Category Archive: ISO 31000


ISO 31000: an update

For those new to ISO 31000  – Risk management – Principles and Guidelines – published by the International Standards Organization – my profoundly negative view of it can be found in earlier postings . ISO 31000 has spawned, at the moment of writing, 2.9 million Google hits. I cannot say that none of them addresses …

Continue reading »


Is ISO 31000 fit for purpose?

The debate “Is ISO 31000 fit for purpose” is the headline above a debate published in the June edition of Risk Management Professional – for online version click here. The “debate” consisted of an abbreviated version of my blog – “ISO 31 000: Dr Rorschach meets Humpty Dumpty” -­‐ and a “rebuttal” by Grant Purdy, …

Continue reading »


ISO 31000: the debate warms up

Until recently most online discussion of ISO 31000 has been confined to a friendly Linkedin site for supporters: two quotations – “I know the ISO 31000 and think it’s almost perfect” and “I think the ISO 31000 definition of risk is great” – will convey the flavor of the critical discussion to be found on …

Continue reading »


ISO 31000: Dr Rorschach meets Humpty Dumpty

Much advice is proffered in cyberspace about how to manage risk: at the time of writing, tapping “risk management” into Google yielded 72 million hits. Do you sometimes (frequently?) on reading risk management guidance get to the end without a clue as to what the guide expects you, the risk manager, to actually do? I …

Continue reading »