Risk-!n: everything risk managers need to know about ISO 31000 and why it matters to resilience

1) What is ISO 31000 and why should risk managers care about it?

ISO 31000 is an international standard for managing risks, and it provides a framework of principles and guidelines an organisation can adopt to effectively manage risks.

It enables organisations to follow a structured approach to understanding, identifying, and managing risks in a way that objectives are achieved, adverse impacts are minimised and decision making can be enhanced.

The Standard is built on three main elements – Principles, Framework and Process.

The Principles provide core elements that should be reflected in an effective risk management program; the Framework provides a structured approach for organisations to integrate risk management into their processes and structures; while the Process provides a step-by-step guideline for identifying, assessing and mitigating risks.

Generally, risk management practice is expected to enhance Senior Management’s decisioning and performance. Effective implementation of ISO 31000 helps to achieve this outcome, as it provides a structured and iterative way to do so.

2) How can it help organisations move beyond ESG?

Environmental, Social, and Governance (ESG) continues to be an important agenda item for Executives of organisations across the globe.

It effectively integrates into the concept of Total Respect Management (TRM) i.e., paying attention to profit, people and planet.

Adopting the core elements of ISO 3100 can help an organisation proactively identify risk events that can trigger ESG related risks from a compliance and best practice or ethical perspective; and to also create sustainable mitigations that benefit both the organisation, society and environment.

Risk Management can be considered as an organisational control mechanism to position an organisation from being reactive to proactive, this will help Senior Leadership preserve whatever value has been created.

3) What is ethical leadership, and where does it fit in the picture?

Sustainable organisations are built on strong ethical principles and value systems. Leadership is considered ethical when they direct an organisation in a manner that is consistent with these principles and values.

It involves being ethical and been seen to be ethical (perception). Ethical leadership fosters a strong and positive environment where employees can openly discuss risks and opportunities within their domains, this is a step in the right direction towards being proactive.

Leadership and Commitment is a central part of the ISO 31000 framework, stating that top management and oversight bodies, where applicable, should ensure that risk management is integrated into all organisational activities and should demonstrate leadership and commitment.

Value is easily created and persevered where ethical leadership is demonstrated.

4) How can risk managers get business buy in to this approach?

Obtaining buy-in from Senior Leadership is dependent on a number of factors such as the organisational culture, tone at the top, maturity of processes and controls, amongst others.

Some considerations could include, the risk manager either setting up or leveraging existing organisational programs to create adequate risk awareness both at the strategic and operational levels. This is a good way to kick things off.

Secondly, risk managers must also be able to demonstrate the value of implementing an effective risk management program by showing the linkage between objective, risk and performance i.e. emphasising that effective risk management practice is an objective enabler.

Also, quantifying the impact of risk outcomes aids adequate buy- in. Demonstrating how investments in risk management practices can lead to savings and avoid costs associated with risks can also be a persuasive approach to obtain buy-in.

5) Why should people come to your session at Risk-!n and what will they learn?

Firstly, this is my first time at the conference and I am super excited to share practical insights at this session.

Participants will discover how ISO 31000 can be leveraged to build resilient and value-driven company cultures.

By truly understanding risk through the lens of ISO 31000, participants can better support their organisations to create and protect value, not just for shareholders, but for all relevant stakeholders.

In this session, we will also explore how integrating systems thinking, ethical leadership, and risk management principles and process empowers businesses to thrive sustainably in an ever-changing business environment.