(216) 609-3940
SandRun Risk
  • Home
  • What We Do
    • Risk Management
    • Insurance Claims
    • Insurance Archaeology
  • Blog
  • About
    • Team
    • Our Company
    • Articles
  • Contact

Enterprise Risk Management:  A Primer for Business Leaders – Part VI (The Genesis of ISO 31000 in Australia and New Zealand)

2/18/2020

0 Comments

 
Picture

​The story of ISO 31000 – the best known ERM Standard – begins in 1992 with the collaborative effort of Standards Australia and Standards New Zealand.  This article focuses on the important work between 1992 and 2004 by these organizations and how their ERM model known as AS/NZS 4360 became the foundation of ISO 31000.

“Although the original 1995 edition of the AS/NZS 4360 standard was developed from earlier risk-management ideas and processes, it was nonetheless groundbreaking as the first standard published on risk management.”
​- 
Chris Pearce, Standard and Deliver, The Safety of Health Practitioner, p. 44 (Oct. 16, 2009)

“The only true voyage of discovery, the only fountain of Eternal Youth, would be not to visit strange lands but to possess other eyes, to behold the universe through the eyes of another, of a hundred others, to behold the hundred universes that each of them beholds, that each of them is[.]” - French novelist Marcel Proust, Remembrance of Things Past, vol 5. (1923)

In the previous section, we explained that in 1992, Standards Australia and Standards New Zealand, two national organizations working in the field of standardization, created a Joint Technical Committee on Risk Management (“OB/7”) that would publish the first known standard for enterprise risk management:  AS/NZS 4360.  First published in 1995, AS/NZS 4360 would be revised and reissued in 1999 and 2004.  After 2004, AS/NZS 4360 became the building blocks of ISO 31000 which was published in November 2009.  In this section, we highlight important aspects of the process for developing AS/NZS 4360 as well as key features of this first ERM standard.

Let’s start with highlighting the important aspects of the developmental process for AS/NZS 4360.  As with any endeavor, it helps to get the right people in the room.  The technical committee – OB/7 – that did the work was comprised of approximately 30 members who represented 21 different industry, professional and governmental organizations.  Naturally, traditional risk management professionals (e.g., insurance managers, insurance brokers etc.) served on the committee but such professionals were outnumbered by peers with backgrounds in government, safety, technology, engineering, finance, planning, and academia.  The wide set of knowledge, skills and experience on OB/7, in turn, had the beneficial consequence of ensuring that the ERM process was not overly narrow and would be seen as a generic process capable of broad application regardless of industry or economic sector.  

In addition to broad application, a generic process has a second virtue.  Any effective organization-wide process such as ERM must be accessible and useable by people with little formal training in the underlying subject regardless of whether such people are senior leaders, line managers, or employees carrying out day-to-day operations.  Proceeding in this manner forces the use of clear and concise language, free from business jargon, and increases the likelihood that the ERM standard will serve as a meaningful “living guide” to promoting the health and well-being of the organization.

Before turning to an overview of AS/NZS 4360, there is an additional aspect of the developmental process for AS/NZS 4360 that merits attention:  ongoing interdisciplinary collaboration.  This interdisciplinary collaboration began at the outset of the developmental process with the gathering of all available information on risk management.  It continued during the drafting phase which some committee members likened to the process of legislative drafting.  Moreover, the drafting phase was enlarged to include a period of public comment that led to additional input and refinement of the ERM model.  Once the drafting phase was completed and the initial model of AS/NZS 4360 was released in 1995, the interdisciplinary collaboration continued through the creation of guidelines and handbooks that explained how AS/NZS 4360 could be applied to a wide range of subjects such as the public sector, the environment, business continuity management, and healthcare.  All of this activity, in turn, led to continued learning and refinement of AS/NZS 4360 and the issuance of revised versions in 1999 and 2004.  The lesson in all of this is that ERM – when practiced well – becomes an evolutionary activity that grows organically with the organization.  

In summarizing the key attributes of AS/NZS 4360, the model is best understood as containing five process steps:  (i) establish the context, (ii) identify risks; (iii) analyze risks; (iv) evaluate risks and (v) treat risks; and two continuing stages:  (i) communicate and consult, and (ii) monitor and review.  Further, the emphasis, whether intended or not, is on managing negative risk (i.e., threats and vulnerabilities) which we previously defined as decreasing the probability and severity of bad things happening.  Below is a depiction of AS/NZS 4360 as it first appeared in 1995: 
​

Picture
Below is a depiction of AS/NZS 4360 as it appeared in 1999.  An important change from the earlier model was the introduction of the continuing stage of “communicate and consult” and the shifting of “development criteria” to the first process stage of “establish the context.”  Note also the enlarged definitions of the five process steps.
Picture
A third and final version of AS/NZS 4360 was released in 2004.  Significant changes included the formal adoption of the term risk assessment as way of describing the second, third and fourth process steps covering risk identification, risk analysis and risk evaluation.  A number of explanatory appendixes that provided “working examples” of AS/NZS 4360 were also deleted because too many organizations were simply copying the examples instead of tailoring AS/NZS 4360 to their needs and circumstances.  Below is a depiction of the 2004 version.
Picture
​In the next section, we will look at the history of how AS/NZS 4360 became ISO 31000.

0 Comments



Leave a Reply.

    Authors

    Lori Siwik and Mark Siwik are the founders of SandRun Risk.  They apply the principles of vertical leadership and lean six sigma to the discipline of risk management.  From time to time they share their blog with guest authors who write about important risk management principles.

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    Archives

    March 2023
    February 2023
    May 2022
    December 2021
    September 2021
    August 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    June 2017
    May 2017
    March 2017
    December 2016
    November 2016
    October 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    June 2015
    May 2015
    April 2015
    March 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    May 2014
    April 2014
    March 2014

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    RSS Feed

What We Do.

Risk Management
Insurance Claims
Insurance Archaeology

Blog.

About.

Team
Our Company
Articles

Contact.

Legal.

Privacy
Terms of Use
 
Copyright ©2014 | 4199 Kinross Lakes Parkway, Ste. 275 Richfield, Ohio 44286 | 216-609-3940 | [email protected]