The standard help principles and guidelines’ for businesses and organisations to be responsive in the event of a crisis.
Risk management. ISO 31000 establishes «principles and guidelines» to prevent damage. What kind of damage? Damage to image, brand or reputation. Damage related to computer or terrorist risk. But these are just some of the risks that any organization (whether private or public), of any size, may face.
The current economic and social context, characterised by a strong unpredictability, calls for appropriate countermeasures. First of all for themselves and then because it must demonstrate to the stakeholders to be reactive if the reference context changes. Economic crises teach us.
ISO 30001 can be used by any type of enterprise/organization, including onlus. And since the main objective is to manage risks, it’s particularly important to define strategies, decisions and processes.
The risk assessment
Before assessing the risk associated with any activity, the norm teaches to evaluate it from the point of view of meaning. In fact, the risk can be seen from both a positive and a negative point of view. In effect, thanks to risk management, the acquired value is protected. In other words, the emphasis isn’t on risk prevention but on the transformation of opportunities into value. Then, once transformed, this value is protected by a well-structured plan.
Pay attention also to how much weight you give to risk. You could make the mistake of saying: «But I already evaluate all the risks, so I’m sure». In fact, there is often a tendency to overestimate external risks and underestimate internal risks. In cases such as this, there isn’t lack of risk assessment but a risk’s misassessment. That’s why it’s essential to use tools that help make a proper estimate.
ISO 31000: the advantages
This rule’s advantages cover several fields.
Competitive advantage: first of all because the company/organization has the right antibodies to react to any changes in scenario. This creates confidence in consumers, investors, suppliers and partners.
Cost savings: the ISO 31000 standard helps eliminate redundant activities and, in case of crisis, helps to intervene promptly. Rapid intervention minimizes costs.
The need to revise ISO 31000 is due to the change in the types of risk that organizations have to manage. Changing the risk typology also changes the approach methodologies.
The latest revision of ISO 31000, published on February 15, 2018, it aims to support organizations in managing uncertainty. The new ISO 31000: 2018’s – Risk Management – guidelines offer easy-to-implement guidelines to support organizations/businesses in the application of risk management principles.