ISO 31000:2018 is the world’s foremost risk management standard. The Standard provides guidelines, principles, framework, and a process for managing risk.
The standard explicitly states that it should NOT be used for certification or registration. But, it is.
So, what’s going on? We can only speculate. But, here goes:
We now live and work in VUCA (Volatility, Uncertainty, Complexity, Ambiguity) time. More companies want to be RISK audited and certified by an independent Certification Body (CB).
And, more CB’s are working to use ISO 31000:2018 as a standard for certification.
According to this press release, TUV India certified Cholamandalam MS General Insurance Company Limited to ISO 31000: 2018. According to press release issued in India, the certified insurance company stated that it has been certified for applying the risk management system in line with the standards.
“Chola MS has regularly demonstrated its commitment towards strengthening risk management processes and in establishing benchmarks in the industry at par with global leaders. We are happy to have become a ISO 31000:2018 certified general insurance company.”
Many ISO purists will see these event as another example of third party certification and schema’s going under because of a lack of consistency, enforcement, and quality. We all know the hand wringing . Auditors are not trained or capable in risk based auditing. Certification bodies are not consistent. Enforcement is lacking. Customer and CB’s are going their own way. And so on …
We do know the following: The state of the ISO certification markets is changing. Companies don’t seem to be renewing their certifications in ISO 14,001, ISO 9001 and other critical standards. New companies are not registering. So, what is the certification sector gonna do?
This is a million or even a billion dollar question.
The global CB’s are losing millions of dollars in revenue. How can they recoup this revenue? The conventional wisdom is that certification bodies will be moving into new certification areas in many cases outside of the ISO schemas. We also think that CB’s will be inventing new risk based certification schemes based on national and international standards.
ISO and quality consultants are also smelling opportunity. In real terms, ISO consulting revenue is down 50% or more over the last 10 years. Quality consultants see ISO adding risk and Risk Based Thinking to ISO standards as being their full employment act. Risk management consulting and certification are a boon for former quality consultants who have to replenish their incomes.
The new challenge is many quality consultants can’t spell ‘risk.’ OK. This is a joke. But, the truth still hurts.
So, stay tuned. I think we’re in for a bumpy and really interesting ride for third, second, and single party (self) certifications based on risk.
Traditional ISO folks will wring their hands. The opportunists will say ‘show me da money.’ It’s going to be a fun ride with it being all good.
Leave a Reply