Revision of ISO 31000 keeps risk management simple

The revision of ISO 31000:2009 safety standard has resulted in a move towards clearer and more concise text.

ISO 31000:2009 on risk management is intended for people who create and protect value in an organisation by managing risks, making decisions, setting and achieving objectives and improving performance.

The revision work utilises a simple language to express the fundamentals of risk management in a way that is coherent and understandable to users.

The standard provides guidelines on the benefits and values of effective and efficient risk management, and should help organisations better understand and deal with the uncertainties they face in the pursuit of their objectives.

The major task was finding the right balance between giving sufficiently detailed guidance and writing an entire textbook.

To avoid weighing down the standard and making it too complex, it was decided to reduce the terminology of ISO 31000 to the bare bone concepts and move certain terms to ‘ISO Guide 73, Risk management – Vocabulary’, which deals specifically with risk management terminology and is intended to be read alongside ISO 31000.

Strengthened by its generic quality, the standard provides the basis for renewed confidence between experts and end users, who each face specific challenges in terms of risk but need to understand and communicate with other stakeholders. As such, the clause on building a risk management framework, which contains guidance that is relevant for every possible user, has since been augmented with additional concepts or examples that are specific to countries and industries.

“The message our group would like to pass on to the reader of the DIS is to critically assess if the current draft can provide the guidance required while remaining relevant to all organisations in all countries,” said Jason Brown, chair of ISO technical committee ISO/TC 262, Risk management.

“It is important to keep in mind that we are not drafting an American or European standard, a public or financial services standard, but much rather a generic international standard.”

The new draft is shorter than the CD, but it gains in clarity and precision and is much easier to read. It also includes some substantial improvements, such as the importance of human and cultural factors in achieving an organisation’s objectives and an emphasis on embedding risk management within the decision-making process.

However, the overall message of ISO 31000 remains the same — integrating the management of risk into a strategic and operational management system.

The next step in the process will be to finalise the revision work to reach the final draft international standard (FDIS) stage. The new version of ISO 31000 is expected to be published at the end of 2017 or in early 2018.

Image credit: ©iStockphoto.com/Dušan Janković