BSI says FERMA is wrong in urging "great caution" in the development of a risk management standard

The British Standards Institute, the UK representative to ISO, has backed ISO’s challenge to elements of FERMA’s recent position paper.

The paper urges “great caution” in the development of a “standard”, and calls instead for a “reference guide, framework, general principles or list of best practice.”

In a statement BSI points out that there are many different types of standard including guides and frameworks. In fact the title of ISO 31000 is “Risk management – Guidelines on principles and implementation of risk management”.

The BSI British Standards risk management committee recently made available the draft for public comment of a UK risk management “code of practice” which will sit alongside ISO 31000 and, likewise, is distinct from a specification.

It says that it is because of the need for caution in the area of risk management standardisation that the ISO process is the most appropriate method of developing guidelines and processes.

It adds that the working group consists of experienced risk management practitioners from a large number of countries.

FERMA’s position paper also claims that an ISO standard would be “too inflexible for such a broad discipline as risk management, which is extremely complex and varied in its application.”

BSI claims ISO 31000 does not seek to define the term “acceptable risks” as this can only be done by the respective organisations. Nor does it attempt to restrain or prescribe “the entrepreneurial aspect of risk taking.” What it delivers is the encapsulation of prevailing best practice for dissemination to the risk community.

It outlines the benefits of risk management as:

Improved operational effectiveness and efficiency

Improved identification of opportunities and threats

Confident and rigorous basis for decision making and planning

Definitions of controls to empower decision making and planning