The Standard for risk management (AS/NZS 4360), first published in 1995, has just been replaced by a joint Australia/New Zealandadoption of the newly published ISO 31000:2009. The new ISO Standard has been substantially based on the original AS/NZS 4360 Standard.
In Australia and New Zealand, the new Standard is called
AS/NZS ISO 31000:2009 Risk management – Principles and guidelines
About this Standard
Risk management, when implemented and maintained in accordance with this Standard, will enable organisations to increase the likelihood of achieving their objectives, and enhance an organisation's health and safety performance. The Standard will also enhance organisational environmental protection, improve loss prevention, incident management, stakeholder confidence and trust, and more.
AS/NZS ISO 31000:2009 provides generic guidelines for the design, implementation, and maintenance of risk management processes throughout an organisation. It is applicable and adaptable for any public, private, or community organisation, and can be applied to any type of risk, whether having positive or negative consequences.
Significant changes and additions have been made to build on what has been learned since the previous Standard was published. The main variations include:
- risk is now defined as the 'effect of uncertainty on objectives'
- principles to follow to achieve effective risk management are made clear
- greater emphasis and guidance is provided on how risk management should be implemented in organisations though the creation and maintenance of a continuous improvement framework
- the addition of an informative annex that sets out characteristics of enhanced risk management and includes two risk management 'outcome' tests (which relate to whether the organisation is aware of and understands its risks and whether it has adjusted its risks according to its risk criteria), and five 'attributes' tests (which focus on organisational behaviours that have been found to be the most important in organisations that manage risk effectively).
Organisations with existing risk management processes can use this Standard to critically review, align, and improve their existing practices. If your organisation has based your risk management on the previous Standard, you will benefit from the additional concepts and practises within this Standard.
AS/NZS ISO 31000:2009 is not intended to promote uniformity of risk management across organisations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organisation.
- Particular objectives
- Context
- Structure
- Operations
- Processes
- Functions
- Projects
- Products
- Services
- Assets
- Specific practises employed
HB 436:2004 Risk management guidelines – companion to AS/NZS 4360:2004 is currently being revised. The revised handbook will supplement AS/NZS ISO 31000:2009 by providing practical advice to help organisations apply the Standard. Publication is planned for early 2010.
Seminars planned for 2010
Standards New Zealand and the New Zealand Society for Risk Management are planning to conduct morning seminars in Auckland, Wellington, and Christchurch (and possibly other centres) in late February/March 2010 on AS/NZS ISO 31000:2009. To register your interest, please email seminars@standards.co.nz with your details.