ISO 31000

ISO 31000 - AS/NZ 4360

Risk management - Principles and Guidelines on Implementation

ISO 31000 is a set of principles and generic guidelines for the implementation of risk management and can be applied to any public or private enterprise, association, group or individual.  ISO 31000 seeks to harmonize risk management processes and provide a common approach to managing risk.

 

In November 2009, the AS/NZ 4360 Australian Standard for Risk Management was superseded by ISO 31000.

 

ISO 31000 is designed to help organizations:

 

  •     Increase the likelihood of achieving objectives
  •     Encourage proactive management
  •     Be aware of the need to identify and treat risk throughout the organization
  •     Improve the identification of opportunities and threats
  •     Comply with relevant legal and regulatory requirements and international norms
  •     Improve financial reporting
  •     Improve governance
  •     Improve stakeholder confidence and trust
  •     Establish a reliable basis for decision making and planning
  •     Improve controls
  •     Effectively allocate and use resources for risk treatment
  •     Improve operational effectiveness and efficiency
  •     Enhance health and safety performance, as well as environmental protection
  •     Improve loss prevention and incident management
  •     Minimize losses
  •     Improve organizational learning
  •     Improve organizational resilience

 

Impact

ISO 31000 provides a framework for managing risk that ensures organizations have an appropriate response to the risks they face.  The same approach can be adopted for all projects and disciplines within an organization but a well-defined system should be in place first.  Many organizations have segmented risk management practices, segregated between departments, geographies or business units.  This does now always provide management with the immediate visibility it needs into the risks affecting the business.

 

ISO 31000 is a powerful management tool for organizations.  ISO 31000 ensures that there is: (1) global risk visibility and that it can be reported against; (2) harmonization of all risks and they can be accessed together; (3) prioritization of risk so that the most critical risks are mitigated first; and (4) an action plan developed to mitigate and monitor risks across the organization.

 

Challenge

The biggest challenge in implementing ISO 31000 is implementing a common approach and standard methodology for measuring risk.  Companies looking to apply the ISO 31000 framework to their risk management practices need to knock down the proverbial walls between departments and ensure that they are evaluating risk holistically and in a standard way.  This not only provides increased assurance in risk management but also can lessen the burden of regulatory compliance.

 

The Dyadem Solution

Dyadem helps companies establish an Enterprise Risk Management strategy and comply with various industry regulations and standards.  Its Stature enterprise software embodies all of ISO 31000’s framework, enabling companies to identify, mitigate and monitor risks across the organization through a continuous improvement approach that allows them to learn from their mistakes.   Stature offers an integrated lifecycle model that ensures all parts of the process and product are safe and secure from cradle to grave.