New SO standard for effective management of risk

A new nternational Standard, ISO 31000:2009, Risk management - Principles and

guidelines, will help organizations of all types and sizes to manage risk effectively.
SO 31000 provides principles, framework and a process for managing any form of risk in a transparent,
systematic and credible manner within any scope or context.
At the same time, SO is publishing ISO Guide 73:2009, Risk management vocabulary, which
complements SO 31000 by providing a collection of terms and definitions relating to the management of
risk.
Kevin W. Knight AM*, Chair of the SO working group that developed the standard explains, "All
organizations, no matter how big or small, face internal and external factors that create uncertainty on
whether they will be able to achieve their objectives. The effect of this uncertainty is 'risk' and it is inherent in
all activities.
"n fact, he continued "it can be argued that the global financial crisis resulted from the failure of boards and
executive management to effectively manage risk. SO 31000 is expected to help industry and commerce,
public and private, to confidently emerge from the crisis.
The standard recommends that organizations develop, implement and continuously improve a risk
management framework as an integral component of their management system.
"SO 31000 is a practical document that seeks to assist organizations in developing their own approach to
the management of risk. But this is not a standard that organizations can seek certification to. By
implementing SO 31000, organizations can compare their risk management practices with an internationally
recognized benchmark, providing sound principles for effective management. SO Guide 73 will further
ensure that all organizations are on the same page when talking about risk, said Mr. Knight.
SO 31000 is designed to help organizations:
ncrease the likelihood of achieving objectives
Encourage proactive management
Be aware of the need to identify and treat risk throughout the organization
mprove the identification of opportunities and threats
Comply with relevant legal and regulatory requirements and international norms
mprove financial reporting
mprove governance
mprove stakeholder confidence and trust
Establish a reliable basis for decision making and planning
mprove controls
Effectively allocate and use resources for risk treatment
mprove operational effectiveness and efficiency
Enhance health and safety performance, as well as environmental protection
mprove loss prevention and incident management
Minimize losses
mprove organizational learning
mprove organizational resilience.
SO 31000 and SO Guide 73 can be applied to any public, private or community enterprise, association,
group or individual. The documents will be useful to:
Those responsible for implementing risk management within their organizations
Those who need to ensure that an organization manages risk
Those needing to evaluate an organization' practices in managing risk
Developers of standards, guides procedures and codes of practice relating to the management of risk.
Both documents were developed by the SO Working Group on Risk Management