AS/NZS ISO 31000:2009 is a joint Australian/New Zealand standard that provides guidelines on risk management. It is based on the international standard ISO 31000:2009, which offers principles and generic guidelines on risk management. The Australian standard AS/NZS ISO 31000:2009 is a joint Australian/New Zealand standard prepared by Joint Technical Committee OB-007, Risk Management . It provides principles and generic guidelines on risk management, which can be used by any public, private, or community enterprise
The standard is designed to be applicable to any organization, regardless of its size, industry, or sector, and aims to help organizations manage risks effectively.
Key Features
- Provides principles and general guidelines for risk management
- Can be used by organizations with existing risk management processes to critically review, align, and improve their existing practices
- Offers a structured approach to risk management, including risk analysis, which involves developing an understanding of each risk, its consequences, and the likelihood of those consequences
Application
The standard is applicable to all types of organizations, including public, private, and community enterprises . It can be used to manage risks in various contexts, including but not limited to:
- Developing and implementing risk management systems
- Conducting risk assessments and analyses
- Identifying and mitigating risks
- Reviewing and improving existing risk management practices
Key aspects of AS/NZS ISO 31000:2009 include:
Principles of Risk Management: The standard outlines several principles that should be satisfied to make risk management effective. These include being an integral part of organizational processes, being part of decision-making, explicitly addressing uncertainty, and being systematic and structured.
Framework: It emphasizes the importance of creating a risk management framework that integrates risk management into the organization's overall governance, strategy, and planning, management, reporting processes, policies, values, and culture.
Process: The standard describes a risk management process that includes risk identification, risk assessment (risk analysis and risk evaluation), risk treatment, monitoring and review, and communication and consultation.
Customization: It encourages organizations to tailor the risk management framework and process to their specific needs and context.
Continual Improvement: The standard promotes the continual improvement of the risk management framework and processes.
AS/NZS ISO 31000:2009 was intended to replace the earlier AS/NZS 4360:2004 standard. It is important to note that ISO 31000 has been updated since 2009, with the latest version being ISO 31000:2018. Organizations using the 2009 version may consider reviewing the updates in the 2018 version to ensure they are following the most current guidelines.
