ISO 31000 and 38500 Risk Management Worldwide Standards
The International Organization for Standardization's (ISO)1 international standards cover a wide range of areas, ranging from defining the dimensions of fastener screw threads in an automobile engine to the thickness of a personal credit card to information technology (IT) quality standards. These standards also have been expanded over the years to cover areas that are important for enterprise governance and quality. For example, compliance with ISO quality management standards such as ISO 9000 is essential for manufacturing and service enterprises worldwide. Although many ISO standards have been with us for years, this chapter introduces two newer but important international standards that are important to both the effective implementation of Committee of Sponsoring Organizations Enterprise Risk Management (COSO ERM) and improving governance, risk, and compliance (GRC) processes.
This chapter will first introduce ISO 31000, an international standard for enterprise risk management. This set of guidance materials was first launched in the early 1990s by IT standards-setting authorities in New Zealand and Australia. It was then adopted by Canada and other British Commonwealth authorities. During this same period COSO ERM, the major topic in this book, was released as well and the ISO 31000 risk management standard was issued in 2009. COSO ERM and ISO 31000 have similar objectives, and we can expect to view them even ...