Dorothy Gjerdrum is Chair of the U.S. Technical Advisory Group (TAG) for Risk Management, which worked on the draft standard, “Risk Management—Principles and Guidelines on Implementation” (ISO 31000).
In this interview, Gjerdrum provides a recap of the ISO 31000 working group’s November 2008 meeting in Singapore.
You and Wayne Salen attended the ISO 31000 working group’s sixth and final meeting held from November 24-28, 2008 in Singapore. Since this marked the first meeting the U.S. attended, what was your overall impression of it?
The 18 countries represented at the meeting included Singapore, Malaysia, Austria, the Netherlands, Canada, Israel, South Africa, Japan, France, China, New Zealand, Germany, Switzerland, the United Kingdom, Brazil, Australia, Ireland and the U.S. This was the working group’s sixth meeting but the first meeting at which the U.S. had representation. The majority of the working group had already spent many hours working out detailed language related to the definition of risk, the outline of the framework and the risk management process.
My overall impression was that the group was both happy and puzzled that the U.S. had sent representatives to this meeting, and several delegates privately expressed their gratitude for our participation. However, the group as a whole rejected most of our substantive comments because they were submitted so late in the process. As a result, for future revisions, I would strongly suggest that the U.S. contribute throughout the entire process and participate in all working group meetings.
Thirty risk management terms will be defined and included in ISO 31000 and Guide 73. How will these definitions help enhance both documents?
It is important to define the key terms used in ISO 31000 so that all readers will have a common understanding. Thirty specific definitions are included in ISO 31000. Those 30 definitions are included in Guide 73, which adds another 20 definitions related to risk. Guide 73 is intended for broader use. The intention is that all other standards groups will be able to refer to Guide 73 for definitions related to the process of risk management (without having to follow ISO 31000). As an aside, ISO is currently building a terminology database, which will allow for easy reference to defined terms throughout ISO documents. Unless a more specific definition is created within a specific standard, the definitions published in the guide will be normative.
ISO 31000 will now be voted on as a final draft international standard (FDIS). How does the voting process for FDISs work?
At this point, an editorial committee is reviewing the standard to ensure that all agreed-upon changes from the November 2008 meeting are included and in concurrence. The editorial committee can also correct grammatical errors. The document will also be translated into French. No more technical changes to the standard will be considered. As soon as the standard is prepared in final form, a final vote will be taken (one vote from each member country). The working group also urged ISO to adopt Guide 73 as quickly as possible so that the two documents can be concurrently published.
As a liaison to the ISO 31010 working group, the ISO 31000 chair has proposed aligning the 31010 and 31000 standards. What does ISO 31010 cover, and what would be the benefit of aligning these standards?
ISO 31010 is a draft standard on the risk assessment process. This originated as a proposal (from Canada) to the working group to be included in ISO 31000, but ISO decided to split it into a separate standard. There are good intentions to align the two, and the ISO 31000 Chair is a liaison to the 31010 working group. The risk assessment process is an important component of the overall risk management process, so the two must be aligned.
Have other countries decided to reevaluate or revise their own risk management standards in light of ISO 31000?
Yes, there is much activity! ISO 31000 will become the operating standard in many countries that do not currently have one. Great Britain has recently adopted a new risk management standard (November 2008). The UK began the process to revise their standard before the ISO proposal emerged, although it references it. ISO 31000 will replace the popular Australia-New Zealand standard. The Institute of Internal Auditors in Australia has requested that COSO be revised in light of ISO 31000. And last but not least, the Canadian TAG is already working on a publication that will provide guidance for practitioners who want to implement ISO 31000.
Dorothy Gjerdrum, ARM-P is the Executive Director of Arthur J. Gallagher Brokerage & Risk Management Services’ Public Entity and Scholastic Division. She works with public sector clients and brokers across the U.S., focusing on risk management, exposure identification, pool operations and enterprise risk management. She is also Chair of the U.S. TAG for Risk Management.
Gjerdrum has more than 20 years of industry experience, including ten years in risk management at the New Mexico Association of Counties insurance pools. She is a guest speaker and published author on current and emerging risk management issues in the public sector.