Life after BS 31100
A year after the publication of BS 31100,examines the progress that has been made in international risk management standards
One of the greatest aims for any organization should be to ensure that its exposure to risk is kept to a minimum so its operations are unaffected by, or can quickly recover from, any threats. This was the reason behind the creation of BS 31100, the first British standard dedicated to risk management, which was published in October 2008.
Since its launch, BS 31100 has become one of the fastest-selling British standards, showing that there is real interest in managing risk. The standard has no doubt been helped by its publication during one of the worst economic crises in living memory; a crisis that has left many organizations shell shocked and wondering what to do next. A system for dealing with risks would go a long way to helping organizations through the crisis and making sure they are more robust when they come out of the other end.
Understanding risk
Most people don’t realize that risk is an everyday phenomenon that we all take for granted. Risk is an ethereal concept: you can’t see it, smell it or hear it and most organizations often take no notice of it until it is too late. BS 31100 aims to help change that situation with an easy-to-follow structure and approach to explaining a complex subject that is usually the domain of the professional risk manager.
BS 31100 is a code of practice that provides a framework for establishing where an organization’s threats, opportunities and risks are most likely to be. It is especially useful for those coming to risk management for the first time. It is not, however, a requirement standard for risk management systems. For some time there has been discussion around the need for such a standard, and at the launch of BS 31100 a number of questions were asked concerning certification schemes for the standard.
It should be noted that all management systems standards address the awareness of threats and opportunities, together with putting the necessary systems in place to manage an organization. Each standard addresses risk in some form and if organizations need to show certification concerning their control of risk then existing standards such as ISO 9001, ISO 14001, ISO 27001, ISO 20000 and OHSAS 18001 go some way to achieving this.
One year on
In the 12 months since the publication of BS 31100, there has been considerable activity with international risk standards. ISO 31000, the new international standard on risk, is similar to BS 31100 in that it provides generic guidance to risk and is not intended for certification.
But there are some important differences. For example, BS 31100 embraces risk as an opportunity. It provides readers with instances of how and why the positive side of risk should be considered along with the negative aspects. Another difference is that BS 31100 is primarily intended to provide guidance to everyone within an organization. Although ISO 31000 provides generic guidelines, it is not intended to promote uniformity of risk management across an organization.
Other ISO standards and documents in the pipeline include ISO/IEC 31010, a supporting standard for ISO 31000. ISO/IEC 31010 will provide guidance on the selection and application of systematic techniques for risk assessment. The application of a range of techniques will be introduced, with specific references to other international standards where the concept and application of techniques are described in greater detail.
To help users with the vocabulary of these standards, ISO Guide 73 deals specifically with risk management vocabulary.
Learning lessons
The last year has seen considerable activity as the global financial downturn has pushed risk to the forefront of business agendas. The UK insurance sector, for example, has begun to take note of BS 31100 and is looking at the benefits of insuring clients with improved risk profiles.
In this post-recession world with its new acute awareness of risk, risk management standards are making their mark. These new standards are not only the starting point for those interested in risk but help existing practitioners to adopt a formal framework for controlling risk in their organizations.
About the author
John Hele is global project manager at BSI Management Systems. He has overall global responsibility for ISO 9000-related and risk products
 |
 Have an issue to raise? A question to ask? Give us your opinions now in the Online Forums. |
