Presentation by Jan Mattingly, ISO 31004 Work Group, September 24, 2013, Chicago, Illinois

1. Exploring Common Paths in Risk
Management

Risk Management Perspectives in ISO
Standardization Experience

2. Overview



Risk Management Standards & ISO
Development challenges and successes
Looking Ahead: exploring shared
perspectives
2

3. ISO Standards Development –
An Opinion





Governance structures, directives, tools and
guidance exist to support standards development
There are various types of standards’ products
Development process has many checks and
balances to ensure country and stakeholder
feedback: it ain’t perfect!
All work is done by volunteers nominated by
their national technical committee and endorsed
by each country’s national standards bodies:
discussion can be colorful, exciting and heated!
Developing products takes time because of the
create-feedback-review cycle:
3

4. ISO Standards & Risk Management
The ISO community is very gradually moving
towards harmonization in risk management
expectations, terminology but progress is slow,
still fragmented
◦
◦
◦
◦
ISO 31010
Guide 73
ISO 22301
Etc.
Within the ISO context Technical Committee 262 is
seen as a natural home for risk management but
it is only ONE ISO home. ISO is at the early stage
of harmonization on risk management activity.
4

5. Sample Successes

Publication of ISO 31000 in 2009 – Risk
Management Principles and Guidelines
◦ Globally popular
◦ Early feedback that it has helped




Update of Guide 73 – Risk Management
Terminology in 2009
Technical Committee established 2012 by ISO’s
Technical Management Board
Liaisons established with some other ISO
committees to help harmonize risk management
expectations, etc.
Upcoming publication of ISO 31004 – Guidance
for Implementation of ISO 31000: October 2013
5

6. Challenges







Understanding who our primary audience is and
is not
Communicating the value of the risk
management standard
Streamlining standards development processes
Applying good practices in engaging and
monitoring stakeholders throughout
development
Promoting regional cooperation
Varying capacities of standards bodies
Risk management as a lever for innovation
6

7. Looking Ahead – Exploring Shared
Perspectives
1.
2.
3.
Coherent expectations: Would it be helpful
to organizations to have a coherent
understanding of what is expected as part
of ‘good risk management practice’?
Better practice in risk management: can we
share and consolidate our knowledge to
help organizations
Roles/Responsibilities: can we help
organizations with a common approach to
establishing who does what? (See attached
sample)
7

8. Framework Design: Clarifying Who Does What
(Based on the Institute of Internal Auditors
Position Paper www.theiia.org)
(Sample Organization)
Core internal audit roles in regard to ERM
Legend
Proposed Planning role
Proposed ERM Leadership Roles
Legitimate internal audit roles with safeguards
Audit/evaluation Role
Proposed Business Unit Role
Roles internal audit should not undertake
Risk Oversight Role
Legal
The adaptation and use of this graphic as a tool for ERM design and implementation is
copyrighted to RiskResults Consulting Inc. 2010 ©
8

9. Conclusion

We have similar
challenges
◦ Value proposition of our
respective auditing and
risk management
functions

We have a major
common objective
◦ helping organizations to
achieve their objectives
One Road: How can we pull together, on what
topics, to help organizations worldwide improve
performance?
9

10. Jan Mattingly
RiskResults Consulting Inc.
www.riskresults.ca
T/M: 613-286-6885
Email: jmattingly@riskresults.ca