Australia helped pioneer the concept of a Risk Management Standard, with the development of the original Australia Standard for Risk Management - AS4360. The effectiveness and success of this standard led to it becoming the foundation for a new International Standard for Risk Management, developed by the International Organisation for Standardisation (ISO).

In November 2009, the ISO released the latest version of their Risk Management Standard, ISO 31000. The standards committee for Australia and New Zealand determined that instead of maintaining a separate Australia Standard for risk management, they should instead adopt the international standard.

Hence, from this year, AS4360 is now no longer the relevant standard for Risk Management in Australia, we now work under ISO 31000.
 

Key Differences

There are two key differences between the now superceded Australian Standard (AS4360) and the new ISO Standard (ISO31000). 

Firstly, the ISO31000 standard now defines risk as the "effect of uncertainties on objectives", rather than how it was previously defined as "the chance of something happening that will have an impact on objectives".  This might be important when it comes to our formal risk assessments, but in general this change is not overly important, the concept of risk is still the same.

Secondly, the ISO31000 standard introduces a set of principles that organisations need to follow in order to implement truly effective risk management.  These principles say that a great risk management program has the following attributes:

  • Creates value
  • Intergral part of organisational processes
  • Part of decision making
  • Explicitly addresses uncertainty
  • Systematic, structured and timely
  • Based on the best information available
  • Tailored to the organisation
  • Takes human and cultural factors into account
  • Transparent and inclusive
  • Dynamic, iterative and responsive to change
  • Facilitates continual improvement and enhancement of the organisation
     

The risk management process itself has not changed, and the stages we follow in the process are all still there - establish context, identify risks, analyse risks, evaluate risks, treat risks.  The process is identical to AS4360.  There is a much greater emphasis now on how risk management should be implemented in the workplace and in organisations, with particular reference to continuous improvement.
 

Enhanced Risk Management

The new international standards also introduces what it calls enhanced risk management practices.  These practices are those which are considered key to above average risk management processes, and include:

  1. Continual Improvement - setting goals and managing against them
  2. Full Accountability - designating specific individuals and holding the to account for actions assigned to them
  3. Application in All Decision Making - risk management practices should be applied in some way in every level of decision making, no matter the level of importance
  4. Continual Communications - frequent reporting and communication with all stakeholders

Reference

Thanks to Noel Arnold & Associates for their review of the new standard, please have a read here for more information:

http://www.safetyrisk.com.au/2010/05/03/new-risk-management-standard-asnzs-iso-31000/

 

MiningManandMLogoTiny.PNG- Jamie Ross

Mining Man - Safety, Leadership and Productivity Ideas for the Mining Industry

Sign up on the right to get our great weekly newsletter packed with ideas and useful tips.  And become a fan on Facebook by clicking here.