Introduction to Risk Management Standards

Capital projects are exciting ventures, full of potential for growth and innovation. But let's face it, they also come with their fair share of risks. Unexpected costs, scope creep, and unforeseen delays can quickly turn a promising project into a stressful ordeal.

That's where risk management standards step in. These established frameworks aren't just about winging it and hoping for the best – they provide a structured approach to identifying, assessing, and mitigating the uncertainties that can derail your project.

This guide will take you on a tour of these invaluable standards, showcasing the diverse options used around the globe and highlighting the key ones that can transform your risk management game. Whether you're a seasoned project manager or just starting out, get ready to discover how these standards can empower you to tackle risks head-on and steer your projects towards success.

What is Risk Management?

Risk management is the process of identifying, assessing, and mitigating potential risks that could impact a capital project’s objectives, such as overruns, scope creep, and project delays. Risk Management involves proactively addressing uncertainties, whether technical, financial, regulatory, or stakeholder-related (anything that might affect the project!) to minimize negative outcomes or capitalize on opportunities.  

By embedding risk management into the project via a Risk Management Plan, organizations can make informed decisions, allocate resources efficiently, and increase the likelihood of delivering projects within scope, time, and budget constraints while maintaining stakeholder satisfaction and adhering to quality standards.

What is a Risk Management Plan?

A risk management plan is a written document outlining a framework by which you identify, assess, and mitigate potential risks within your capital project. Risk Management Plans can be written for projects, programs, portfolios, or entire organizations.  

Risk Management Plans function like a system, helping you proactively address risk-related uncertainties. The plan ensures that risks related to cost overruns, scheduling delays, quality issues, regulatory compliance, and stakeholder expectations are managed.  

List of Risk Management Frameworks

Capital Project Owners and businesses working in the construction industry generally rely on structured risk management frameworks and guidelines from reputable organizations such as:

• International Organization for Standardization
• Committee of Sponsoring Organizations (COSO)
• Project Management Institute’s Project Management Body of Knowledge (PMBOK)
• National Institute for Standards and Technology

These organizations provide comprehensive frameworks, principles, and practices for managing risks effectively, so you don’t have to consider the best approach. This ‘best practice’ information is compiled into a ‘standard’ that takes the form of a long, long document you can refer to! Did we say long? To make things easy, we’ve done all the reading and provided this comprehensive list of key risk management standards applicable to capital projects across different regions so you can select the right one to apply.

Check out our blog on Risk Management Frameworks.

International Organization for Standardization

1. ISO 31000:2018 (Risk Management - Guidelines)

Overview: ISO 31000 provides principles and guidelines for managing risk systematically and transparently.

Highlights:

• Emphasizes integrating risk management into organizational processes.
• Encourages continuous improvement in risk management.
• Focuses on leadership and commitment to foster a risk-aware culture.

2. ISO 21500:2021 (Project, Programme and Portfolio Management)

Overview: This standard guides project, program, and portfolio management, including critical aspects of risk management. It applies to most organizations, including public and private organizations, and is not dependent on their size and type. It also applies to any project, program, and portfolio, regardless of complexity, size, or duration.

Highlights:

• Defines key risk management processes, such as identification, assessment, and treatment.
• Aligns project management principles with the broader risk management framework.
• Facilitates effective governance and decision-making.

PMBOK

3. The Practice Standard for Project Risk Management

• Overview: The PMBOK (Project Management Body of Knowledge) Guide is a widely recognized standard for project management and covers risk management as it is applied to single projects only
• Highlights:
• Provides a structured approach to risk identification, assessment, and mitigation.
• Incorporates both qualitative and quantitative risk analysis techniques.
• Emphasizes stakeholder involvement in the risk management process.

4. The Standard for Risk Management in Portfolios, Programs, and Projects

• Overview: Update and expand upon the Practice Standard, which extends to include Programs and Portfolios.
• Highlights:
• Provides a structured approach to risk identification, assessment, and mitigation.
• Incorporates both qualitative and quantitative risk analysis techniques.
• Emphasizes stakeholder involvement in the risk management process.  

Committee of Sponsoring Organizations (COSO)

5. (COSO) ERM Framework

Overview: The COSO Enterprise Risk Management (ERM) Framework is a comprehensive framework for managing risks at the enterprise level.

Highlights:

• Aligns risk management practices with business strategy.
• Focuses on risk appetite and tolerance, embedding them into decision-making.
• Provides a structured approach for assessing and responding to risks.

Standards Australia Localised Standards

6. AS/NZS ISO 31000:2018 (Australia/New Zealand)

Overview: This regional standard aligns with ISO 31000 but is tailored to address the specific requirements of Australia and New Zealand.

Highlights:

• Incorporates region-specific guidelines and best practices.
• Emphasizes integrating risk management with organizational culture.
• Promotes a consistent, cross-industry risk management approach.

China National Standard

7. GB/T 24353-2009 (Risk Management)

Overview: GB/T 24353-2009 is China’s national standard for risk management.

Highlights:

• Focuses on systematic risk identification and assessment methodologies.
• Emphasizes the importance of organizational leadership in risk management.
• Provides specific guidelines for risk response and control.

British Standards - United Kingdom (UK)

8. BS 31100:2011 (Risk Management - Code of Practice)

Overview: BS 31100 is a British standard that provides practical guidance for risk management and is aligned with ISO 31000.

Highlights:

• Defines a code of practice for establishing, implementing, and maintaining risk management.
• Offers guidance for embedding risk management into governance frameworks.
• Promotes a risk-aware culture across organizations.

9. Axelos M_o_R (Management of Risk - AXELOS)

Overview: Axelos is a joint venture set up by the British Government to develop, manage, and operate qualifications in best practice in methodologies formerly owned by the Office of Government Commerce. ‘Management of Risk’ (M_o_R) is a structured framework by Axelos designed to support risk management in programs and projects.

Highlights:

• Offers a comprehensive framework covering all aspects of risk management.
• Emphasizes tailoring risk management processes to specific organizational needs.
• Includes best practices for integrating risk management into strategic decision-making.

Institute of Risk Management South Africa

10. Risk Management Standard (RMS-IRMSA)

Overview: The RMS-IRMSA is a risk management standard developed by the Institute of Risk Management South Africa (IRMSA), adopted across various African countries, including some in the MENA region.

Highlights:

• Aligns with international best practices while addressing regional specificities.
• Provides a structured approach to integrating risk management into organizational processes.
• Emphasizes a proactive risk management culture.

Conclusion

Following a risk management standard from any of the above will save a lot of time and gain valuable insights and guidelines to tailor your risk management approach.  

By adopting these best practices, organizations can enhance risk awareness, improve decision-making, and achieve project objectives more efficiently. Embracing these standards as part of your risk management plan fosters a proactive and systematic approach, helping your organization navigate uncertainties and deliver successful projects consistently.

‍