(216) 609-3940
SandRun Risk
  • Home
  • What We Do
    • Risk Management
    • Insurance Claims
    • Insurance Archaeology
  • Blog
  • About
    • Team
    • Our Company
    • Articles
  • Contact

ERM in the Age of Pandemics: History Lessons for Business Leaders – Part VIII (Creating the First Version of ISO 31000 from 2004 to 2009)

4/7/2020

0 Comments

 
Picture

​During the period of 2004 to 2009, the Australian-New Zealand standard for enterprise risk management  (AS/NZS 4360) was converted to a global ERM standard known as ISO 31000. In this section, we take a closer look at this five-year period that would propel ISO 31000 into becoming the most well-known standard for creating and implementing an ERM framework within organizations.

“Teaching the world to be careful is a constructive service worthy of God’s great gift of life to man.” - Attributed to U.S. Supreme Court Justice Harold H. Burton, 1946

As we continue to learn the story behind the creation of ISO 31000 - the most well-known ERM model used globally – it is useful to remember why so much effort was expended to create an ERM framework applicable for all types of organizations and the critical role played by the International Organization for Standardization (“ISO”). Again, ISO is a global organization comprised of national standards bodies (The American National Standards Institute (“ANSI”) is the United States member of ISO), that represent more than 119 countries around the world. ISO standards development is conducted through technical committees that focus on a developing an agreed way of doing something (making a product, managing a business process, providing a service, supplying a product etc.). While standards generally represent minimum levels of acceptability and are voluntary, adherence helps confirm that products, services, and management systems are safe, reliable, and of good quality.

ISO 31000 is a type of voluntary standard in the category of business process or management system. That is, it provides a model of ERM for an organization to follow when setting up and operating a system for ERM. As explained previously, the standards organizations in Australia and New Zealand released their ERM model (AS/NZS 4360) in 1995 and updated it in 1999 and 2004. From the beginning, AS/NZS 4360 stimulated discussion around the world about ERM as it was translated and considered by a variety of countries. Discussions about making AS/NZS 4360 an ISO global standard occurred on and off beginning in 1995 through 2004. Persistence paid off in June 2005 when the ISO Technical Management Board (“TMB”) established an ad hoc working group from 25 different countries to create a global standard for ERM. This working group would not become a permanent Technical Committee (TC 262) until 2012 – a step that would ensure ongoing development and revision of ISO 31000 well after its first publication in 2009.

Understanding IS0 31000 boils down to learning about four key attributes. First, ISO 31000 retains the risk management process of AS/NZS 4360 which consists of five process steps and two continuing stages. The first process step is evaluate the context which means consideration of all relevant aspects of the overall business environment such as objectives, timing and location etc. The next three process steps relate to risk assessment which includes risk identification (what could happen, when, how, why, and involving who), risk analysis (evaluate magnitude, consequences, and controls), and risk evaluation (decide which risks should be treated and in what order of priority).  Risk treatment is the fifth process step and it involves the selection of controls which typically consist of the following options:
  • avoiding the risk by deciding not to start or continue with an activity that gives rise to the risk;
  • taking or increasing the risk in order to pursue an opportunity;
  • removing the risk source;
  • changing the likelihood;
  • changing the consequences;
  • sharing or addressing the financial consequences of risk with another party or parties (including use of contracts, insurance, and risk financing (bonds, captives etc.); 
  • retaining the risk by informed decision.

Throughout these five process steps, the activities of communication and consultation with appropriate stakeholders and monitoring and review through documentation and recording are practiced on an ongoing basis.

The second key attribute of ISO 31000 is the attempt to shift the focus of risk management away from a narrow view of safety and loss avoidance to a more neutral view of risk. This shift came about in the revision and republication of ISO/IEC Guide 73:2002 Risk Management – Vocabulary as ISO Guide 73:2009 – Risk Management – Vocabulary. In the 2009 Guide, risk is defined as the effect of uncertainty on objectives. Uncertainty is explained as having insufficient information related to, understanding or knowledge of, an event, its consequence, or likelihood. This change in definition reflected a shift from thinking about risk as the management of adverse events toward an approach of envisioning risk and ERM as helping an organization optimize decision-making so that achieving objectives becomes more likely.

The third and fourth key attributes of ISO 31000 relate to the adoption of conceptual principles for the practice of ERM and the creation of a framework on how organizations can best adopt and use ISO 31000, including the role of senior leadership. The principles – eleven in number – are a set of performance criteria that can help benchmark how effective ERM is within an organization. In another improvement over AS/NZS 4360, the principles for the first time in the field of risk management anticipate that senior management will help ensure that ERM becomes a part of the organization’s overall system of management. How senior management goes about adopting and using ERM is put forth in ISO 31000 as a framework which is a confusing term – in reality, the architects of ISO 31000 were describing a repetitive or iterative process of designing, implementing, monitoring, reviewing, and continually improving the practice of ERM.

Below is a summary overview of the key attributes of ISO 31000. The 11 foundational principles for adopting and using ERM are set forth in the left column, the framework for implementation and use of ERM is depicted in the middle column, and the day-to-day risk management process, is described in the right column.

Picture
​The next section will examine the revision of IS0 31000 which was released in February 2018.  

0 Comments



Leave a Reply.

    Authors

    Lori Siwik and Mark Siwik are the founders of SandRun Risk.  They apply the principles of vertical leadership and lean six sigma to the discipline of risk management.  From time to time they share their blog with guest authors who write about important risk management principles.

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    Archives

    March 2023
    February 2023
    May 2022
    December 2021
    September 2021
    August 2021
    July 2021
    June 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    June 2017
    May 2017
    March 2017
    December 2016
    November 2016
    October 2016
    August 2016
    July 2016
    June 2016
    May 2016
    April 2016
    March 2016
    February 2016
    January 2016
    December 2015
    November 2015
    October 2015
    September 2015
    August 2015
    June 2015
    May 2015
    April 2015
    March 2015
    January 2015
    December 2014
    November 2014
    October 2014
    September 2014
    May 2014
    April 2014
    March 2014

    Categories

    All
    Insurance Claims
    Mergers And Acquisitions
    Risk Management

    RSS Feed

What We Do.

Risk Management
Insurance Claims
Insurance Archaeology

Blog.

About.

Team
Our Company
Articles

Contact.

Legal.

Privacy
Terms of Use
 
Copyright ©2014 | 4199 Kinross Lakes Parkway, Ste. 275 Richfield, Ohio 44286 | 216-609-3940 | [email protected]