APPLICATION:
AS/NZS 4360:2004 – Universal across all organisations, recognized in Australasia but also widely accepted internationally
ISO 31000:2009 - Universal across all organisations, recognized internationally
RISK MANAGEMENT
AS/NZS 4360:2004 – An organisation’s objectives
ISO 31000:2009 - An organisation’s objectives
PRINCIPLES FOR MANAGING RISK
AS/NZS 4360:2004 – Mainly implicit and included as part of risk management culture ISO 31000:2009 – Clearly explicit in Clause 3– common business management principles
FRAMEWORK FOR MANAGING RISK
AS/NZS 4360:2004 – Covered in details
ISO 31000:2009 – Clearly explicit in Clause 4– Expands on 4360
RISK MANAGEMENT PROCESS
AS/NZS 4360:2004 – Core of the standard
ISO 31000:2009 – Explicit in Clause 5 (similar as 4360)
ENHANCED RISK MANAGEMENT
AS/NZS 4360:2004 – Not covered
ISO 31000:2009 – Annex A. Informative only
GUIDE FOR ESTABLISHING AND IMPLEMENTING
AS/NZS 4360:2004 –Covered in details in HB 436:2004
ISO 31000:2009 – ISO 31004 document under development, due in 2014 or earlier
DEFINITION OF RISK
AS/NZS 4360:2004 –Chance of something happening that will impact on objectives
ISO 31000:2009 – Effect of uncertainty on objectives
DEFINITION OF RISK MANAGEMENT
AS/NZS 4360:2004 – Culture, processes and cultures that are directed towards realizing potential opportunities whilst managing adverse effects of uncertainty on objectives
ISO 31000:2009 – coordinated activities to direct and control an organization with regard to risk
DEFINITION OF RISK MANAGEMENT FRAMEWORK
AS/NZS 4360:2004 – Set of elements of an organisation’s management system concerned with managing risk
ISO 31000:2009 – set of components that provide the foundations and organizational arrangements for designing, implementing monitoring, reviewing and continually improving risk management throughout the organization
DEFINITION OF RISK MANAGEMENT POLICY
AS/NZS 4360:2004 – Not definedISO 31000:2009 – statement of the overall intentions and direction of an organization related to risk management
DEFINITION OF RISK MANAGEMENT PLAN
AS/NZS 4360:2004 – Not defined
ISO 31000:2009 – scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of risk
DEFINITION OF RISK MANAGEMENT PROCESS
AS/NZS 4360:2004 – Not defined
ISO 31000:2009 – scheme within the risk management framework specifying the approach, the management components and resources to be applied to the management of riskIn
SUMMARY :
Whilst the fundamentals of the risk management process in ISO 31000 remain the same as in AS/NZS 4360, there are a number of important changes organisations must consider when adopting ISO 31000.
ISO 31000 is a true international risk management standard and serves as “an umbrella” for other ISO or non-ISO standards referring to risk. It is critical for the many organisations wanting a consistent risk management approach globally.There are changes to important terms and definitions, some new definitions are introduced and some definitions are removed.
The relationship between the principles for managing risk, the framework for managing risk and the risk management process are better explained and illustrated in ISO 31000. There are 11 principles introduced in ISO 31000 that need to be considered to help make risk management effective.ISO 31000 now lists and describes five attributes of an enhanced risk management framework.
Fore More info:
www.safa.sa.gov.au/documents/ins_ISO_3100.pps
Thanks for sharing. I would like to share to my friends. To het iso 31000 registration click here: ISO 31000
ReplyDelete