Lorena Bermúdez. Coordinator of the RC, Quality and Excellence Area of Bureau Veritas Training
After several years and arduous review work by Technical Committee ISO/TC 262 and the various Working Groups created, the new version of ISO 31000 on risk management was published yesterday.
This new standard is an opportunity for organizations to re-evaluate their current risk management methodologies and build an integrated management system across all levels of the organization. Good luck to all involved!
Why manage risk?
The current context in which organizations operate is line data increasingly complex, and any event not taken into account can slow down their activities, directly impacting the business.
This is why, for several years now, attention has been placed on risk management as a mechanism for dealing with the uncertainty of a threat, allowing us to anticipate unwanted events and design and implement plans to safeguard the integrity of the organization's activities, regardless of what might occur.
It is under this prism that since 2009 , the standard has been supporting all those interested in applying an appropriate structure to manage risks.
What changes does the new version have in store for us?
The document has been made more streamlined and clear. It uses more common and simple language, free from complex expressions, with the aim of making it easy for all users to understand and adaptable to multiple needs and contexts.
The number of principles has been reduced from eleven to eight. The creation and protection of value in an organization has been determined as the central axis of the system , placing it at the center of a “wheel” around which the following 8 principles are grouped as key success factors for the design, implementation, operation and improvement of any risk management system.
Integrated into all activities.
Structured.
Adapted to the organization.
Inclusive of all stakeholders.
Dynamic and responsive to changes.
Based on the best available information.
Considers human and cultural factors.
Focused on continuous improvement.
Leadership and commitment from senior management are particularly important , adding responsibility to senior management and supervisory positions.
The concept of risk integration is reinforced throughout the document . Each new experience, knowledge and analysis can lead to a review of the elements, actions and controls established at each stage of the process. Thus, all members of the organization have the responsibility to manage risk, as an integrated part of the purpose of the organization.
ISO Guide 73 , which provides definitions of generic terms relating to risk management, is also being revised .