Читать книгу Risk Assessment - Georgi Popov - Страница 41

The American National Standard, ANSI/ASSP/ISO 31000‐2018 Risk Management standard and ANSI/ASSP/ISO 31010‐2019 Risk Management – Risk Assessment are fundamental consensus standards for the practice of managing risk. Specifically, ANSI/ASSP/ISO 31000 provides guidance on the principles, framework, and process for risk management (as shown in Figure 2.1), while ANSI/ASSP/ISO 31010 is a standard for current good practices in risk assessment as part of the risk management process (shown in Figure 2.2).

Figure 2.1 Risk Management Principles, Framework and Process.

Source: Adopted from ANSI/ASSP/ISO 31000‐2018.

Figure 2.2 The Risk Management Process.

Source: Adopted from ANSI/ASSP/ISO 31000‐2018.

The ISO risk management standards were first published in 2009. These standards were nationally adopted by ANSI in 2011 and include:

 ANSI/ASSP Z690.1‐2011, Vocabulary for Risk Management

 ANSI/ASSP Z690.2‐2011, Risk Management Principles and Guidelines

 ANSI/ASSP Z690.3‐2011, Risk Assessment Techniques

ISO 31010 Risk Assessment standard was first approved in 2011 by the American Society of Safety Professionals (ASSP) in the United States as ANSI/ASSP Z690.3. The standard has since been revised by ISO in 2019 and adopted in the United States as ANSI/ASSP/ISO 31010 Risk Management – Risk Assessment.

ISO 31010 is exclusively about the assessment of risk within the framework and process established in ISO 31000. The risk management perspective on risk assessment is generally broader and higher level than the occupational health and safety perspective. However, the process is essentially the same. ISO 31010 provides guidance on the risk assessment phase of the overall risk management process. The purpose is to provide evidence‐based information and analysis to make informed decisions on how to treat particular risks.

ISO 31010 states that the risk assessment process provides decision‐makers and stakeholders a better understanding of risks that could impact an organization’s business objective, and the efficacy of controls in place, so that the organization can better manage its operational risks. In essence, the risk assessment process provides a basis for decisions to be made regarding the most appropriate risk‐control measures to achieve an acceptable risk level. Without proper risk assessment, risks remain unknown and cannot be adequately managed. The ISO standards on risk management should be an important reference for the safety professional, especially those who work in the risk management and insurance business.