First a confession. We say that we’ve been using ISO 31000 for a ten or so years.
Say what? ISO 31000 was developed in 2009. How can you been using the standard since 2006. OK, technically you’re right. But, we’ve been using AS/NZS 4360 since 2006. The Australian and New Zealand risk management standard was developed in 2004. Most importantly, ISO 31000 has a strong ‘look and feel’ to AS/NZS 4360. Continue reading
We have conducted hundreds of risk assessments in a number of sectors from homeland security to pension funds to Parks and Recreation departments. We have a number of hard lessons learned. These are some common mistakes we have made and seen: Continue reading
ISO 31K and COSO ERM are the two competing risk management frameworks? ISO 31K is the national standard for many countries. However, COSO ERM is the de facto risk standard for many global and publicly listed companies.
We have used both. There are differences. However, the similarities outweigh the differences. And, the critical question is:
So, can ISO 31000 and COSO ERM work together?
Yes. The COSO definition of control supports and reinforces ISO 9001:2015 control requirements, specifically both frameworks are: Continue reading
This is the #1 question for CB’s with the new revision of ISO 9001:2015 standard. Most management experts acknowledge that ISO 9001:2015 is a significant change.Auditability implies consistent outcomes from auditing management systems. If outcomes are different among CB’s, then the quality of the assessment and the reliance on the outcomes may be called into question. Continue reading