The World Economic Forum describes the current competitive business landscape in a word: disruptive. How well an organisation approaches risk management in a climate of volatility can affect its ability to make robust and informed strategic decisions and achieve its objectives.
Traditionally, risk management played a supporting role at board level. However, over the past decade, organisations have adopted the view that risk management must be embedded in the general management of an organisation, and fully integrated across an enterprise with functions such as finance, strategy, internal control, procurement, continuity planning, human resources, and compliance.
Voices of stakeholders have become louder in their demand for transparency and accountability in managing the impact of risk, and evaluating the ability of leadership to embrace opportunities. The use of technology and economic globalisation have made risks increasingly entwined, placing even more emphasis on sound risk management within any organisation.
To keep pace with a rapidly evolving world and future threats, the International Organization for Standardization published a revised version of its Risk Management Standard in February 2018. Essentially, ISO 31000:2018 reflects the evolution of risk management thinking from a separate ‘siloed’ activity to an integrated management function. The overarching strategy of the standard is to embed risk management best practices on a micro-level within organisations so as to manage threats that stand in the way of enterprises achieving their objectives, and create value by finding and exploiting opportunity. This should grab the attention of anyone looking to gain competitive advantage, improve operations, or reduce costs within their organisation.
ISO 31000:2018 - Five Things to Know
1. It is clear and concise
The standard delivers a clear and concise guide to help all organisations manage risks. Risk management concepts are simply explained, giving diverse organisations and people the ability to access the tools that can drive change in order to protect and create value. ISO 31000:2018 is supplemented by ISO Guide 73:2009, a vocabulary index used to support ISO 31000:2018, and ISO 31010:2009 that focuses on risk assessment concepts, processes and the selection of risk assessment techniques. ISO 31000:2018 has been trimmed down to just 15 pages, and risk management principles reduced from 11 to 8, which streamlines the process for implementation.
2. It is easy to implement
All organisations make decisions that shape their future every day. ISO 31000:2018 provides guidance on how to manage uncertainty to meet objectives, and how to implement risk management to support strategic decision making. This promotes intelligent risk taking at all levels of a business. Risk management best practices promote critical thinking about the role of uncertainty in decision making, and encourage the identification, assessment, and treatment of uncertainty that can impact daily business activities. Small organisations with limited room for exposure to adverse internal and external risks now have the ability to access invaluable tools to create a tolerable risk environment and protect value.
3. It creates and protects value
Creating and protecting value is the central tenant of ISO 31000:2018. If processes are not adding value, they are simply adding costs. The standard helps enterprises improve performance by embedding risk management into all business decision-making processes and making risk-based thinking a daily activity.
4. It reinforces integration
Integration is mentioned throughout the standard. Here are a few examples:
- Risk management should be part of the organisational purpose, governance, leadership and commitment, strategy, objectives and operations.
- Properly designed and implemented, the risk management framework ensures that the risk management process is a part of all activities throughout the organisation.
- The organisation should continually improve the suitability, adequacy and effectiveness of the risk management framework and the way the risk management process is integrated.
- The risk management process should be an integral part of management and decision-making and should be integrated into the structure, operations and processes of the organisation.
5. It focuses on leadership
Support from top management is essential for successful implementation of the risk management framework and processes. Leadership support for risk management becoming a strategic planning and decision-making tool creates a risk aware culture at all levels of the organisation.
ISO 31000:2018 can help create and protect value for any organisation by providing a flexible framework. If individuals are given the tools to promote critical thinking on how uncertainty can impact meeting objectives then the organisation should see an increase in value from an integrated risk management framework.
Ready to get started?
Risk ZA is a leading provider of enterprise risk management training programmes, which aim to improve your business performance. Contact us on +27 (0) 31 569 5900, email firstname.lastname@example.org or visit www.riskza.com.
PLUS! Download our FREE GUIDE ISO 31000:2018 How do I get started? where we investigate the 8 Principles that set out the requirements for a risk management initiative.
For more information or guidance on which ISO standard(s) and services would best suit the needs of your organisation, please email Risk ZA at email@example.com or contact us on 0861 Risk ZA / +27 (0) 31 569 5900.