ISO 31000 – expecting the unexpected?
If you’re of a certain age, and went to school in the 60s, 70s and even 80s, you’ll remember how risk averse your childhood and school was. Teachers routinely sent pupils to shops for milk or on errands without paperwork. Well they did with some of the HSEQ-360 team!
Today, though, the world is a much different place and childhood and adult workplaces are more regulated and controlled. You may argue this is a bad thing but in our industry, offshore and renewables, risk management is crucial and ISO 31000 specifically covers this.
We all take risks every day single day, some minor, some intermediate, some significant and we’re sure if you plotted a typical timeline of your own day, you’d identify risks: from something as routine as getting up and walking downstairs to the school run / commute to work and your work processes. If we thought forensically about risks at the start of each day, you might never leave the sanctuary of your bed yet we do, and most of us, arrive home, unscathed from danger.
If you start from this point that risk is a clear component of life and business, you can then strategise plans to mitigate risk which ISO 31000 usefully maps out.
This standard was first introduced in 2009 and heavily revised in 2018 to encompass issues like: equipment failure, accidents, cybersecurity breaches and financial fraud.
Using ‘ISO 31000:2018 Risk Management – Guidelines’ in your business is a key part of your organisation: its processes, objectives, strategies and activities.
At its core lies principles of continued improvement, stakeholder inclusion, human and cultural aspects as well as being customisable to your organisation.
Key elements of these principles to guide your organisation’s training need to include the following:
- Resilience
- Defining risk
- Framework and process
- Responsibilities
- Accountabilities
- Performance measures
- Attitudes to risk
- Correlation with ISO 22310 and 27031
- Barriers to the implementation of risk management
- Risk reporting and their limitations
These are not all-encompassing though and it’s important that your organisation creates a risk management strategy that is integrated and appropriate for all levels of operation. Continuity, compliance, crisis management, HR and IT all need proactive involvement.
You may, or may not, be aware that there is now a global summit on Risk Management, held later this month in Tanzania. It is the fourth consecutive conference, which may indicate the relevance and importance of Risk Management across all organisations.
We may live in a world now where spontaneity has all but disappeared from education – those errands for milk, nature walks, trips to a park, all need risk assessments, consent forms and approval – but is this a bad thing in a world where risks are so prevalent?
Businesses can no longer operate in a risk free bubble as many did decades ago
What do you think of the specifics of ISO 31000 and the new world we now live in? Join the discussion on our active LinkedIn page.
