当前位置:首页 >> >>


? ISO Focus, www.iso.org/isofocus

Main Focus
Future ISO 31000 standard on risk management
by Kevin W. Knight AM*, Chair, ISO working group on Risk Management


Tackling hazards

ome would suggest that the global financial crisis was caused by a failure of risk management rather than the failure of boards and top management to effectively manage risk. The future ISO 31000, Risk management – Principles and guidelines, is expected to help industry and commerce, public and private, to confidently emerge from the crisis. This much-awaited International Standard is expected to be published in the third quarter of 2009. Without risk, there is no reward or progress. Unless risk is managed effectively, organizations cannot maximize opportunities and minimize threats. Risk is all about uncertainty, or more importantly, the effect of uncertainty on the achievement of objectives. This is where ISO 31000 is clearly different from existing guidelines in that the emphasis is shifted from something happening – the event – to the effect on objectives. Every organization has objectives to achieve, and in order to achieve them, any uncertainty that could interfere with their realization must be effectively managed.

Applicable and adaptable to all
ISO 31000 sets out principles, a framework, and a process for the management of all forms of risk, including safety and environment, in all organizations, regardless of size. It does not mandate a one-size-fits-all approach, but emphasizes tailoring the principles and guidelines to the specific needs and structure of the organization. Following a list of terms and definitions, the standard sets out 11 princi* Member of the General Division of the Order of Australia (AM). ISO Focus June 2009


? ISO Focus, www.iso.org/isofocus

Main Focus
not be an add-on, or a separate activity divorced from the mainstream management of the business.

A strategic process
The risk management process contained in ISO 31000 follows the well worn lead set by the Australian and New Zealand Standard AS/NZS 4360, which consists of :

ples to be addressed in order to effectively manage risks and achieve objectives. The principles need to be reviewed by the board and top management so they may reflect the organization’s policy. The next section looks at the framework needed to provide the foundations and arrangements that will embed the management of risk at all levels of the organization. It calls for risk management components to be adapted into the existing management system in order to ensure ownership of the policy and process by management and staff.

Communication and consultation Establishing the context Risk assessment consisting of the three steps of identification, analysis and evaluation Risk treatment Monitoring and review.

Commitment of top management
The overarching component of the framework is the mandate and commitment of the organization’s board and top management to the implementation, review and continual improvement of how risk is managed. The end goal : to ensure risk is fully focused on the achievement of objectives. This focus on objectives is imperative if enterprise risk management (ERM) is to be achieved by a common language and process throughout the organization.

? ?

? ?

The process set out needs to become an integral part of how business is managed at all levels. It must be tailored to the business processes and woven into the culture and practices of the organization that make it uniquely different from its competitors. All activities should be traceable by way of records that provide the foundation for improvement in methods and tools, as well as in the overall process. Finally, an informative annex sets out the attributes of enhanced risk management for those organizations that have been working on managing their risks for some time and may wish to strive for a higher level of achievement.

About the author
Kevin W. Knight AM* is Chair of the ISO working group developing the new ISO 31000 risk management standard and the revision of ISO/IEC Guide 73 (risk management vocabulary), and a founding member of the Standards Australia/ Standards New Zealand Joint Technical Committee OB/7– Risk management. He is well known through his very active work in the development of risk management standards and has been active in furthering the risk management profession and the professional development of its practitioners, both worldwide and throughout the Asia-Pacific Region in particular, over the past 25 years. E-mail : kknight@bigpond.net.au
* Member of the General Division of the Order of Australia (AM).

“ Risk needs to become an integral part of how things are managed. ”
The framework calls for a clear understanding of the context in which the organization operates. The risk management policy must clearly state the organization’s commitment to the management of risk. More importantly, the standard requires organizations to identify risk owners to ensure accountability and authority. For example, the standard seeks to differentiate between those who are “ accountable ” for managing risk (those persons with a liability, either corporate or legal, for their decisions or lack of decision) and those who are “ responsible ” for specific tasks (those persons with an obligation to carry out an instruction from a competent authority). The framework also sets out how the management of risk is to be woven into the organizational fabric. Risk needs to become an integral part of how things are managed; it should

Representing the very best
The working group that produced ISO 31000 contained experts from some 28 countries representing all continents (except Antarctica). All meetings of the working group had strong attendance, ranging from 40 to 60 delegates depending on the meeting location, with a significant core group who participated in all meetings. It is precisely because of this core group, ably supported by the other expert delegates and backed up by the national mirror committees, that ensures ISO 31000 represents the very best of contemporary risk management thought.


ISO Focus June 2009

风险评估表Risk assessment.doc
风险评估表Risk assessment - 专业而易学的基本工作环境安全评估~中英文对照... Risk Assessment Form 估表 CSR Health & Safety Each Departmental Manager is ...
@Risk风险分析软件介绍 - @RISK(读作“at risk”)使用蒙特卡罗
@risk教程 - 本课程通过理论阐述、功能演示和案例实践相结合的方式,对风险分析应用软件@risk进行了详细的介绍。课程内容包括:风险分析在食品安全风险决策中的应用,...
Risk-Spectrum 软件介绍_图文.ppt
软件简介三、软件的主要内容 软件主界面包括:主菜单、工具条 和Risk-Spec
体验商务综合英语4 Unit 6 Risk_图文.doc
体验商务综合英语4 Unit 6 Risk - 商务综合英语 授课时间 授课方式
Risk limiting method_图文.ppt
Risk limiting method - Why should we change? Traditional Risk Assessment Method: Identify RPNs ab...
Risk Limiting Method summary_图文.ppt
Risk Limiting Method summary_电子/电路_工程科技_专业资料。RLM Risk Limiting Method (RLM) Summary Why Change? Old Risk Reduction Method: Sort by high RPN...
RiskMetrics模型评估与扩展_张术林_金融/投资_经管营销_专业资料 暂无评价|0人阅读|0次下载|举报文档RiskMetrics模型评估与扩展_张术林_金融/投资_经管营销_专业...
...identification, risk assessment and control proc....doc
危害识别,风险评估和控制程序Hazard identification, risk assessment and control procedure_生产/经营管理_经管营销_专业资料。这是一份电子版本的受控文件,一旦打印即...
Risk Matrix and Sample Tables.doc
Risk Matrix and Sample Tables - Risk Mat
大数据复杂风控模型在PayPal Risk的应用_图文.ppt
大数据复杂风控模型在PayPal Risk的应用 - Large-Scale Machine Learning at PayPal Risk 1 TO DECLINE, OR NOT DE...
Risk Inventory -Maintenance_图文.xls
Risk Inventory -Maintenance - AKZO NOBEL
risk and return 1_图文.ppt
risk and return 1 - Lecture 1 Risk and R
泽稷网校 教你拿下Audit risk这只磨人的小妖精~.doc
泽稷网校财务金融在线教育领导品牌 标题:泽稷网校教你拿下 Audit risk 这只磨人的小妖精~ 距离三月份的考试已经有一段时间了,虽然不知道 ACCAer 们战绩如何...
3 Risk Aessessment.pdf
3 Risk Aessessment - Risk assessment Und
第六章 风险与收益率 (Risk and Rate of Return)_图文.ppt
第六章 风险与收益率 (Risk and Rate of Return)_其它考试_资格考试/认证_教育专区。第三章 风险与报酬率 Risk and rate of Return 第一节 单项投资的风险...
风险管理-Model Risk Management_图文.ppt
风险管理-Model Risk Management_经济学_高等教育_教育专区。Model Risk Management Chapter 25 Uses of Models ? ? ? ? ? ? ? Credit decisions and credit ...
Chapter 6 Risk and Risk Aversion.txt
6. In a return-standard deviation space, which of the following statements is (are) true for risk-averse investors? (The vertical and horizontal lines ...
Risk Management(风险管理)_图文.ppt
Risk Management(风险管理) - IS5540 Project Management & Quality Assurance Week 8 - Project Risk Manag...