Irm Risk Management Standard

Background

The Risk Management Standard was the result of extensive work by a team drawn from the major risk management organisations in the UK - The Institute of Risk Management, The Association of Insurance and Risk Managers (AIRMIC), and ALARM - The National Forum for Risk Management in the Public Sector.

The members of the respective organisation were extensively canvassed, and the views and opinions of a wide range of other professional bodies with interests in risk management, audit and corporate governance were sought during an intensive period of consultation.

Risk management and corporate governance were seen as rapidly developing business imperatives but there were many, in some cases conflicting, views and descriptions of what they should involve.

Some form of standard was needed to ensure that there was an agreed:

1.        terminology related to the words used

2.        process by which risk management can be carried out

3.        organisational structure for risk management

4.        objective for risk management

The intention was to develop a practical Standard which was not certifiable and was not prescriptive with regard to specific actions and processes but instead set out the principles which were to be followed in the undertaking of a risk management approach to business. Most significantly perhaps, the Standard recognised that risk has both an upside and a downside

The Standard has rapidly become the de facto document for risk management practitioners and for corporations in the UK for the management of risk and to meet corporate governance requirements and is shortly to be presented to the BSi, who encouraged its development, for possible adoption as a British Standard, and potentially to the ISO as the basis of an international standard.

The core subjects of the IRM Diploma are based on the Risk Management Standard.

Risk management is not just something forcorporations or public organisations, butfor any activity whether short or longterm.The benefits and opportunities should be viewed not just in the context ofthe activity itself but in relation to themany and varied stakeholders who can beaffected.There are many ways of achieving theobjectives of risk management and itwould be impossible to try to set them allout in a single document.Therefore it wasnever intended to produce a prescriptivestandard which would have led to a boxticking approach nor to establish acertifiable process. By meeting the variouscomponent parts of this standard, albeit indifferent ways, organisations will be in aposition to report that they are incompliance.The standard represents bestpractice against which organisations canmeasure themselves.The standard has wherever possible usedthe terminology for risk set out by theInternational Organization forStandardization (ISO) in its recentdocument ISO/IEC Guide 73 RiskManagement - Vocabulary - Guidelines foruse in standards.In view of the rapid developments in thisarea the authors would appreciate feedbackfrom organisations as they put the standardinto use (addresses to be found on theback cover of this Guide). It is intendedthat regular modifications will be made tothe standard in the light of best practice.