ISO 31000:2018:2018 Risk Management (R)
ISO 31000:2018 was originally published in 2009 and an updated version was published in February 2018. However, the overall purpose of ISO 31000:2018 remains the same – integrating the management of risk into a strategic and operational management system. The 2018 version is very similar to the original version, but the following bullet points identify the main changes for the 2018 version of the guidelines:
- The principles of risk management have been reviewed, as these are the key criteria for successful risk management;
- The importance of leadership by top management is highlighted, as is the integration of risk management, starting with the governance of the organisation;
- Greater emphasis is placed on the iterative nature of risk management, because new knowledge and analysis leads to revision of processes, actions and controls; and
- The content is streamlined with greater focus on sustaining an open systems model to fit multiple needs and contexts. ISO 31000:2018:2018 Risk Management – Guidelines
“A lot of the complicated language has been eliminated, so the text is leaner and more precise. The new draft is shorter, but it gains in clarity and precision and is much easier to read. It includes improvements, such as the importance of human and cultural factors in achieving an organisation’s objectives and an emphasis on embedding risk management within the decision-making process.”As with all ISO standards and guidelines, the first substantive section defines key terms. A total of eight terms are defined, including the definition of risk as “the effect of uncertainty on objectives”. This definition is clarified by a note to the definition stating that risk is usually expressed in terms of risk sources, potential events, their consequences and their likelihood. The new version of ISO 31000:2018 is shorter than the earlier version, and it presents a high-level overview of risk management and how a risk management initiative can be implemented. ISO 31000:2018 suggests that effective risk management is characterised by principles, framework and process. This may present the risk professional with a challenge when seeking to produce an implementation plan or checklist for their risk management initiative based on ISO 31000:2018.ISO 31000:2018 states that managing risk is based on the principles, framework and process described in the guidelines. It also states that these principles and components might already exist in full or in part within an organisation, but they might need to be adapted or improved so that managing risk is efficient, effective and consistent.