Managing risks through ISO 31000: A critical analysis

Abstract

Managing risks is a strategic challenge for organizations, which must face threats increasingly complex and diverse. Introduced in 2009, the ISO 31000 standard is intended to help organizations to manage in a systematic and comprehensive manner diverse types of risk by offering a universal framework to assist the organization to integrate risk management into its overall management system (ISO, 2009a, p. 9). This article aims to shed light on the contributions of this standard, while emphasizing the pitfalls that may arise from misconceptions regarding ISO 31000 and its use as a tool to control risks. Although the ISO 31000 standard has effectively integrated the principles and practices considered most effective by many experts and researchers in the field, the experience feedback from examples of organizational crises in various sectors should lead managers to question how they will integrate it in their organizational strategy. The conclusion suggests that risk management should be seen as a practice-based approach, a strategy that managers do and not a strategy that managers have. In this regard, managers must question their own assumptions in the implementation of such a standard, take into account the specificities of their internal and external organizational environment and remain vigilant in its monitoring. © 2012 Macmillan Publishers Ltd.