Featured Product
This Week in Quality Digest Live
Risk Management Features
Eric Stoop
Data can make a major difference to plant efficiency without causing the manufacturer major upheaval
Mark Williams
Take the time to see how you can do what’s right for the majority of people, the majority of the time
NordVPN Teams
Cyber attacks are up 400% compared to before Covid-19
Merilee Kern
A well-established technology takes on a new threat
Tinglong Dai
It will take several years for the industry to recover. Time enough to rethink organ distribution.

More Features

Risk Management News
NSF-funded project is developing a model to help manufacturers pivot and produce personal protective equipment
How to develop an effective strategic plan and make the best major decisions in the context of uncertainty and ambiguity
What continual improvement, change, and innovation are, and how they apply to performance improvement
Good quality is adding an average of 11 percent to organizations’ revenue growth
Further enhances change management capabilities
How the nation’s leading multistate cannabis company ensures quality and safety standards
How established companies turn the tables on digital disruptors
Streamlines shop floor processes, manages nonconformance life cycle, supports enterprisewide continuous improvement
Certification bodies can conduct food safety audits and issue certifications of foreign food facilities

More News


Risk Management

The New Arsenal of Risk Management

How can the streamlined version of ISO 31000 help to make our future more secure?

Published: Tuesday, November 28, 2017 - 13:01

A new version of ISO 31000:2009—“Risk management” is due to be unveiled early next year. As the threat of risks grows for governments, organizations, and the public alike, how can the new, streamlined standard help to make our future more secure?

Ten years ago, the boardrooms of banks and financial institutions around the world were rattled to hear the news of the collapse of prestigious and highly respected names, such as Lehman Brothers, Bear Stearns, and Northern Rock. Alan Greenspan, the former chairman of the U.S. Federal Reserve, described the shock waves that swept the world as a “credit tsunami.”

In family businesses, governments, and industry, the aftermath of the global financial crisis is still being felt. Since then, the spotlight has been turned on risk and exposure to risk—how to manage it, prepare for it, benefit from it, and learn from it. In our complex and interconnected world, one of political uncertainty and economic unease and austerity, these questions are more pertinent than ever and the need for best practice even more compelling.

How to manage risk

Kevin Knight, chair of the ISO working group that developed ISO 31000, which was published as a standard in 2009, summed it up succinctly. “Risk is inherent in all activities. And it can be argued that the global financial crisis resulted from the failure of boards and executive management to effectively manage risk. ISO 31000 is expected to help industry and commerce, public and private, to confidently emerge from the crisis.”

Risks, of course, can come from various source such as uncertainty in financial markets, threats from project failures (during design, development, or production), legal liabilities, credit risk, accidents, and natural causes and disasters. They can take a heavy toll; look at the havoc and loss of life wreaked by Hurricane Irma in the Caribbean and the devastating floods in India and Bangladesh.

Turning risk into opportunities

Lessons are learned the hard way—but they are learned, and risks can be turned into opportunities. In Japan, for instance, the constant threat of earthquakes and typhoons has led to the development of one of the world’s most sophisticated emergency management systems. In turn, this has been repurposed for missile defense. Officials can now send messages to every mobile phone in the country as well as interrupting TV and radio broadcasts.

As the world enters a new “smart” era, technology poses a new set of risks, from robotics, artificial intelligence, and machine learning, to the internet of things (IoT). Here, too, the response to challenges has led to innovative solutions. Take blockchain technology, a complex set of algorithms that allows so-called crypto-currencies to be traded electronically with a central ledger. Despite fraud fears and concerns about the digital currency’s volatile nature, banks are now exploiting the technology to speed up back-office settlement systems.

To meet this array of new challenges, organizations around the world have realized the importance of integrating risk management into their business strategy. Accordingly, the general scope of ISO 31000—the first-born in the family of risk management standards—was not developed for a particular industry group, management system, or subject-matter field, but rather to provide best-practice structure and guidance to all operations concerned with risk management.

Moving with the times

The Thales Group, for example, is a leading organization in the security sector. It states that managing social and environmental risks, and developing new standards and procedures are key to risk prevention. Jason Brown, the national security director of Thales Australia and New Zealand, is chair of ISO technical committee ISO/TC 262—“Risk management.” He says of ISO 31000: “The standard is now used to assist planning and decision making in areas as diverse as finance, engineering, space flight, and international security.”

Moving with the times, ISO’s trailblazing standard on risk management is now being revised, and a new edition is scheduled for early 2018. In order to ensure that the principles and guidelines in the standard remain relevant to users, ISO 31000 and ISO Guide 73, which lays down the operative terminology, were revised in 2015, and the 2018 revision is the next step in making risk management easier and clearer and keeping it simple. The text has been reduced to its fundamental concepts to create a shorter, clearer, and more concise document that is easier to read while remaining widely applicable.

Brown highlights the fact that ISO 31000’s principles-based model and open-system approach, with the renewed emphasis on the iterative nature of risk assessment, maintains and ensures the standard’s relevance across multiple disciplines. “Governments, large and small businesses, and in fact all those who have objectives they would like to achieve in our increasingly complex world, will benefit from using 31000 as their guide to managing the risks to their endeavours,” he says.

He advises that the new version has streamlined and refined the key elements and emphasized the iterative nature of the process. “The important issue of a recursive, iterative model is its relevance to reducing uncertainty in a highly volatile and uncertain operational environment, where the requirement for monitoring and continuous assessment of risk is often driven by external events,” he says.

Creating growth

One region that is reaping the benefits of ISO 31000 is Latin America. Jorge Escalera, a member of the Mexican delegation for ISO/TC 262 and ISO/TC 29—“Security and resilience,” points out that the topic of risk management may be relatively new in Latin America, but it is growing significantly. Organizations, he reveals, are increasingly proactive in considering ISO 31000 in the implementation of risk management in their general management systems.

Escalera is also a director of Risk Mexico, a company offering solutions for education, certification, and consulting in the public and private sectors. “Risk Mexico promotes the implementation of risk management (RM) according to ISO 31000, and in each consultancy we carry out, the fundamental principles of our operation are based on implementing an RM that creates value for our clients and generates benefit for our community,” he says.

No easy task

Cooperation and collaboration are all-important. Although developing a cohesive culture is no simple task, ISO 31000 is a big step in that direction. Of course, it will take more than the application of the revised ISO 31000 to avoid things like another global financial crash, but it will be a help in understanding the causes and identifying the treatments needed to reduce the uncertainty about our financial future. Jason Brown says: “It will, however, take a willingness by all partners to take the actions necessary to reduce uncertainty. Some of these actions must include transparency of financial operations, good regulations and compliance, integrity and responsibility, and importantly, good governance.”

And what about the future—the next steps for ISO 31000? Among them, technical committee activities will focus on the increasing uptake of the standard globally. Indeed, one example of the growth of interest comes from Latin America. “There are more ideas in the pipeline from a number of member countries,” says Brown. “These include a special Spanish translation task force, which will provide a unified Spanish-language approach for the 400 million native speakers, and with official status in a staggering 21 countries spanning South, Central, and North America, Spain, as well as Africa and Europe.” Watch this space.

Written by Ann Brady, contributing writer and editor at the International Organization for Standardization (ISO). First published Nov. 8, 2017, in ISO News.


About The Author

ISO’s picture


The International Organization for Standardization (ISO) is the world’s largest developer and publisher of international standards. ISO is a network of the national standards institutes of 162 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system. ISO is a nongovernmental organization that forms a bridge between the public and private sectors. ISO enables a consensus to be reached on solutions that meet both the requirements of business and the broader needs of society. View the ISO Standards list.