Revision moves ISO 31000:2009 Risk Management – Principles and Guidelines to Draft International Standard stage

The International Standards Organisation’s (ISO) revision of ISO 31000:2009 Risk Management – Principles and Guidelines has moved one step further to Draft International Standard (DIS) stage whereby the draft is now available for public comment.

ISO 31000:2009 is intended for people who create and protect value in an organisation by managing risks, making decisions, setting and achieving objectives and improving performance. The standard’s revision process discovers the virtues of keeping risk management simple.

The revision work follows a distinct objective: to make things easier and clearer. This is achieved by using a simple language to express the fundamentals of risk management in a way that’s coherent and understandable to users.

The standard provides guidelines on the benefits and values of effective and efficient risk management, and should help organisations better understand and deal with the uncertainties they face in the pursuit of their objectives.

Finding the right balance

In terms of this latest revision, the major task was finding the right balance between giving sufficiently detailed guidance and writing an entire textbook. With this in mind, the text has been reduced to its fundamental concepts in order to create a shorter, clearer and more concise document that’s easier to read, while at the same time remaining widely applicable.

That’s not to say that the specific meanings or ‘sectoral jargons’ important to certain users have disappeared. On the contrary, ISO states that providing more detail and precise information has actually been an “essential aspect” of the revision process.

To avoid weighing down the standard and making it too complex, it was decided to reduce the terminology of ISO 31000 to the ‘bare bones’ concepts and move certain terms to ISO Guide 73 Risk Management – Vocabulary, which deals specifically with risk management terminology and is intended to be read alongside ISO 31000.

Strengthened by its generic quality, the standard provides the basis for renewed confidence between experts and end users, who each face specific challenges in terms of risk, but need to understand and communicate with other stakeholders. As such, the clause on building a risk management framework, which contains guidance that’s relevant for every possible user, has since been augmented with additional concepts or examples that are specific to countries and industries.

Generic International Standard

“The message our group would like to pass on to the reader of the DIS is to critically assess if the current draft can provide the guidance required while remaining relevant to all organisations in all countries,” explained Jason Brown, chair of ISO Technical Committee ISO/TC 262 on Risk Management that developed the standard. “It’s important to keep in mind that we’re not drafting an American or European Standard, nor a public or financial services standard, but much rather a generic International Standard.”

Much of the complicated language has been eliminated. That being so, the text is leaner and more precise with the expectation that the reader will find it simpler to understand.

The new draft includes some substantial improvements, such as the importance of human and cultural factors in achieving an organisation’s objectives and an emphasis on embedding risk management within the decision-making process. That said, the overall message of ISO 31000 remains the same: integrating the management of risk into a strategic and operational management system.

The next step in the process will be to finalise the revision work in order to reach the Final Draft International Standard stage. The new version of ISO 31000 is expected to be published at the end of 2017 or during early 2018.

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014.

Related Posts