Risk Management Standards

There are several standards for risk management. Despite being called standards they really provide guidance on what comprises good practice. They are fairly straightforward and take you through the plan-do-review management loop, though with a slightly safety-risk orientated bias.

The main one in the UK is BS 31100 Risk management - Code of practice. This was issued in late 2008 after much discussion. You can find a discussion of some of its supposed advantages on the redoubtable Matthew Leitch's website.

You might also like to note the small and straightforward document which is jointly sponsored by the IRM, ALARM and AIRMIC. It is called 'A Risk Management Standard' and can be found on the IRM website for example.

Perhaps the best, most coherent and comprehensive is 'AS/NZS 4360:2004 Risk management' developed in Australia and New Zealand. This has a guidance document as well as the standard itself and provides lots of examples. It can be purchased through its dedicated portal.

However this has now been superseded by ISO 31000, released in 2009, which is avaialable through the same link - more cheaply than on the official ISO site! It is unclear where this leaves the very useful Handbook.