Australian Institute of Project Management


Risk Management: A New Standard
Risk Management: A New Standard - ISO 31000:2009 Risk Management
Date: 26 Jul 2010
Name: AIPM
Phone:
Email: irc@aipm.com.au

This article was reproduced from the July Newsletter of the AIPM SA Chapter.

 

Risk management has been developed over a considerable period of time to meet the needs of a wide  range of industry and business sectors.  Formal generic risk management standards have been available for some time as a basis for the effective management of risk in any situation regardless of the context, notably in Australia and New Zealand with the publication of AS/ NZS 4360:1995.

 

It was also in the 1990's that risk management was developed as a formal project management discipline and in Australia, the joint Australian and New Zealand generic standards have been widely applied as the basis for risk management in projects. In recent years risk management has become a key corporate requirement in the management of any project in both in the public and private sectors. Governments in particular requiring Department and Corporation Heads and contractors to apply the generic risk management standards in the management of all projects.

 

The new generation of risk management standards were launched in late 2009 with the publication of AS/NZS ISO 31000:2009 Risk Management — Principles and Guidelines.
This standard originated as AS/NZS 4360:1995 and supersedes the third edition AS/NZS 4360:2004. Instead of just undertaking a further revision in 2009 it was decided to promote the development of an international standard on risk management which would then be adopted in Australia and New Zealand.

 

The process described for the management of risk is identical to that in the superseded standard and the Australian and New Zealand version is identical with and has been reproduced from the ISO version.

 

The main variations to the superseded standard are:

 

• Risk is now defined in terms of the effect of uncertainty on objectives, which in projects relates to achieving the project outcomes.
• The principles that organisations must follow to achieve effective risk management have now been made explicit.
• There is much greater emphasis and guidance on how risk management should be implemented and integrated into organisations through the creation
and continuous improvement of a framework.
• There is an informative annex which describes the attributes of enhanced risk management and recognises that while organisations manage risk in
some way and to some extent, this may not always be optimal.


This standard is supported by the following documents:

 

HB 327:2010 — Communicating and consulting about risk (First Edition)

This handbook recognises that risk management takes place in a social context with the information needing to be shared with people. The communication and consultation regarding risks must occur in a continual and iterative process with stakeholders. The handbook explains why
communication and consultation are essential in risk management and provides advice on how to do this effectively.

 

IEC/ISO 31010 — Risk Management — Risk assessment techniques (Edition 1.0 2009-11)

This is a supporting standard for ISO 31000 and provides guidance on selection and application of systematic techniques for risk assessment.
Whether you are using qualitative or quantitative risk assessment techniques, this standard is a useful reference source for a range of assessment tools and techniques with the description of each including an overview, its use, inputs, process, outputs, strengths and limitations.
The version reviewed is printed in both English and French.

 

ISO GUIDE 73:2009 — Risk Management — Vocabulary (First Edition)

This guide provides basic vocabulary to develop common  understanding on risk management concepts and terms relating to risk, risk management and risk management processes. Again this is printed in both English and French.

 

All of the documents are available through Standards Australia.

 

The principles and guidelines together with the new supporting documents provide an excellent reference in the application of the risk management principles, useful help in determining the most appropriate risk assessment techniques and appropriate communicating and consulting \vhich is an essential part of risk management in projects.

 

Risk management is a key function in the management of projects. Together all of these documents are directly applicable to the management of risks in projects and a valuable tool for both the experienced project manager and those entering the profession.

 

David Farwell, CPPD, FAIPM, Hon FHKIPM

Click to return to News