(216) 609-3940
SandRun Risk
  • Home
  • What We Do
    • Risk Management
    • Insurance Claims
    • Insurance Archaeology
  • Blog
  • About
    • Team
    • Our Company
    • Articles
  • Contact

Conversations on Risk Management: Kevin Knight – Part II

2/12/2020

0 Comments

 
Picture

​Part II of our Conversation with Kevin Knight provides an inside look at how Australia and New Zealand developed the first standard for enterprise risk management known as AS/NZS 4360.

Picture
The creation of a standardizing body in Australia occurred in 1922 and today it is known as Standards Australia.  It would be another 70 years – 1992 – before Standards Australia announced the first known public enquiry on the feasibility of standardizing risk management.  How did you get involved in 1992 and did you have any inkling how consuming this work would become for the rest of your life?

I was most fortunate that my employer encouraged me to become active in ARIMA, (the Association of Risk and Insurance Managers of Australia) as part of my professional development.  This blessing put me in a position to respond to an enquiry that Standards Australia sent to a range of government, academic and professional bodies in our country about the feasibility of developing a standard on risk management for use in Australia and New Zealand, and the availability of volunteers willing and able to do the work.  I was nominated as one of ARIMA’s representatives. 

Having started out on the journey of standardization of risk management, I found myself getting further involved in the development of handbooks and revisions of AS/NZS 4360, which, in turn led to becoming involved with ISO, the International Organization for Standardization.  It is fair to say I never expected to set out on what is to date a 27-year journey looking for a destination.  2020 should see me reach that destination and my retirement from all standards related activities.

You were an original member of the Joint Technical Committee (OB/7) which first met in August 1993 and published the first standard for risk management – AS/NZS 4360 – in November 1995.  Who were the key individuals and organizations that influenced the development of AS/NZS 4360?

I have gone back to our records and they show that an enquiry from Standards Australia was received in May 1993.  The enquiry enclosed terms of reference and suggestions on how to form our Joint Technical Committee which became known as OB/7.   The minutes from nine meetings held between August 1993 and July 1994, show that our committee had representation from the following organizations: 
  • The Association of Risk & Insurance Managers of Australia
  • The Australian Institute of Risk Managers
  • Australia’s Department of Defence
  • Department of Safety Science, University of New South Wales (NSW)
  • NSW Department of Treasury - Infrastructure Development &
  • Management Group
  • Insurance Council of Australia
  • Australia’s Department of Administrative Services
  • Australian Computer Society
  • Institution of Engineers of Australia
  • Securities Institute of Australia
  • Standards New Zealand
  • Standards Australia
  • National Insurance Brokers Association of Australia
  • New South Wales Department of Planning
  • Australian Customs Service
  • Lincoln University of New Zealand

As evidenced by the above list, OB/7 had a diverse range of members who brought a wide set of knowledge, skills and experience to the meetings – all of which helped us create a generic process for risk management for a wide variety of purposes, including creating an ERM framework.  It also ensured that the end result could be used by people with little formal knowledge or experience in risk management as opposed to becoming a tool that could only be used by people deemed to have expertise in some aspect of risk management.  As such, we started out with a blank canvas.  We were fortunate that several committee members had experience in legislative drafting which meant they knew how to develop a general idea into an Act of Parliament – a process similar to creating a standard.

Our Committee gathered the available information on risk management.  All information, submissions and documents were copied and shared with committee members.  After going through several drafts of a standard, the Committee made enough progress to seek public comment.  To ensure maximum exposure, the representative organizations on the Committee were asked to encourage responses from their membership, advertisements were placed in the daily press seeking input from the general public, and copies were supplied to all member organisations of the International Federation of Risk and Insurance Management Associations (IFRIMA).  A total of 326 specific comments were received from 55 individuals and/or organisations.  Each comment was addressed by the Committee, which in many cases resulted in changes to the draft standard.  The final document received unanimous approval and was published in November 1995.

The strength of this time consuming and occasionally frustrating process was a final document seen as the product of interdisciplinary discussion and expertise that constituted our collective thinking on “best practice.”   We had a wide range of expertise and our members always put forward their views with vigour.  This ensured that we had some robust discussions along the way but once agreement was made on the particular word, sentence, paragraph or section, the Committee would move on to the next matter without rancour.

The success of AS/NZS 4360 is due to many individuals.  However, as with any group effort, there are always several individuals who make an exceptional difference.  I am confident that high quality of the various editions of AS/NZS 4360 and its accompanying handbooks would not have occurred but for the commitment of Dr. Dale Cooper, Professor Jean Cross, Malcomb Buchanan, Janet Gough, Grant Purdy, and Michael Parkinson.

A key feature of AS/NZS 4360 is that it is not limited to traditional insurable risk.  What led to the decision to define risk management as a multi-faceted process best facilitated by a multi-disciplinary team?​

Early on, the following questions dominated our meetings: (i) what is risk; (ii) should risk be limited to insurable risk or was it more encompassing; (iii) how is risk related to quality management; and (iv) how did risk relate to strategic management?  The strength of AS/NZS 4360 was the deliberate decision of the Committee that the standard be generic, setting out a process capable of general application to any type of risk.  The temptation to confine it to insurance-related corporate risk was firmly rejected by the Committee in favour of it being a generic process for the management of risk, independent of any specific industry or economic sector.  Here is the original process as it was issued in 1995:

Picture
A second version of AS/NZS 4360 was released in March 1999.   What were the key refinements in the second version and how did they come about?

The second edition of AS/NZS 4360 used the same definition of "risk" as the original standard and risk identification remained a separate stage from risk assessment.  However, we looked at the work of the Canadians and incorporated the need to “communicate and consult” as the final step in the process.   We also sought to clarify the important concept of “establish the context.”  This meant adding types of context (strategic, organic, risk management) and the idea of developing applicable criteria for the risk management objective.  Here is the more expansive risk management process that was released in 1999: ​
Picture
It is worth noting that by the turn of the century, interest in risk management, especially as a tool for enterprise risk management, was growing not only in Australia and New Zealand but internationally.  Apart from the revised AS/NZS 4360:1999 and its related Handbooks, a number of important works were being published across the world including the following documents:  
  • Canadian Standards Association Risk Management: Guideline for Decision-Makers CAN/CSA-Q850-1997;
  • Japanese Standards Association Draft Risk Management System Standard JIS/TR-Z0001 of November 1997; 
  • Financial Reporting of Risk - Proposals for a Statement of Business Risk, Institute of Chartered Accountants in England & Wales 1998; and
  • Learning about Risk: Choices, Connections and Competencies (July 1998), Canadian Institute of Chartered Accountants.
A third and final version of AS/NZS 4360 was released in 2004.  What important changes were introduced in the third version?

We introduced a number of important changes as learned from other organizations starting with the work of ISO in 1998 to develop a specific publication on risk management terminology which would be released in 2002 as ISO/IEC Guide 73: 2002 Risk Management – Vocabulary – Guidelines for Use in Standards.  Specifically, this work led to our revised definition of “risk” and shift away from a certainty-based approach (“will” in the 1995 and 1999 editions) toward chance and uncertainty as set forth below:

… the chance of something happening that could have an impact on objectives …
Note 1: A risk is often specified in terms of an event or circumstance and the consequences that may flow from it.
Note 2: Risk is measured in terms of a combination of the consequences of an event and their likelihood 
Note 3: Risk may have a positive or a negative impact.
Note 4: See ISO/IEC Guide 51, for issues related to safety.


Other changes included broadening the term "risk assessment" to cover risk identification, risk analysis, and risk evaluation.

An area that received much attention was whether we should adopt the ISO concept of probability in lieu of “likelihood” as used in our standard.  Many of our members felt that the concept of probability created unnecessary confusion.  Ultimately, our committee decided to retain “likelihood" and to add the following discussion to section "1.4 Terminology and translation" in the Standard:

The English-language version of this Standard uses the word “likelihood” to refer to the chance of something happening, whether defined, measured or estimated objectively or subjectively, or in terms of general descriptors (such as rare, unlikely, likely, almost certain), frequencies or (mathematical) probabilities. ​

ISO/IEC Guide 73 uses the word ‘probability’, in this general sense, to avoid translation problems of ‘likelihood’ in some non-English languages that have no direct equivalent. Because ‘probability’ is often interpreted more formally in English as a mathematical term, ‘likelihood’ is used throughout this Standard, with the intent that it should have the same broad interpretation as ‘probability’ as defined in ISO/IEC Guide 73. 


We chose this explanation because AS/NZS 4360 had been translated into several non-English language editions. 

A major step forward in the 2004 edition was the inclusion of how to “develop criteria” in the first step of “establishing the context.”  Another significant change from previous versions was the removal of the Informative Appendixes from the back of the 2004 edition.  The Informative Appendixes had provided examples of likelihood, consequence and risk rating tables and other material to help users introduce risk management to their organisation.  

We deleted the appendixes because of two unforeseen problems.  First, users tended to just cut and paste them into their process and then find that they needed modification to actually apply and use them within their organisation.  Second, auditors would qualify their reports because the tables had been tailored to meet the needs of the organisation and therefore were not identical to what was in the Standard, ignoring the fact that they were advisory. 

Here is the revised process known as AS/NZS 4360:2004:
Picture
Felix Kloman in his monthly publication Risk Management Reports, Volume 31, Number 11 of November 2004, described AS/NZS 4360:2004 as follows: 

“The Aussies and Kiwis have just finished their latest modification and they’ve done a superb job again!  AS/ NZS 4360:2004 was and still remains the clearest and most concise guideline yet published. Its text, only 28 pages, is a model of brevity." 
“It is expressed in simple and basic English, free from business jargon.  Because its approach is generic, it applies to all forms of organizations. AS/NZS 4360:2004 will become a handy, notated and dog-eared reference on the desk of anyone who practices this discipline. "

“Furthermore, as the standard is generic and requires adaptation to a specific organization, it avoids the complaint that standards are ‘dangerous’ because they can stimulate unneeded legislation and regulations. True, risk management is still evolving, but these guidelines, already in their third evolution, help any organization to begin and modify the process. "

“… These are but minor caveats for a superb statement of the nature and process of our discipline. As I stated before, this document belongs as a working guide for all practicing risk managers: don’t even think of stuffing it into a bookcase.” 


I agree with Kloman’s assessment – to me, AS/NZS 4360:2004 met a global need for a generic guide, especially for the adoption of ERM as a risk management process for public and private organizations of all sizes.

0 Comments



Leave a Reply.

    Authors

    Lori Siwik and Mark Siwik are the founders of SandRun Risk.  They apply the principles of vertical leadership and lean six sigma to the discipline of risk management.  From time to time they share their blog with guest authors who write about important risk management principles.

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    Archives

    May 2022
    December 2021
    September 2021
    August 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    June 2017
    May 2017
    March 2017
    December 2016
    November 2016
    October 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    June 2015
    May 2015
    April 2015
    March 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    May 2014
    April 2014
    March 2014

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    RSS Feed

What We Do.

Risk Management
Insurance Claims
Insurance Archaeology

Blog.

About.

Team
Our Company
Articles

Contact.

Legal.

Privacy
Terms of Use
 
Copyright ©2014 | 4199 Kinross Lakes Parkway, Ste. 275 Richfield, Ohio 44286 | 216-609-3940 | info@sandrunrisk.com