Recently, Standards Australia released a new edition of the Risk Management Standard.
AS/NZS ISO 31000-2009 Risk Management – Principles and Guidelines replaces AS/NZS 4360-2004 Risk Management as the leading resource available to Australian facility managers, directors, top-level executives and others responsible for managing an organisation’s risks and achieving objectives.
AS/NZS ISO 31000 is a direct adoption of the new International Standard, which is based significantly on the 2004 edition of the Australian/New Zealand Risk Management Standard.
Colin Blair, deputy CEO of Standards Australia said when it was first published in 1995, the Australian New Zealand Standard for Risk Management, AS/NZS 4360, was a world-first.
“Organisations from around the globe looked to the Standard for guidance on managing their risks,” he says.
“The new International Standard is based on AS/NZS 4360-2004 and was shaped with input from experienced members of Standards Australia and Standards New Zealand’s committee for Risk Management, OB-007, and experts from some 28 countries representing all continents. Australia has a lot to be proud of.”
The new International Standard provides organisations with guiding principles, a generic framework and a process for managing risk. New to this edition is the inclusion of 11 risk management principles an organisation should comply with and a management framework for the effective implementation and integration of these principles into an organisation’s management system. The new edition emphasises that risk is the effect of uncertainty on objectives, not just an event.
This new edition also includes an informative Annex that sets out the attributes of enhanced risk management for those organisations that have already been working on managing their risks and may wish to strive for a higher level of achievement.
Enabling effective risk management as outlined in AS/NZS ISO 31000 will help organisations to:
- increase the likelihood of achieving objectives
- encourage proactive management
- be aware of the need to identify and treat risk throughout the organisation
- improve the identification of opportunities and threats
- comply with relevant legal and regulatory requirements and international norms
- improve financial reporting
- improve governance
- improve stakeholder confidence and trust
- establish a reliable basis for decision making and planning
- Improve controls
- Effectively allocate and use resources for risk treatment
- improve operational effectiveness and efficiency
- enhance health and safety performance, as well as environmental protection
- improve loss prevention and incident management
- minimise losses
- improve organisational learning
- improve organisational resilience.