BSI, the business standards company, has published the revised international standard for risk management, BS ISO 31000:2018 Risk management: guidelines.
The purpose of this standard is to assist an organisation to integrate risk management into all of its activities and functions. Properly implemented, risk management improves performance, encourages innovation and supports the achievement of objectives. BS ISO 31000 provides best practice guidance on how an organisation can create a framework for risk management strategy which aligns with its broader goals.
Risk can take many shapes and forms – including economic, political and environmental. BS ISO 31000 is intentionally broad in its scope in order to assist organizations with managing risk of any kind and is consequently applicable to organizations in all sectors.
A notable change in this revision is a review of the principles of risk management. One of these is continual improvement. This means it is not enough for an organization to create a risk management framework which is never revisited or reviewed. To be effective, the risk management framework needs to take into account the context of the organization and its current risk management practices so that gaps can be addressed. The different parts of the framework and how they work together should always be adapted to specific needs.
Human and cultural factors are also key. For example, different opinions will affect risk appetite and the judgement and perception of risk. A traditional hierarchical organization may have very different attitudes to risk to a collaborative, innovation-based company.
This revision highlights the importance of top management not only implementing risk management but promoting it. Ultimately, the effectiveness of risk management depends on its integration into the organization at all levels.
Anne Hayes, Head of the Governance and Resilience sector at BSI, said: “Effective risk management is about all levels of an organization strategically planning for today and for tomorrow. BS ISO 31000 provides structured risk management guidance for any organization so that it can prepare effectively for the future. Having a plan is in the best interests of everyone’s safety, security and resilience.”
For further information, please visit www.bsigroup.com