We have all heard the term “risk management” but what is it exactly? And how is it achieved? ISO3100 provides organisations with the necessary principles, framework and processes for risk management.
Risk is a necessary part of the business process. With enormous amounts of data being processed daily at rapid rates, identifying and alleviating risks is a challenge for any company. Risks within any situation can be disastrous if handled incorrectly but in an organisational context, risks affect economic performance and professional reputation. In light of this, effective risk management can help businesses to perform well, knowing that potential risks can and will be dealt with correctly. This is where ISO 31000 can be implemented.
ISO 31000 is the international standard providing organisations with the necessary principles, framework and processes for risk management. It provides businesses with direction on how they can integrate risk-based decision making into its planning, management, reporting, policies, values and culture.
ISO 31000:2009 and ISO 31000:2018 – what’s the difference?
All ISO standards are reviewed every five years to maintain relevance. ISO 31000 was originally developed in 2009 (ISO 31000:2009) after a four-year development period during which 60 experts from 30 countries worked within an ISO international technical committee. It has since been updated to its current version, ISO 31000:2018.
ISO 31000:2018 consists of 16 pages and can be read in as little as an hour. It consists of four main sections:
- Section one defines key terms such as risk, risk management, stakeholder, risk source, event, consequence, likelihood and control.
- Section two outlines the principles of risk management – that it is integrated and executed by way of a structured approach.
- Section three provides a framework for ensuring that risk management is properly implemented and integrated throughout the organisation and that it’s carefully designed, and regularly reviewed and updated.
- Section four focuses on the process of risk management itself. This includes the elements of risk identification, analysis, evaluation, and treatment. It also includes monitoring, review, communication and consultation elements.
Of the two versions, ISO 31000:2018 provides more strategic guidance than ISO 31000:2009 and emphasises the involvement of senior management. ISO 31000:2018 recommends the development of a policy that confirms management’s commitment to effective risk management and assigns authority, responsibility and accountability at the appropriate levels of the business. Furthermore, ISO 31000:2018 recommends that risk management becomes part of the organisation’s overall structure, processes, objectives, strategies and activity.
The document’s content has been updated to reflect an open systems model that regularly exchanges feedback with its external environment to fulfil a wider range of needs and contexts. The key objective is to simplify business processes by using plain language to define the fundamental elements of risk management in an easy-to-understand way.
Implementing ISO 31000:2018
ISO 31000:2018 is applicable to any organisation regardless of its size or industry but it cannot be used for certification purposes; it simply provides guidance for internal or external audit programmes. Organisations that already have risk management practices in place can use the document to compare their existing practices to an internationally recognised benchmark. This provides sound principles for effective management and corporate authority.
In order to take the first step towards effective risk management with ISO 31000:2018, the following must be considered:
- The organisation’s key objectives. This will help management to clarify the targets and requirements of the risk management system.
- The organisation’s management structure. This will ensure that responsibilities and risk reporting procedures are allocated efficiently among management.
- The organisation’s commitment to effective risk management. This includes the resources available for the implementation and maintenance of a risk management system.
The Benefits of ISO 31000:2018
While the concept of effective risk management is a benefit in itself, ISO 31000:2018 provides a reliable basis for decision making and planning while helping a business to achieve objectives, efficiently identify opportunities and risks, and comply with relevant legal and regulatory requirements.
The main goal of this document is to help businesses protect their assets while developing a risk management culture where employees and stakeholders are aware of the importance of risk monitoring and management. Ultimately, having this structure in place can improve overall business performance and reputation.
How WWISE can help
WWISE develops systems, repairs, maintains and improves them to ensure optimal competitiveness and efficiency for the client companies. To speak to a consultant on how we can assist you to implement ISO 31000:2018 into your business operations, send us an email
admin@wwise.co.za or call us on
08610 99473. You can also visit our website at
https://www.wwise.co.za for more information on other ISO standards we can assist with as well as other services we provide.
Conclusion
ISO 31000:2018 is not the only document covering organisational risk management but its set of principles for implementing and evaluating a risk management process is more concise than others.