Standards Development

Scope

Click or tap here to enter text. The document provides guidance for users of all kinds of ISO Management System Standards (MSS) on how to systemically address risks and opportunities within an Integrated Management System (IMS). The application of these guidelines can be customized to any organization and its context..

The document is applicable to all types and sizes of organizations (e.g. commercial enterprises, government or other public agencies and non-profit organizations) which intend to establish, implement, maintain and improve a management system to address risk and opportunities. It is not industry or sector specific.

This document is applicable to all types of risks and opportunities, e.g.

• risks and opportunities faced by organizations (management related)

• risks and opportunities provoked, caused or opened up by organizations (risks and opportunities associated with processes, products and services, assets or people)

• risks and opportunities faced by society as a whole or parts thereof (society related, e.g. climate change, human rights or SDG related).

This document can be used throughout the life of the organization and can be applied to any activity at all levels. It does not describe detailed activities within the organization, but rather provides guidance at a general level. It does not prescribe any requirements or specific tools or methods to address risks and opportunities.

Purpose

Purpose: The document provides guidance for users of all kinds of ISO Management System Standards (MSS) on how to systemically address risks and opportunities within an Integrated Management System (IMS) using the ISO Harmonized Structure (ISO HS). The MSS will to be Type B (guidance document with recommendations only). The document provides a holistic and common approach for a management system addressing risks and opportunities that can be applied based on different levels of maturity, facilitating its integration and implementation.

Justification: The need for this MSS exists at a global level, as it facilitates the integration of addressing risk and opportunities into any management system based on one or more ISO MSS following ISO HS. While ISO 31000 provides highly regarded guidelines on risk management from a general perspective, its general approach creates several issues that this document will address.

It was recognized that organizations are in need of more emphasis on opportunities. The current practice of subsuming opportunities under the term risk and thus addressing opportunities indirectly as part of risk management is not appropriate in view of many end-users. Despite more than 15 years of different connotation in ISO terms, the term risk in organizational practice is still used in a narrow sense as “threat”. This leads to the effect that organizations are establishing risk management functions and systems dealing with threats on a broad basis while systematically neglecting opportunities. In a fast changing environment, every organization’s survival is as dependent on its ability to make use of opportunities as on its ability to contain threats.

This global need was already established when creating ISO HS, requiring “actions to address risks and opportunities” as an indispensable pillar of all management systems (Annex SL Appendix 2 clause 6.1). The need for further guidance on addressing risk and opportunities was especially confirmed during the ISO/TC 176/TG 4 “Emerging trends in quality” discussion. This is apparent, among others, in the resulting Risk concept paper (ISO/TC 176/TG 4 N 95) that clearly states a global need for complementing risk-based thinking with an additional opportunity-based thinking, enabling organizations to capitalize opportunities and thus create a broader range of opportunities for improvement. This idea was deemed so important that ISO published a video of an expert panel discussion on the concept of risk, which is available here: https://committee.iso. org/sites/tc176/home/news/content-left-area/news-and-updates/risk-guidance.html

A related study of Hochschule Hannover (University of Applied Sciences) came to the conclusion, that an Integrated Risk and Opportunity Management offers the best opportunity not only to keep pace with the VUCA world, but to actually profit from it. The prerequisite for its successful design is the individual definition, control and integration of risk and opportunity management processes which would ultimately enable faster and more appropriate decisions. The main results of the study are accessible under creative commons here: https://doi.org/10.25968/opus-3083

SNV proposed already in 2012 to create a MSS for the management of risk and based on a survey conducted by experts from various industries and representatives of ZHAW (Zurich University of Applied Science), HSLU (Lucerne University of Applied Sciences and Arts) and UNI SG (University of St. Gallen) – the most renown academic institutions in Switzerland – came to the conclusion that a MSS Type B would support a desired umbrella function needed in particular by SMEs as it will provide a structure (the harmonized structure) used by MSS and thus will be directly applicable to integrated management systems (IMS).

TC 262 TG5’s broad user survey (ISO TC 262 N864) revealed, that 56% of respondents indicated that their experience with implementing risk management in their organization was either Very Difficult or Difficult (p. 25). This was complemented by the “Lack of good explanation of what the framework offers” as one of the top challenges on the framework level (p. 27). The authors came to the conclusion that it would be necessary to especially consider further guidance on integration with other standards (p. 28). As ISO TC 262 WG 10 already decided to keep ISO 31000 as overarching guidance document for this revision cycle, these challenges will remain unsolved.

Thus, the document provided as NWIP will ensure an effective approach to addressing risks and opportunities as required by Annex SL Appendix 2 clause 6.1 within all kinds of organizations basing their management system on any one or more ISO MSS. It applies for developing countries as well as for developed countries and all sectors using a management system.

The value to society will be a better integration of addressing risk and opportunities (clause 6.1 of the Harmonized Structure) into management systems and better support of the UNSDGs. Addressing risks and opportunities indirectly supports 14 of the 17 UN-SDGS (see enclosure 1 to the justification study – evaluation of the support given by this project to the UN Sustainable Development Goals).