The International Standards Organisation’s (ISO) revision of ISO 31000:2009 Risk Management – Principles and Guidelines has moved one step further to Draft International Standard (DIS) stage whereby the draft is now available for public comment.
ISO 31000:2009 is intended for people who create and protect value in an organisation by managing risks, making decisions, setting and achieving objectives and improving performance. The standard’s revision process discovers the virtues of keeping risk management simple.
The revision work follows a distinct objective: to make things easier and clearer. This is achieved by using a simple language to express the fundamentals of risk management in a way that’s coherent and understandable to users.
The standard provides guidelines on the benefits and values of effective and efficient risk management, and should help organisations better understand and deal with the uncertainties they face in the pursuit of their objectives.
Finding the right balance
In terms of this latest revision, the major task was finding the right balance between giving sufficiently detailed guidance and writing an entire textbook. With this in mind, the text has been reduced to its fundamental concepts in order to create a shorter, clearer and more concise document that’s easier to read, while at the same time remaining widely applicable.
That’s not to say that the specific meanings or ‘sectoral jargons’ important to certain users have disappeared. On the contrary, ISO states that providing more detail and precise information has actually been an “essential aspect” of the revision process.
To avoid weighing down the standard and making it too complex, it was decided to reduce the terminology of ISO 31000 to the ‘bare bones’ concepts and move certain terms to ISO Guide 73 Risk Management – Vocabulary, which deals specifically with risk management terminology and is intended to be read alongside ISO 31000.
Strengthened by its generic quality, the standard provides the basis for renewed confidence between experts and end users, who each face specific challenges in terms of risk, but need to understand and communicate with other stakeholders. As such, the clause on building a risk management framework, which contains guidance that’s relevant for every possible user, has since been augmented with additional concepts or examples that are specific to countries and industries.
Generic International Standard
“The message our group would like to pass on to the reader of the DIS is to critically assess if the current draft can provide the guidance required while remaining relevant to all organisations in all countries,” explained Jason Brown, chair of ISO Technical Committee ISO/TC 262 on Risk Management that developed the standard. “It’s important to keep in mind that we’re not drafting an American or European Standard, nor a public or financial services standard, but much rather a generic International Standard.”
Much of the complicated language has been eliminated. That being so, the text is leaner and more precise with the expectation that the reader will find it simpler to understand.
The new draft includes some substantial improvements, such as the importance of human and cultural factors in achieving an organisation’s objectives and an emphasis on embedding risk management within the decision-making process. That said, the overall message of ISO 31000 remains the same: integrating the management of risk into a strategic and operational management system.
The next step in the process will be to finalise the revision work in order to reach the Final Draft International Standard stage. The new version of ISO 31000 is expected to be published at the end of 2017 or during early 2018.