3. ISO Standards Development –
An Opinion
Governance structures, directives, tools and
guidance exist to support standards development
There are various types of standards’ products
Development process has many checks and
balances to ensure country and stakeholder
feedback: it ain’t perfect!
All work is done by volunteers nominated by
their national technical committee and endorsed
by each country’s national standards bodies:
discussion can be colorful, exciting and heated!
Developing products takes time because of the
create-feedback-review cycle:
3
4. ISO Standards & Risk Management
The ISO community is very gradually moving
towards harmonization in risk management
expectations, terminology but progress is slow,
still fragmented
◦
◦
◦
◦
ISO 31010
Guide 73
ISO 22301
Etc.
Within the ISO context Technical Committee 262 is
seen as a natural home for risk management but
it is only ONE ISO home. ISO is at the early stage
of harmonization on risk management activity.
4
5. Sample Successes
Publication of ISO 31000 in 2009 – Risk
Management Principles and Guidelines
◦ Globally popular
◦ Early feedback that it has helped
Update of Guide 73 – Risk Management
Terminology in 2009
Technical Committee established 2012 by ISO’s
Technical Management Board
Liaisons established with some other ISO
committees to help harmonize risk management
expectations, etc.
Upcoming publication of ISO 31004 – Guidance
for Implementation of ISO 31000: October 2013
5
6. Challenges
Understanding who our primary audience is and
is not
Communicating the value of the risk
management standard
Streamlining standards development processes
Applying good practices in engaging and
monitoring stakeholders throughout
development
Promoting regional cooperation
Varying capacities of standards bodies
Risk management as a lever for innovation
6
7. Looking Ahead – Exploring Shared
Perspectives
1.
2.
3.
Coherent expectations: Would it be helpful
to organizations to have a coherent
understanding of what is expected as part
of ‘good risk management practice’?
Better practice in risk management: can we
share and consolidate our knowledge to
help organizations
Roles/Responsibilities: can we help
organizations with a common approach to
establishing who does what? (See attached
sample)
7
9. Conclusion
We have similar
challenges
◦ Value proposition of our
respective auditing and
risk management
functions
We have a major
common objective
◦ helping organizations to
achieve their objectives
One Road: How can we pull together, on what
topics, to help organizations worldwide improve
performance?
9