Revision ISO 31000 Risk Management Standard
Standard and related guidance
The global International Organization for Standardization (ISO) Standard 31000:2009—Risk Management, published in 2009, sets out principles, a framework, and a process for managing risk that are applicable to any type of organization in the public or private sector.
Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment. However, while ISO 31000 cannot be used for certification purposes, it does provide guidance for internal or external audit programs. Organizations using it can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management and corporate governance.
In 2013, ISO published ISO/TR 31004:2013, Risk Management—Guidance for the Implementation of ISO 31000, which will help organizations smoothly align their risk management practices to ISO 31000. This technical report provides:
- A structured approach to efficiently transition existing risk management practices to ISO 31000, with a dynamic outlook to adapt to future changes;
- An explanation of the underlying concepts of ISO 31000 with advice and examples tailored to the user's individual needs; and
- Additional guidance on the ISO 31000 principles and framework for the management of risk.
Organizations from around the world have had five years to implement the standard and gain experience with it. Generally, the standard has been well received and many organizations have successfully implemented the standard. This has led to new insights but the external environment has also changed. For that reason, the Core Risk Management Standards Working Group will meet in April 2014 in London to perform a limited editorial revision of the existing standard and prepare a substantial technical revision over the longer term. Almost 40 experts from 20 countries are engaged in these projects.
Risk Management and the accountancy profession
Risk management is at the heart of the work of all professional accountants. Many professional accountants play a leading role in the management of risk in their organization or advise organizations evaluating and improving their risk management arrangements. In addition, all professional accountants deal with risk in all their daily activities.
As the global organization for the accountancy profession, IFAC actively participated in the development of the guidance for the implementation of ISO 31000 and will participate in the upcoming revisions of the standard itself. To this end, IFAC is very interested in your experiences with the standard and would like to hear from you on what, if anything, needs to be changed in the standard. Please share your comments below and we will share them with the working group. We look forward to your feedback and will keep visitors to the Gateway posted on the progress of the revision. Many thanks in advance!