All enterprises and organizations are exposed to risks that jeopardize success in business and may result in massive economic losses. To manage these threats properly and reduce hazards consistently, the normative series ONR 49000 that comprises several documents and is well proven beyond Austria's borders was developed at Austrian Standards several years ago. Revised versions were published at the beginning of this year.
Risk management is applied in diverse areas: industry- or sector-specific legislation and voluntary standards refer to it to ensure the safety of certain groups of persons, such as consumers, patients and employees and to facilitate the trade in goods and services. Likewise, regulatory requirements for banks and insurance companies stipulate that the capital needed is determined by the overall risk involved in business activities.
All those applications necessitate not only a common process and recognized methods for assessing, managing and monitoring risks. It is also necessary to demonstrate how risk management is perceived and borne as a responsibility of an organization's top management and executives and how it is embedded into the management system.
The specifications of the series ONR 49000 "Risk management for organizations and systems" support the practical implementation of the International Standard ISO 31000 "Risk management – Principles and guidelines". ISO 31000 is fully integrated into ONR 49000 and ONR 49001.
The most important new aspects of the revised 2014 edition include primarily the alignment with the current structure of international management system standards such as ISO 9001 as well as the focus on human factors as a source of risk and their significance for risk reduction.
Moreover, a maturity model (from "passive" to "reactive" and "calculative" to "proactive" and "mature") outlines the steps to enhance and improve risk management in ONR 49001 that deals with the risk management system and process. Requirements and procedures as well as a comprehensive check list for the audit of risk management systems are included in a separate annex of ONR 49001.
In addition to guidance for risk management in complex organizations, several new methods, such as "world café", "citizens' conference" and "London protocol", are introduced and illustrated in a rich annex together with examples of risk criteria. Furthermore, emergency, crisis and business continuity management now form an integral part of the management of residual risks. Dipl.-Ing. Josef Winkler, the committee manager in charge at Austrian Standards: "According to the experts, the clarification of this interface constitutes great progress and prevents that emergency, crisis and business continuity management are compartmentalized areas within the framework of management systems."
Author: Johannes Stern
ONR 49000 Risk Management for Organizations and Systems – Terms and basics – Implementation of ISO 31000
ONR 49001 Risk Management for Organizations and Systems – Risk Management – Implementation of...
ONR 49002 Risk Management for Organizations and Systems;
Part 1: Guidelines for embedding the risk management in the management system – Implementation of...
Part 2: Guideline for methodologies in risk assessment – Implementation of...
Part 3: Guidelines for emergency, crisis and business continuity management – Implementation of...
ONR 49003 Risk Management for Organizations and Systems – Requirements for the qualification of the risk manager – Implementation of...
ÖNORM ISO 31000 Risk management – Principles and guidelines
The ONRs on risk management will soon become available in English and French.
PR-ID 0709-2014-03-19 / revision_risk_management