02 Mar ISO 31000: 2018
February 2018 has seen the release of the new ‘ISO 31000: 2018 – Risk Management – Guidelines’. This document was prepared by ‘Technical Committee ISO/TC 262, Risk Management’, and this second, technically revised edition cancels and replaces the first edition (ISO 31000:2009).
Historically, the challenge for many organisations and individuals has been their inability to recognise the International Risk Management Standard as non-prescriptive, principles-based and leadership-focused rather than compliance and certification orientated. This recent revision of the Standard provides a perfect opportunity to recalibrate risk management frameworks.
The main changes in the updated International Standard are:
- Whilst remaining structured along the previous ‘Principles, Framework & Process’ model, it has been reduced in length, had some of the content re-written in simpler language and been streamlined with a view to it fitting with multiple contexts.
- The ‘Principles’ section has been reduced from 11 to 8. 3 principles have not disappeared, but have been articulated within the 8 remaining principles and ‘value creation and protection’ now sits at the core.
- The ‘Framework’ commentary highlights the need to establish an organisational framework which is suitable, adequate and effective. This means placing an even greater emphasis on the need for governance, leadership and commitment, particularly to ensuring risk management is integrated. Leadership and integration are leant heavily upon in the new Standard. Integration of risk management into the structure, operations and processes of organisations is highlighted, including in strategic planning, business activities, organisation-wide decision making and performance management. Given the ever evolving external and internal context for many of us, the need for greater flexibility and iteration throughout is emphasised.
- The ‘Process’ itself remains significantly unchanged, although ‘Establishing the context’ has now been refined to ‘Scope, Context, Criteria’. In addition, ‘Recording and Reporting’ now encircles the entire risk process.
The new standard can be downloaded through the ISO website and will no doubt soon be adopted by Standards Australia as the updated AS/NZS 31000.
Please contact us at Riskwest if you wish to discuss how the changes may impact on your own risk management framework and practices .