(216) 609-3940
SandRun Risk
  • Home
  • What We Do
    • Risk Management
    • Insurance Claims
    • Insurance Archaeology
  • Blog
  • About
    • Team
    • Our Company
    • Articles
  • Contact

ERM in the Age of Pandemics:  History Lessons for Business Leaders – Part VII (The Transition to ISO 31000 Begins With Vocabulary)

3/9/2020

0 Comments

 
Picture

Long before the COVID-19 pandemic, the field of standardization worked to develop a useable framework to help organizations manage risk and uncertainty in a holistic way. This article traces the conversion of AS/NZS 4360 to ISO 31000 which began in the late 1990s with an interim step to build a basic vocabulary of terms associated with managing risk.

“You can’t build a vocabulary without reading. You can’t meet friends if you … stay at home by yourself all the time. In the same way, you can’t build up a vocabulary if you never meet any new words. And to meet them you must read. The more you read the better.” - Rudolf Flesch, Author of Why Johnny Can’t Read (1955).

The previous sections told the story of how the ERM standard known as AS/NZ 4360 was developed between 1992 and 2004. After AS/NZS 4360 was revised in 2004 as part of a routine revision performed every five years, the Joint Standards Australia/Standards New Zealand Technical Committee known as “OB/7” joined with Japan to ask ISO to promote the development of an international standard for enterprise risk management. In June 2005, the ISO Technical Management Board (“TMB”) established a working group from 25 different countries. Given the decade of experience behind AS/NZS 4360, it became the first draft standard of the working group and four years later, in 2009, AS/NZS 4360 became ISO 31000.

It is not well known, however, that the effort to convert AS/NZS 4360 to ISO 31000 actually began in 1995, shortly after publication of the first version of AS/NZS 4360. These early conversion efforts in 1995-96 proved unsuccessful because there was insufficient international momentum and consensus to develop an ERM model that was inclusive of existing ideas and approaches by those working in fields commonly associated with risk management such as safety and insurance. Undeterred and wanting to collaborate and learn from others, the OB/7 Committee approached the International Electrotechnical Commission (“IEC”) which, in 1996, expressed interest. The IEC is a sister organization of ISO that prepares and publishes international standards for electrical, electronic and related technologies.

The specific part of IEC to express interest in working with the OB/7 Committee is known as IEC Technical Committee 56 (IEC TC 56), which is dedicated to the study of dependability management (defined as the practice of coordinating the reliability, maintainability, supportability, availability and other related aspects of performance). Here, within IEC TC 56, the OB/7 Committee found interest because IEC TC 56 had already been working on standards for project-based risk management. Accordingly, in 1996, AS/NZS 4360 became a New Item Work Proposal of IEC TC 56. Meanwhile, at the urging of the Japanese Standards Association, ISO continued to debate in 1997 and early 1998 about whether to pursue the creation of an ERM framework. As mentioned, much of the deliberations were about whether an ERM framework was necessary in light of preexisting work on safety and insurance. Moreover, there was also concern that an ERM framework could be potentially misused by organizations more interested in selling certification-related services than facilitating internal skill development in risk management.  

Ultimately, a middle ground was adopted. In June 1998, the ISO TMB established a working group of 12 countries to work with IEC 56. The purpose of the working group was not to develop an ERM framework but rather to take a preliminary step of creating a vocabulary of risk management terms and concepts that could promote global discussion of risk management. This vocabulary would not come to life for another four years when it was published in 2002 as ISO/IEC Guide 73:2002 Risk Management – Vocabulary – Guidelines for Use in Standards.

The Vocabulary Guidelines consist of 29 definitions across four categories: (i) 8 basic terms, (ii) 4 terms related to people or organizations affected by risk, (iii) 6 terms related to risk assessment, and (iv) 11 terms related to risk treatment and control. Simply reviewing the list of definitions across the categories is helpful to thinking about the scope and breadth of an ERM framework:

Picture
​In looking at the list of terms, two things stand out. First, most of the terms focus on the mechanics of defining, identifying, assessing and treating risk. Only four terms focus on people themselves and the organization they comprise. Second, the fact that the international standards community took a preliminary step to work on a common vocabulary is a foreshadowing of current challenges with ERM. Every organization working to manage risk in an integrated way is comprised of people with a wide range of knowledge, skills, interests and perspectives. Consequently, just getting everyone in an organization to work together to manage risk is a challenge. If people can’t agree on what risk is or how to communicate and manage the subject of risk across an organization, implementing a system for ERM will be challenging, if not impossible. In the next section, we continue telling the story of the transition from AS/NZS 4360 to ISO 31000 during the period 2004 to 2009.

(​As a reminder, ISO stands for International Organization for Standardization – an entity that was established in 1946 to serve as the global organization for the creation of voluntary international standards that support the development and maintenance of global trade.)

0 Comments



Leave a Reply.

    Authors

    Lori Siwik and Mark Siwik are the founders of SandRun Risk.  They apply the principles of vertical leadership and lean six sigma to the discipline of risk management.  From time to time they share their blog with guest authors who write about important risk management principles.

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    Archives

    May 2022
    December 2021
    September 2021
    August 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    June 2017
    May 2017
    March 2017
    December 2016
    November 2016
    October 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    June 2015
    May 2015
    April 2015
    March 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    May 2014
    April 2014
    March 2014

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    RSS Feed

What We Do.

Risk Management
Insurance Claims
Insurance Archaeology

Blog.

About.

Team
Our Company
Articles

Contact.

Legal.

Privacy
Terms of Use
 
Copyright ©2014 | 4199 Kinross Lakes Parkway, Ste. 275 Richfield, Ohio 44286 | 216-609-3940 | info@sandrunrisk.com