Part 1 – THE INTRODUCTION
An eye-catching feature
Recently the draft version of the first revision of the ISO 31000 standard has become available for purchase and review. (https://www.iso.org/obp/ui/#iso:std:iso:31000:dis:ed-2:v1:en) and a first rather drastic change is immediately visible in the introduction of the standard, as it really catches the eye. In this first article comparing the ISO 31000 (2009) standard with the draft ISO 31000 (2017) version, I will comment on the changes in the introduction part of this standard.
The graphic (Figure 1 – Relationships between the risk management principles, framework and process) that summarize the standard’s components, has changed considerably and I don’t know yet if this is an improvement or not.
The old picture
Figure 1 – ISO 31000 (2009)
I have always regarded the picture (above) of the ISO 31000 principles, framework and process on one page a highlight and strength of the ISO 31000 (2009) standard. With only a minimum explanation, this image was sufficient to get to know and understand the standard and how risk management is to be structured from the strategic tot the execution levels and how it could be implemented and used in any organisation, whatever the size, sector or industry.
The new picture
Now, at a first glance, I’m afraid that clarity, at least to me, is somewhat lost. Judge for yourself and tell me what you see in the figure below compared to the figure above.
Figure 1 – ISO 31000 (draft 2017)
Furthermore, when reading the introduction, it is immediately clear that a lot of text has disappeared. Now, in the draft version, the introduction only covers half a page of short statements, instead of two pages of more elaborated sentences in the current standard. As such, the direction of the change is immediately noticeable in these opening sentences, giving some remarkable differences for the respective introductions.
The opening statement
For example you could look at the opening sentence of the standard:
“Organizations of all types and sizes face internal and external factors and influences that make it uncertain whether and when they will achieve their objectives.” (2017 Draft version)
“Organizations of all types and sizes face internal and external factors and influences that make it uncertain whether and when they will achieve their objectives. The effect this uncertainty has on an organisation’s objectives is risk.” (2009 version)
I think the new version of the opening sentence of the revised introduction is a less powerful statement and tells less about risk than in the current version. Although, it indicates the direction the new version of the standard takes, trying to be more with less. But I’m not yet convinced of the result.
Less is more for ISO 31000
Indeed, critics can say that risk (e.g. in the sentence “the effect this uncertainty has on an organisation’s objectives is risk”) is much more, and surely they are right. So leaving this inadequate sentence out is certainly an option to overcome this flaw. But I would have liked a more encompassing, and maybe more powerful, sentence. For instance:
“Individuals, organizations of all types and sizes, and society as a whole, face internal and external factors and influences that make it uncertain whether and when they will achieve and/or safeguard their objectives. The effect this uncertainty has on individual, organisational and societal objectives is what we call risk.” (Peter Blokland version)
So, maybe less is more, but where is the limit? Some matters still need to remain clear, but this is just my take on this. So, how would you have liked the opening sentence to be?
Interested in ISO 31000?
- Do you want to know more about ISO 31000 and its revision?
- Are you looking for certification for this standard?
- Do you want learn how to integrate risk management at all levels of your organisation and all of its operations?
Since September 2014, Peter is also employed at TUDelft, working as a PhD researcher for the Safety Sciences section of the Technology Policy and Management faculty.
As the managing director of G31000 Europe he is now a trainer and consultant using the ISO 31000 Risk Management Standard.
Some of his articles can be read on LinkedIn