When Recognition Matters
THE REVISION OF ISO 31000 RISK MANAGEMENT
www.pecb.com
//////////////////////////////////////////////////////////////////////////////////////////////////////
Risk is a well-known word; it is an action, a process, time, a condition and everything else. Risk plays a huge part in our life, from waking up in the morning we take a risk by getting late for work, or by driving we take a risk of getting trapped in traffic jams, or worse in an accident. Risk needs managing and managing has to have a plan, steps and a way to solve risk.
What is Risk Management, really? Risk is when something uncertain or dangerous is happening, whereas managing means when you know how to deal with uncertain, unknown and risky situations. ISO 31000 Risk Management is the standard that guides on how to manage risk. The first version of the Risk Management standard came from New Zealand (AS/NZS 4360:2004). Moreover, based on this standard they tried to create an international standard that could be used in any country, no matter the size, operation, complexity or type of the organization. ISO 31000 Risk Management was first published in 2009. This standard involves principles and guidelines for practicing risk management. As an ISO policy, standards need to be reviewed every five years. In this case, the time for the revision of ISO 31000 Risk Management has come. The question is: does it really need a revision, and why? A group of risk practitioners pointed out that ISO 31000:2009 has to be reviewed also with the ISO Guide 73:2009 as there is a need for change in some definitions and terms in order to be applicable and relevant to risk management. The limited revision was accessible only to specialists who emphasized the necessities that corporations and governments had to change or improve on Risk Management. The group of ISO/ TC262/WG 2, who participated in the meeting held in Paris, March 2015, had 656 comments regarding the revision of ISO 31000 Risk Management. The process of dealing with the comments required a high level of documents in order to have a full technical review by ISO/TC262/WG 2, which would improve the design specification (DS) and summarize it. The requirements are mostly aimed at Annex A of ISO 31000:2009 for some changes, as this would help organizations to move forward, and that is what ISO/TC262/WG2 has been working on. According to Julia Graham, the President of FERMA pronounced “ISO 31000 has become the most popular enterprise risk management standard in the world and one of the most popular standards in the ISO standards library, and it is considered that some modification is required to bring the content and language up to date”. “Risk management is about people and processes and not about models and technology.” Trevor Levine As the revision of a standard is very important, the process of finalization takes time. The ISO/TC 262/WG 2 is currently working on the revision of ISO 31000 Risk Management. First, the group of ISO/TC262/WG 2 members have to complete a draft of limited review of ISO 31000:2009, and then send for ballot for a full technical review, until the development of a design specification for a New Work Item Proposal (NWIP) is done. Secondly, the ISO/TC262/WG 2 looks for the approval of the discontinuing limited revision and goes for full technical revision. After that, ISO/TC 262/WG 2 has time until the end of June 2015 to develop the DS and submit the ballot of technical committee members with the latest Committee Draft (CD) of ISO 31000. If everything goes as planned, the reviewed ISO 31000 is ready to get published on mid-2016, but if there is a second proposal, then the publication of reviewed ISO 31000 is expected to be ready by the end of 2017. Sources: www.iso.org/iso/news.htm?refid=Ref1963 www.ferma.eu/blog/2014/05/roads-revision-iso-31000 2
THE REVISION OF ISO 31000 RISK MANAGEMENT
//////////////////////////////////////////////////////////////////////////////////////////////////////
PECB is a certification body for persons on a wide range of professional standards. Among other standard certifications, it offers certification against ISO 50001. ISO Standards and Professional Trainings offered by PECB:
• • • •
Certified Lead Implementer (5 days) Certified Lead Auditor (5 days) Certified Foundation (2 days) ISO Introduction (1 day)
Lead Auditor, Lead Implementer and Master are certification schemes accredited by ANSI ISO/IEC 17024. Rrezarta Halili is a Governance, Risk, and Compliance (GRC) Course Development Manager at PECB. She is in charge of developing and maintaining courses related to Governance, Risk, and Compliance. If you have any questions, please do not hesitate to contact:
[email protected]. For further information, please visit www.pecb.com THE REVISION OF ISO 31000 RISK MANAGEMENT
3