ISO 31000:2009 on risk management is intended for people who create and protect value in an organization by managing risks, making decisions, setting and achieving objectives and improving performance. The standard’s revision process discovers the virtues of keeping risk management simple.
The revision of ISO 31000:2009, Risk management – Principles and guidelines, has moved one step further to Draft International Standard (DIS) stage where the draft is now available for public comment. What does it mean? And what happened in the revision process since the Committee Draft (CD) stage in March 2015?
The revision work follows a distinct objective: to make things easier and clearer. This is achieved by using a simple language to express the fundamentals of risk management in a way that is coherent and understandable to users.
The standard provides guidelines on the benefits and values of effective and efficient risk management, and should help organizations better understand and deal with the uncertainties they face in the pursuit of their objectives.
The major task was finding the right balance between giving sufficiently detailed guidance and writing an entire textbook. With this in mind, the text has been reduced to its fundamental concepts to create a shorter, clearer and more concise document that is easier to read whilst remaining widely applicable.
That’s not to say that the specific meanings or sectorial jargons that are important to certain users have disappeared. On the contrary, providing more detail and precise information has been an essential aspect of the revision.
To avoid weighing down the standard and making it too complex, it was decided to reduce the terminology of ISO 31000 to the barebone concepts and move certain terms to ISO Guide 73, Risk management – Vocabulary, which deals specifically with risk management terminology and is intended to be read alongside ISO 31000.
Strengthened by its generic quality, the standard provides the basis for renewed confidence between experts and end users, who each face specific challenges in terms of risk but need to understand and communicate with others stakeholders. As such, the clause on building a risk management framework, which contains guidance that is relevant for every possible user, has since been augmented with additional concepts or examples that are specific to countries and industries.