#115 – ISO 31000 – LET THE FUN BEGIN! – GREG HUTCHINS

Greg Hutchins pixFirst a confession.  We say that we’ve been using ISO 31000 for a ten or so years.

Say what?  ISO 31000 was developed in 2009.  How can you been using the standard since 2006.  OK, technically you’re right.  But, we’ve been using AS/NZS 4360 since 2006.  The Australian and New Zealand risk management standard was developed in 2004.  Most importantly, ISO 31000 has a strong ‘look and feel’ to AS/NZS 4360.

Outside of Australia and New Zealand, there was not much interest in the standard.  Frankly, ISO 31000 didn’t have much legs either until a few years ago.

What happened?

ISO developed Risk Based Thinking (RBT) and incorporated risk into its families of standards such as ISO 9001:2015.  And, ISO elevated RBT to the same level as PDCA and Process.

One problem!

What surprised us is that ISO has NOT defined RBT.  But, what this has done is to create a lot more interest in ISO 31000 and risk management.  ISO 31000 is a risk management framework and process that has been adopted as a national risk management standard by more than 60 countries.

ISO 31000 USES
The ISO 31000 framework and process can be used for:

  • Supporting ISO 9000:2015 in the design and implementation of Risk Based Thinking (RBT).
  • Forming the basis for risk based, problem solving (RB – PS) and risk based, decision making (RB – DM).
  • Establishing the basis and foundation for Enterprise Risk Management (ERM).
  • Identifying risk stakeholders, customers, and other interested parties.
  • Identifying stakeholder risk requirements, needs, and expectations.
  • Identifying and establishing the context for designing, implementing, and assuring a risk management
  • Communicating the effectiveness of the risk management framework and risk management process to stakeholders, customers, and interested parties.
  • Becoming the organization’s process risk management guideline and reference.
  • Evolving as the guideline to evaluate upside risk as well as downside risk.
  • Designing and implementing a risk management and Enterprise Risk Management system.
  • Designing and implementing a supply risk management program.
  • Treating and managing risks.
  • Reporting and documenting the results and effectiveness of risk treatment and risk management.
  • Monitoring and reviewing risks based upon organizational risk criteria and risk appetite.
  • Certifying a risk management system.  Say what?

STAY TUNED
We are going to see a lot more Certified Bodies registering companies to IS 31000.

One problem.

It should be mentioned that ISO 31000 was NEVER intended to be a standard for management system certification.

So, let the fun begin.

Bio:

Greg Hutchins PE and CERM (503.233.101 & GregH@QualityPlusEngineering.com)  is the founder of:

CERMAcademy.com
800Compete.com
QualityPlusEngineering.com

WorkingIt.com

He is the evangelist behind Future of Quality: Risk®.  He is currently working on the Future of Work and machine learning projects.

He is a frequent speaker and expert on Supply Chain Risk Management and cyber security.  His current books available on all platform are shown below:

Leave a Reply

Your email address will not be published. Required fields are marked *