Courtesy of Reuters http://www.reuters.com/article/pressRelease/idUS246464+28-Oct-2009+BW20091028
From October 2009 corporations of different sizes and industries will be faced with a new universal standard focused on Risk Management. Dubbed ISO 31000: Principles and guidelines for risk management; the new guidelines were developed
by the Organization for Standardization (ISO) in response to the need to standardize the existing norms, regulations and frameworks related to risk management.
The standards, which may be applied to companies and individuals alike, include guidelines for the implementation of risk management within organizations of any type, size and segment, stem from the need of corporations to address the uncertainties that have a potential impact on their goals. These objectives may be related to different corporate activities ranging from strategic initiatives
to operational processes or projects. These principles may be applied to different risks associated with sev modern concept which states that risk is opportunity.
Yet, there has been no consensus to the terminology and concepts utilized in risk management. This has created challenges for organizations to integrate their different risk management functions. Typically, this result in risk management is addressed in isolated manners, which often leads to the spread of the so-called silos or departmental “islands” utilizing disparate terminology, systems, criteria, and concepts for each area of the organization, resulting in the greatest challenge faced by ISO 31000 lied in establishing a common terminology and standardizing best practices and frameworks, so that organizations could implement risk management practices in their processes. Since this is a standardization initiative in line with the integrated view of Enterprise Risk Management, the new norm does not contradict other existing regulations, such as ISO/IEC 27005 – the technical standard focused on
information security risk management but provides guidelines and is aligned with other sets of rules.
Similar to ISO 9000 and ISO 14000, which became references for managing these issues within organizations, the launch of ISO 31000 will provide countries worldwide with a set of internationally recognized guidelines for managing risk.
*Alberto Bastos is a founding partner of Modulo, a global leader in IT GRC Management automation, and coordinates the Brazilian Association of Technical Standards` (ABNT) Special Commission on Risk Management Guidelines.
The Information Company
+ 1 425 235 0724
Andressa Ferrer
andressa@theinformationcompany.net
Copyright Business Wire 2009