Tip

How compliance with ISO 31000 supports risk management initiatives

(This is the conclusion of a two-part series on examining how to ensure that your risk management programs are in compliance with the ISO 31000 standard. Part one

    Requires Free Membership to View

appeared last week)

Almost any business activity involves risk. Acceptance of risk in concert with a structured risk management approach suggests that shrewd business leaders want to focus on a risk-based way to approach things. This doesn’t mean avoiding risk -- it means using a process that helps identify and minimize risk, while allowing the firm to focus on its core competencies. This is where compliance plays an important role.

While the ISO 31000 standard is only a year old, it’s already accepted as one of the primary strategies for risk management. Other notable risk management standards, such as the National Institute of Standards and Technology’s SP 800-30, should also be considered when developing a risk management program.

Leveraging ISO 31000 in your organization

Many factors make up a risk-based enterprise. Identification and recognition of risks and vulnerabilities are important. Assuming you are either reviewing your risk management program or starting a new one, the following steps can make the transition easier:

• Understand your business: Make sure you know what you want to achieve by understanding your risks, threats and vulnerabilities. As part of that effort, make sure that minimizing interruptions to activities that generate sales, provide better customer service and reduce delivery times to customers are on that list.

• Understand your culture: Knowing your organization, its culture and value set are essential building blocks in creating a successful risk management initiative. Your culture typically means support for generally accepted behaviors, such as honesty, integrity and high ethical standards.

• Energize your leadership: Organizations that embrace risk management principles and policies obtain their energy, attitude and approach from the top. Executives who don't have a firm grasp on risk management processes could see that lack of discipline filter down to key business units.

• Assess and benchmark risk management: How does your firm know it’s keenly focused on identifying and managing risk? Organizations must actively develop risk management programs that examine risks at all levels of the business. In doing this and by leveraging established benchmarks like ISO 31000, organizations can proactively assess their overall risk readiness.

Organizations embracing risk management principles get their energy and attitude from the top. Executives who don't could see that lack of discipline filter down to key business units.

• Identify enabling standards: Support for risk management standards like ISO 31000 and NIST SP 800-30 demonstrate a commitment to building a risk-focused organization. Investing time and resources to stay current with risk management developments as well as improving compliance programs not only helps companies mitigate potential risks, but also uncovers opportunities for performance improvement and brand enhancement.

ISO 3100 is not envisioned by the ISO as a tool for risk management accreditation, which differs from its other well-known standards, such as ISO 9000 and ISO 14000. The ISO hopes this particular strategy gives risk management professionals the flexibility to implement the guidelines in ways that best suit the needs and objectives of their organizations.

Paul F. Kirvan, FBCI, CBCP, CISSP, has more than 20 years' experience in business continuity management as a consultant, author and educator. He is also secretary of the Business Continuity Institute USA Chapter. Write to him at editor@searchcompliance.com.

This was first published in November 2010

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.