BSI, the business standards company, has published the revised international standard for risk management BS ISO 31000:2018 Risk Management: Guidelines. The purpose of this standard is to assist a given organisation to integrate risk management into all of its activities and functions.
Properly implemented, risk management improves performance, encourages innovation and supports the achievement of objectives. With that in mind, BS ISO 31000 provides Best Practice guidance on how an organisation can create a framework for risk management strategy which aligns with its broader goals.
Risk can take many shapes and forms including economic, political and environmental. BS ISO 31000 is intentionally broad in its scope in order to assist organisations with managing risk of any kind, and is consequently applicable to organisations in all sectors.
A notable change in this revision is a review of the principles of risk management. One of these is continual improvement. This means it’s not enough for an organisation to create a risk management framework which is never revisited or reviewed. To be effective, the risk management framework needs to take into account the context of the organisation and its current risk management practices so that gaps can be addressed. The different parts of the framework and how they work together should always be adapted for specific needs.
Human and cultural factors are also key. For example, different opinions will affect risk appetite and the judgement and perception of risk. A traditional hierarchical organisation may have very different attitudes towards risk when compared to a collaborative, innovation-based company.
This revision highlights the importance of top management not only implementing risk management, but promoting it. Ultimately, the effectiveness of risk management depends on its integration into an organisation at all levels.
Anne Hayes, head of the governance and resilience sector at the BSI, said: “Effective risk management is about all levels of an organisation strategically planning for today and tomorrow. BS ISO 31000 provides structured risk management guidance for organisations such that they can prepare effectively for the future. Having a plan in place is in the best interests of everyone’s safety, security and resilience.”