More ISO management systems are incorporating RBT and risk, so the ISO 31000 standard is becoming a ‘must know’ standard. ISO 31000 risk management principles, risk management framework, and risk management process are the preferred tools to use with ISO management systems because ISO 31000:
- Is a risk management framework. ISO 31000 has the critical elements of a risk framework, including a focus on culture, risk philosophy, risk definitions, common risk approach, common risk processes, defined roles and responsibilities, importance of accountability, risk competencies, and organizational risk appetite.
- Is harmonized with other ERM standards and frameworks. While the standard does not map 1 to 1 with more comprehensive ERM frameworks, it offers many of the critical elements to start the RBT journey.
- Follows a PDCA framework that can be applied to any ISO management system standard.
- Offers the option of a simple risk assessment, risk management (ERM light) or enhanced risk management program (ERM medium light). These options can be used in the RBT journey for certified organizations to mature and make risk processes more capable.
- Follows an enterprise wide approach to risk management considering the potential impact of risks on critical management systems, processes, stakeholders, product development, stakeholders, outcomes, products, and services.
- Is a process that is based on a set of unified risk management principles.
- Is supported by a structure that is appropriate to organizational context, external environment, and internal environment.
- Is supported by a risk taxonomy and risk vocabulary that is appropriate to ISO management systems.
- Addresses the upside (opportunity risk) as well as the downside (consequence risk).
- Follows the achievement of business objectives approach based on organizational risk appetite.
- Focuses on risk controls as well as other risk treatment options and mitigations.
- Allows an organization to identify, prioritize, and control significant risks.
- Allows an organization to develop monitoring and risk assurance processes.
Bio:
Greg Hutchins PE and CERM (503.233.101 & GregH@QualityPlusEngineering.com) is the founder of:
CERMAcademy.com
800Compete.com
QualityPlusEngineering.com
WorkingIt.com
He is the evangelist behind Future of Quality: Risk®. He is currently working on the Future of Work and machine learning projects.
He is a frequent speaker and expert on Supply Chain Risk Management and cyber security. His current books available on all platform are shown below: