The document discusses the integration of ISO 31000:2009 as a key risk management standard globally, adopted by 57 countries, and highlights the ongoing revision process to ensure its relevance. It outlines working groups addressing specific risks such as legal and supply chain risks and suggests that national bodies can propose derivative standards. The document calls on users of standards to communicate their needs to national standards bodies and provides a list of available guidance documents.

1. Global trends and the need for integrated risk management in crisis conditions
Status update on ISO31000:2009 and the work of TC262
Kevin W Knight AM
Chairman,
ISO/TC 262 – Risk Management
04.04.2016
Special Professional Forum
NEW HORIZONS IN CORPORATE RISK
MANAGEMENT
Noviy Arbat Street 36/9 Moscow
Government Building
04-05 APRIL 2016

2. Global trends and the need for
integrated risk management in crisis
conditions
• ISO 31000 adopted as a National Standard by 57 countries
• Majority of G8 and G20 economies and the BRIICS nations
• Used extensively within the UN Disaster community as
part of Disaster Management programmes
• ISO, IEC and UN Agencies working together to develop
harmonisation with respect to Terms and Definitions

3. Revision of ISO 31000 Underway
Past year has seen considerable
debate over how to ensure ISO 31000
remains a useful and relevant generic
guidance Standard.
IEC/TC 56 currently reviewing IEC/ISO
31010:2009.
ISO Guide 73:2009 will be updated to
reflect the review of ISO 31000 and
development of associated Standards

4. Revision of ISO 31000 Underway
The discussions have resulted in a:
• Design Specification, that includes inputs
from ISO/TC 262 Working Group 2 and its
Task Groups;
• Document covering issues discussed at
recent meetings;
• Document addressing comments received
from National Mirror Committees;
• Committee Draft 2 of ISO 31000:201X

5. The CD 2 has been out for three
months with the National Mirror
Committees for comment only and
the DS and other documents were
included as informative
references.
Revision of ISO 31000 Underway

6. Revision of ISO 31000 Underway
All comments received from
National Mirror Committees is
being addressed by ISO/TC 262
WG 2 as we speak with a view to
the issue of a Committee Draft for
comment and voting in mid 2016.

7. ISO 31000 and specific needs
ISO/TR 31004:2013 Risk management - Guidance
for the implementation of ISO 31000
Working Groups have been
established to address:
Managing Disruption related risk
- Working Group 3
Managing Supply chain risk
- Working Group 4
Managing Legal risk
– Working Group 5

8. Is there a need for a 31000 derivative
to address risk in Management System
Standards
ISO/TC 262 has discussed this at its last meeting and the general
consensus was that such a document was not supported by the TC.
National Standards Bodies may of course disagree with this view and
can submit a NWIP for such a document to be developed.
Might I suggest:
SAA HB 158 (Rev):2010 Delivering assurance based on ISO 31000:2009
Risk Management, Standards Australia, 16 November 2010
as an alternative.

9. Can ISO 31000 be modified to meet the
needs of large and multi-national
organisations
This is an area open to debate given ISO 31000 is a
generic guidance Standard that should be tailored
to meet the needs of the organisation and reflect the
human factors of the management, it can be argued
that there is no need for such a document.
However like the question of ISO 31000 and
Management System Standards a NSB is still at
liberty to provide a NWIP for a more specific
Standard about the management of risk in large and
multi-national organisations.

10. What Next?
This is up to YOU the users of
Standards.
Let your National Standards Body know
what Standards you want to help you
and become involved.

11. The following guidance documents are available online from:
http://infostore.saiglobal.com/store/
ISO Guide 73:2009 Risk management — Vocabulary
ISO/TR 31004:2013 Risk management - Guidance for the implementation of ISO
31000, ISO, 11.10.2013. (Also published on 30.11.2013 by BSI as PD ISO/TR
31004:2013)
IEC 62198 Ed.2.0 (2013), Managing risk in projects—Application guidelines.
BS 31100:2011 Risk management. Code of practice and guidance for the
implementation of BS ISO 31000, British Standards Institute,
ISBN:978 0 580 71607 2, 30 06 2011
CSA Q31001:2011 Implementation Guide To CAN/CSA-ISO 31000, Risk
Management - Principles And Guidelines, Canadian Standards Association,
01 03 2011.
NWA 31000:2010 National Guidance on Implementing I.S. ISO 31000:2009 Risk
Management - Principles and Guidelines, National Standards Authority of Ireland,
05.03.2010.
Swift Compendium for Business,
National Standards Authority of Ireland/Institute of Directors in Ireland 10.03.2010.

12. The following guidance documents are available online from:
http://infostore.saiglobal.com/store/
ÖNORM ONR 49002-1:2010 Risk Management For Organizations And Systems -
Part 1: Guidelines For Embedding The Risk Management In The Management
System – Implementation Of ISO 31000,
Austrian Standards Institute, 01.01.2010
ÖNORM ONR 49002-2:2010 Risk Management For Organizations And Systems -
Part 2: Guideline For Methodologies In Risk Assessment – Implementation Of ISO
31000, Austrian Standards Institute, 01.01.2010
ÖNORM ONR 49002-3:2010 Risk Management For Organizations And Systems -
Part 3: Guidelines For Emergency, Crisis And Business Continuity Management -
Implementation Of ISO 31000,
Austrian Standards Institute, 01.01.2010
SA/SNZ HB 436-2013 Risk Management Guidelines - Companion to AS/NZS ISO
31000:2009, Standards Australia/Standards New Zealand,
ISBN 978 1 74342 633 3, 16.12.2013.
ISO 31000 - Risk Management - A practical guide for SME's; International
Organization for Standardization, International Trade Centre, and the United Nations
Organization for Industrial Development; ISBN 978-92-67-10645-8. Available through:
http://www.iso.org/iso/publication_item.html?pid=PUB100367

13. The following Australian/New Zealand documents are available online from:
http://infostore.saiglobal.com/store/
AS/NZS ISO 31000:2009 Risk management — Principles and guidelines
SA/SNZ HB 89:2013 Risk management - Guidelines on risk assessment techniques,
Standards Australia/Standards New Zealand, ISBN 978 1 74342 644 9, 18.12.2013.
AS/NZS 5050:2010 Business continuity—Managing disruption related risk
AS/NZS IEC 62198:2015- Managing risk in projects - Application guidelines,
Standards Australia/Standards New Zealand, ISBN 978 1 74342 952 5, 23.01.2015
SAA HB 141 (Rev):2011 Risk Financing Guidelines, Standards Australia, 06.05.2011
SAA HB 158 (Rev):2010 Delivering assurance based on ISO 31000:2009 Risk
Management, Standards Australia, 16.11.2010
SAA/NZS HB 203:2012 Managing Environment-related risk, Standards
Australia/Standards New Zealand, ISBN 978 1 74342 059 1, 30.03.2012.
SAA/NZS HB 246 (Rev):2010 Guidelines for Managing Risk in Sport and Recreation,
Standards Australia/Standards New Zealand, 18 August 2010
SAA HB 266:2010 Guide for managing risk in Not-For-Profit organisations,
Standards Australia,13 August 2010
SAA/NZS HB 327:2010 Communicating and consulting about risk, Standards
Australia /Standards New Zealand, ISBN 978-0-7337-9346-2, Standards Australia,
2010

14. The following Handbooks are currently being
revised to bring them into harmonisation with
AS/NZS ISO 31000:2009: -
SA HB 205-201X OHS Risk Management Handbook,
to be retitled Managing Safety Related Risk,
Standards Australia.
SA HB 254-201X Governance, risk management and
control assurance, Standards Australia.
The following Handbook is currently being
developed and is based on AS/NZS ISO 31000:2009:
SA/SNZ HB 470-201X Making Decisions About Risks

15. The following Handbooks based on the superseded AS/NZS 4360:2004 require revision to
bring them into harmonisation with AS/NZS ISO 31000:2009: -
HB 167:2006 - Security risk management, Standards Australia/Standards New
Zealand.
SAA HB 231:2004 Information Security Risk Management Guidelines, Standards
Australia.
SAA HB 240-2004 Guidelines for Managing Risk in Outsourcing using the AS/NZS
4360:2004 Process, Standards Australia.
SAA/NZS 221:2004 Business Continuity Management,
Standards Australia/Standards New Zealand.
SAA HB 292:2006 A Practitioners Guide to Business Continuity Management
Standards Australia (2006)
SAA HB 293:2006 An Executive Guide to Business Continuity Management
Standards Australia (2006)
(NOTE: HB’s 221, 292 & 293 have been superseded by AS/NZS 5050:2010. A new HB is
being developed as a companion to AS/NZS 5050:2010)
SA HB 296:2007 Legal Risk Management, Standards Australia (2007), ISBN 0 7337 8295 7.