Many people having contact with risk management in organizations know that in 2018 the new ISO 31000 risk management standard was issued.
What are the main changes in ISO 31000?
Compared to the previous release, the changes are as follows:
- the structure of the norm and its content have been organized in order to ensure the universality and the possibility of applying the provisions to various needs, situations and contexts;
- the leading role of the top management was emphasized and the necessity to integrate risk management into business/organizational processes, starting from the organizational management level;
- the risk management principles, which are the key criteria for success in its implementation, have been reviewed and adjusted;
- more emphasis was placed on the iterative nature of risk management. It was also emphasized that obtaining new experience, knowledge and analysis results may require a review of process elements, activities and control resources at each stage of the process.
In regard to the release of the updated version of ISO 31000: 2018 Risk Management – Guidelines, the standard, which is closely related to it, has also been updated and provides helpful guidance for carrying out a risk assessment. I am talking about IEC 31010: 2019 Risk Management – Risk Assessment Techniques.
What is the IEC 31010 standard?
IEC 31010 provides guidance on the selection and application of risk assessment techniques in a wide range and different situations. These techniques are used to support decision making when there is uncertainty in providing information on individual risks and as part of the risk management process.
The document summarizes a number of techniques with reference to other documents where the techniques are described in more detail. This edition is a technical revision of the first edition published in 2009 and replaces it.
Changes in the new edition of IEC 31010
The new standard IEC 31010 contains many changes in comparison the previous edition from 2009, e.g .:
- the standard is fully compliant with ISO 31000:2018; more attention was paid to the planning, implementation, verification and validation processes of the methods/techniques used;
- a different classification of risk assessment methodologies has been introduced.
The previous edition of the standard divided the techniques/methodologies into two main groups: “Scenario analysis” and “Functional analysis”, as well as several small and auxiliary ones. In the new edition, the techniques have been divided into 10 groups related to the elements of the risk management process. Such a classification is surely logical and harmonized with ISO 31000:2018;
- the number of risk assessment techniques/methodologies and the scope of their application have been increased. The standard lists 41 risk assessment techniques (31 in the previous edition);
- a new attempt to compare risk assessment techniques using 8 characteristics was made;
- the concepts contained in ISO 31000 are no longer repeated in this standard.
We offer training, implementations, and audits in terms of risk management in the field of ISO 31000: 2018 and in the context of other management system standards.
Sources:
ISO 31000:2018 Risk management — Guidelines
IEC 31010:2009 Risk management — Risk assessment techniques
