The Importance of Risk Management: What is Missing in ISO Standards?

Björnsdóttir, Svana Helen; Jensson, Páll; Boer, Robert J. de; Thorsteinsson, Saemundur E.

doi:10.1111/risa.13803

Cited by 16 publications

(22 citation statements)

References 27 publications

(194 reference statements)

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Certification audits aim at verifying that the quality is as defined by an organization, whatever it may be. Now that risk management has become an important part of all ISO management systems standards (since 2015) [8,14], the question arises as to whether risk should be treated in a similar way. That is, if the willingness to take risk and the risk taken in ISO certified organizations is entirely the decision of the organizations' managers, and if not, how to evaluate the quality of the risk management.…”

Section: Context For the Studymentioning

confidence: 99%

“…Section 2.2 reviews the risk management guidelines in ISO 31000, the structure, and use of the standard. Section 2.3 reviews selected scientific literature on risk issues in risk management systems, selection based on findings in recent article on risk management guidelines [8]. Section 3 describes the development of a benchmarking model used in this article for reviewing and evaluating the six real-life ISO risk management systems in this study.…”

Section: Context For the Studymentioning

confidence: 99%

“…According to the authors' experience, the application of ISO standards and ISO certifications are no assurance of the efficacy of a risk management system. The risk terminology in ISO standards is not aligned with risk science and the ISO standards give limited guidance on how to analyze, assess, and manage risk [8]. Therefore, the aim of this study was twofold:…”

Section: Introductionmentioning

confidence: 99%

“…They were interested in finding ways to evaluate the efficacy of their risk management systems in terms of finding hidden organizational risks through the risk assessment process used by the organizations, and to improve their risk analysis technique. Based on a previous study [8], it is hypothesized that certain risk issues will be evident in practice, provided a benchmarking tool (model) can be applied. Examples of such issues are the ability to capture risk in complex systems and that risk criteria can be unclear in ISO risk management systems.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Benchmarking ISO Risk Management Systems to Assess Efficacy and Help Identify Hidden Organizational Risk

et al. 2022

Self Cite

View full text Add to dashboard Cite

The overall aim of this article is to contribute to the further development of the area of benchmarking in risk management. The article introduces a two-step benchmarking model to assess the efficacy of ISO risk management systems. It furthermore aims at verifying its usefulness in terms of finding hidden risk issues and improvement opportunities. The existence of all key elements of an ISO 31000-based risk management system is examined at the beginning of this study. Then, the quality in terms of efficacy of important aspects of the risk management system is examined in more detail with special benchmarks. The application of the model to six ISO-certified organizations follows and reinforces the novelty of this study, which is to combine risk science knowledge with benchmarking theory in the application of ISO risk management standards in organizations. The results show that the benchmarking model developed in this study provides rigor when assessing and evaluating the efficacy of an ISO risk management system. By applying the model, risk issues and risk factors can be found that had not previously been identified. The findings are of importance for risk management, the benchmarking science, and for the development of ISO risk management standards.

show abstract

Section: Context For the Studymentioning

confidence: 99%

Section: Context For the Studymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Benchmarking ISO Risk Management Systems to Assess Efficacy and Help Identify Hidden Organizational Risk

et al. 2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…The development of the proposed structure encompasses integration, design, implementation, evaluation and ultimately the improvement of the risk management process, thus supporting the institution in governance and significant activities (ISO, 2018). This structure allows current practices to be assessed and any gaps, which prevent the optimization of risk management, to be filled (BJÖRNSDÓTTIR et al, 2021).…”

Section: Iso 31000mentioning

confidence: 99%

Similarities and differences between COSO ERM and ISO 31000 - descriptive and content analyzes

Rampini¹,

Berssaneti²

2022

Anais Do Encontro Nacional De Engenharia De Produção

View full text Add to dashboard Cite

The academic interest on risk management research increased over the last years. What was previously treated in isolation, these days are essential to be treated by the entire company. Thus, the parts that make up the risk processes of the organizations must be studied in a continuous way aiming at optimizing the whole process. Despite having several guidelines, COSO ERM and ISO 31000 are the most accepted by risk management professionals. Therefore, the present article aims to outline a profile on COSO ERM and ISO 31000 into the scientific productions and highlight the main similarities and differences between them. In order to reach the objective, a descriptive and a content analysis was carried out, with samples of documents extracted from the Web of Science Core Collection database, from 2017 to 2021. After the analyzes, it was possible to identify the consistent evolution of the publications, diversity of journals interested in the subject, interdisciplinarity between quality management and risk management and finally list differences and similarities between COSO ERM and ISO 31000.

show abstract

Risk Management and Contingency Planning

Firoozi,

Firoozi

2024

Digital Innovations in Architecture, Engineering and Construction

View full text Add to dashboard Cite

The Importance of Risk Management: What is Missing in ISO Standards?

Cited by 16 publications

References 27 publications

Benchmarking ISO Risk Management Systems to Assess Efficacy and Help Identify Hidden Organizational Risk

Benchmarking ISO Risk Management Systems to Assess Efficacy and Help Identify Hidden Organizational Risk

Similarities and differences between COSO ERM and ISO 31000 - descriptive and content analyzes

Risk Management and Contingency Planning

Contact Info

Product

Resources

About