.”

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014.

Related Posts