MANAGING BEST PRACTICES: Risk management for your career
The buzz is building over the International Organization for
Standardization (ISO) 31000 Risk Management - Principles and Guidelines
on Implementation. After years of hashing things over, the final
standard is expected soon (the ISO website shows a release date of June
The reason a lot of people are excited about ISO
31000 is that it brings together a global consensus on risk management
condensed into about 20 pages of information. All forms of risks such as
financial, security, safety, health, and environment are included. "Not
pursuing an opportunity" is also a risk. According to the standard,
risk is not always negative, but simply viewed as the "effect of
uncertainty on achievement of objectives."
|Figure 1 - ISO 31000 Risk Management Process
ISO 31000 risk management process is summarized in Figure 1 (above).
The process should be familiar to EHS pros. For example, the definition
of industrial hygiene from the American Industrial Hygiene Association
(AIHA) includes "anticipation, recognition, evaluation and control" of
environmental hazards that may impact workers. Although the words used
by AIHA and ISO may differ, their meaning remains much the same. For
example, "treatment" according to ISO is similar to AIHA's "control";
although ISO is more inclusive and would include sharing risk with
another party, i.e. insurance.
Who will use ISO 31000?
Typically, as most ISO standards go, advanced organizations will be
the first to apply the information. It's the concept of applying risk
management to an individual that should peak your interest.
Your career and job contain risks that should be managed. ISO 31000 may
help you to focus on managing individual risks.
Back in the early 1990s the corporation I worked for
embarked on massive organizational change. "How do we become the best"
was the CEO's vision. Task forces were developed to propose and
implement actions to achieve the vision. Successes followed. The
corporation received IndustryWeek's "100 Best Managed
Companies" in the world award in 1997 and 1998.
I served on a
task force that looked at how the corporation should manage risks. We
applied many of the strategies now found in ISO 31000. This led to my
traditional role of an industrial hygienist being changed to a role of
considering all risks, such as risks to reputation, to the corporation. I
worked out of the newly established "Risk Identification and
Prevention" section of the corporation's legal department.
what I learned from this experience: It was in my own best interest to
consider individual risks to my job. I developed a career plan filled
with "what if" considerations and treatments, i.e. control. An
acquisition by another company indeed put my job at risk. But I was
prepared for the effect of uncertainty on achieving my objectives.
31000 states that risk management should contain the following
principles: a) create value; b) integral part of the organizational
process; c) part of decision-making; d) explicitly address uncertainty;
e) systematic, structured and timely; f) based on the best available
information; g) tailored; h) takes human and cultural factors into
account; i) transparent and inclusive; j) dynamic, iterative and
responsive to change; and, k) facilitates continual improvement and
enhancement of the organization. All these principles can be applied to
you and your career planning.
framework for managing risk under ISO 31000 is simple. Once commitment
is established there is a loop of actions that include: 1) design the
framework, 2) implement risk management, 3) monitor and review the
framework, and 4) continual improvement of the framework.
you use ISO 31000?
You have individual professional
objectives. Uncertainties that may affect these objectives are your
risks. These uncertainties, however, may be positive. Remember, "Not
pursuing an opportunity" is a risk identified in ISO 31000. Are there individual
opportunities that you have not identified, analyzed, and evaluated?
your employer may be slow to apply the principles and guidelines
necessary to implement risk management in accordance with ISO 31000,
this does not mean that you can't apply the information to help meet individual
objectives. If you read ISO 31000 with this in mind, it becomes easier
to understand its application and value. And the better you understand
the standard, the easier it will be to help your employer commit to a
global consensus on risk management that may help them achieve EHS
Rate This Article
Share This Article