Managing risks through ISO 31000: A critical analysis
Tóm tắt
Managing risks is a strategic challenge for organizations, which must face threats increasingly complex and diverse. Introduced in 2009, the ISO 31000 standard is intended to help organizations to manage in a systematic and comprehensive manner diverse types of risk by offering a universal framework ‘to assist the organization to integrate risk management into its overall management system’ (ISO, 2009a, p. 9). This article aims to shed light on the contributions of this standard, while emphasizing the pitfalls that may arise from misconceptions regarding ISO 31000 and its use as a tool to control risks. Although the ISO 31000 standard has effectively integrated the principles and practices considered most effective by many experts and researchers in the field, the experience feedback from examples of organizational crises in various sectors should lead managers to question how they will integrate it in their organizational strategy. The conclusion suggests that risk management should be seen as a practice-based approach, a strategy that managers do and not a strategy that managers have. In this regard, managers must question their own assumptions in the implementation of such a standard, take into account the specificities of their internal and external organizational environment and remain vigilant in its monitoring.
Tài liệu tham khảo
Alexander, D. (2005) Towards the development of a standard in emergency planning. Disaster Prevention and Management 14 (2): 158–175.
Arvai, J.L. and Froschauer, A. (2010) Good decisions, bad decisions: The interaction of process and outcome in evaluations of decision quality. Journal of Risk Research 13 (7): 845–859.
Ash, J. and Smallman, C. (2010) A case study of decision making in emergencies. Risk Management 12 (3): 185–207.
Attaran, A. et al (2008) Listeriosis is the least of it. Canadian Medical Association Journal 179 (8): 743–744.
Aven, T. (2010) An integrated framework for decision support on risk and uncertainty. Risk Management 12 (4): 285–300.
Baird, I.S. and Thomas, H. (1985) Towards a contingency model of strategic risk-taking. Academy of Management Review 10 (2): 230–243.
Beck, U. (1992) Risk Society. Towards a New Modernity. London, UK: Sage Publications.
Bernard, J.G. et al (2002) Le risque : un modèle conceptuel d’intégration. [Risk: A Conceptual Model of Integration]. Project report. Centre interuniversitaire de recherche en analyse des organisations (CIRANO), Montréal.
Blake, A. and Sinclair, M.T. (2003) Tourism crisis management. US response to September 11. Annals of Tourism Research 30 (4): 813–822.
Boholm, A. (2010) On the organizational practice of expert-based risk management: A case of railway planning. Risk Management 12 (4): 235–255.
Boholm, A., Corvellec, H. and Karlsson, M. (2012) The practice of risk governance: Lessons from the field. Journal of Risk Research 15 (1): 1–20.
Boin, A. (2009) The new world of crises and crisis management: Implications for policymaking and research. Review of Policy Research 26 (4): 367–377.
Boin, A. and Lagadec, P. (2000) Preparing for the future: Critical challenges in crisis management. Journal of Contingencies and Crisis Management 8 (4): 185–191.
Boin, A. and McConnell, A. (2007) Preparing for critical infrastructure breakdowns: The limits of crisis management and the need for resilience. Journal of Contingencies and Crisis Management 15 (1): 50–59.
Boiral, O. (2003) ISO 9000. Outside the iron cage. Organization Science 14 (6): 720–737.
Boiral, O. (2007) Corporate greening through ISO 14001: A rational myth? Organization Science 18 (1): 127–146.
Boiral, O. and Roy, M.J. (2007) ISO 9000: Integration rationales and organizational impacts. International Journal of Operations and Production Management 27 (2): 226–247.
Buus, S. and Olsson, E.K. (2006) SARS crisis: Was anybody responsible? Journal of Contingencies and Crisis Management 14 (2): 71–81.
Christmann, P. and Taylor, G. (2006) Firm self-regulation through international certifiable standards: Determinants of symbolic versus substantive implementation. Journal of International Business Studies 37 (4): 863–878.
Collier, R. (2008) Shifting to food industry self-monitoring may be hazardous. Canadian Medical Association Journal 179 (8): 755–756.
Corvellec, H. (2009) The practice of risk management: Silence is not absence. Risk Management 11 (3): 285–304.
Corvellec, H. (2010) Organizational risk as it derives from what managers value: A practice-based approach. Journal of Contingencies and Crisis Management 18 (3): 145–154.
Couch, S.R., Wade, B. and Kindler, J.D. (2008) Victims' groups following the 9/11 terrorist attacks. Sociological Inquiry 78 (2): 248–257.
Crichton, M.T., Flin, R. and Rattray, W. (2000) Training decision makers – Tactical decision games. Journal of Contingencies and Crisis Management 8 (4): 208–217.
Dechy, N., Bourdeaux, T., Ayrault, N., Kodek, M.C. and Le Coze, J.C. (2004) First lessons of the Toulouse ammonium nitrate disaster, September, 21st, AZF plant, France. Journal of Hazardous Materials 111 (1–3): 131–138.
De Lima, M.L. (2004) Images of the public in the debated about risk. Consequences for participation. Portuguese Journal of Social Science 2 (3): 149–163.
Denis-Rémis, C. (2006) How can insurance benefit from more effective training programmes: The case of behavioural mitigation. International Journal of Emergency Management 3 (1): 73–82.
Deverell, E. and Olsson, E.K. (2010) Organizational culture effects on strategy and adaptability in crisis management. Risk Management 12 (2): 116–134.
Di Maggio, P.J. and Powell, W.W. (1983) The iron cage revisited: Institutional isomorphism and collective rationality in organizational field. American Sociological Review 48 (2): 147–160.
Douglas, M. and Widalvsky, A. (1982) Risk and Culture: An Essay on the Selection of Technical and Environmental Dangers. Berkeley, CA: University of California Press.
Drummond, H. and Chell, E. (1994) Crisis management in a small business: A tale of two solicitor's firms. Management Decision 32 (1): 37–40.
Duclos, D. (1987) La construction sociale du risque : le cas des ouvriers de la chimie face aux dangers industriels [The social construction of risk: The case of chemical workers facing industrial hazards]. Revue française de sociologie 28 (1): 17–42.
Dynes, R.R. (1983) Problems in emergency planning. Energy 8 (8–9): 653–660.
Dynes, R.R. (1994) Community emergency planning: False assumptions and inappropriate analogies. International Journal of Mass Emergencies and Disasters 12 (2): 141–158.
Ertmer, P.A. and Newby, T.J. (1996) The expert learner: Strategic, self-regulated, and reflective. Instructional Science 24 (1): 1–24.
Evans, N. and Elphick, S. (2005) Models of crisis management: An evaluation of their value for strategic planning in the international travel industry. The International Journal of Tourism Research 7: 135–150.
Ewald, F. (1986) L'Etat providence (The Welfare State). Editions Grasset et Fasquelle, Paris.
Faraj, S. and Xiao, Y. (2006) Coordination in fast-response organisations. Management Science 52 (8): 1155–1169.
Faulkner, B. (2001) Towards a framework for tourism disaster management. Tourism Management 22 (2): 135–147.
Fischhoff, B., Slovic, P., Lichtenstein, S., Read, S. and Combs, B. (1978) How safe is safe enough? A psychometric study of attitudes towards technological risks and benefits. Policy Sciences 9 (2): 127–152.
Galland, J.P. (2003) Calculer, gérer, réduire les risques: des actions disjointes? [Calculating, managing and reducing risks: Unconnected actions?] Annales des ponts et chaussées 105: 37–45.
Gephart, R.P., Van Maanen, J. and Oberlechner, T. (2009) Organizations and risk in late modernity. Organization Studies 30 (2–3): 141–155.
Gherardi, S. and Nicolini, D. (2000) To transfer is to transform: The circulation of safety knowledge. Organization 7 (2): 329–348.
Giddens, A. (1991) Modernity and Self-Identity. Stanford, CA: Stanford University Press.
Gilbert, C. (2007) Crisis analysis: Between normalization and avoidance. Journal of Risk Research 10 (7): 925–940.
Gillet, C. (2011) Risque et excellence d’une destination touristique : l’exploration de la relation entre deux concepts antinomiques [Risk and excellence of tourist destination: The exploration of the relationship between two contradictory concepts]. Téoros [Online], 30(1): http://teoros.revues.org/1258.
Glaesser, D. (ed.) (2006) Crisis Management in the Tourism Industry. Oxford, UK: Butterworth-Heimann.
Gralepois, M. (2008) Les risques collectifs dans les agglomérations françaises. Contours et limites d’une approche territoriale de prévention et de gestion des risques à travers le parcours des agents administratifs locaux [Collective risk in French cities. Contours and limitations of a territorial approach to risk prevention and management through the experience of local administrators]. PhD thesis. Université Paris-Est, Laboratoire Territoires, Techniques et Sociétés, CNRS.
Godet, M. (2000) The art of scenarios and strategic planning: Tools and pitfalls. Technological Forecasting and Social Change 65: 3–22.
Grandy, G. and Mills, A.J. (2004) Strategy as simulacra? A radical reflexive look at the discipline and practice of strategy. Journal of Management Studies 41 (7): 1153–1170.
Greenberg, J. and Elliott, C. (2009) A cold cut crisis: Listeriosis, Maple Leaf Foods, and the politics of apology. Canadian Journal of Communication 34 (2): 189–204.
Hansson, S.O. (2005) Seven myths of risk. Risk Management 7 (2): 7–17.
Harrald, J.R., Marcus, H. and Wallace, W.A. (1990) The Exxon Valdez: An assessment of crisis prevention and management systems. Interfaces 20 (5): 14–30.
Hart, P. (1997) Preparing policy makers for crisis management: The role of simulations. Journal of Contingencies and Crisis Management 5 (4): 207–215.
Hart, P., Heyse, L. and Boin, A. (2001) Guest editorial introduction. New trends in crisis management practice and crisis management research: Setting the agenda. Journal of Contingencies and Crisis Management 9 (4): 181–188.
Health Canada (2003) Learning from SARS. Renewal of Public Health in Canada. National Advisory Committee on SARS and Public Health, Canada, http://www.hc-sc.gc.ca/english/protection/warnings/sars/learning.html, accessed March 2011.
Hendry, J. (2000) Strategic decision making, discourse, and strategy as social practice. Journal of Management Studies 37 (7): 955–957.
Herbane, B. (2010) Small business research: Time for a crisis-based view. International Small Business Journal 28 (1): 43–64.
Howard, A. (1996) High-involvement leadership: Moving from talk to action. Career Development International 1 (1): 6–10.
Hutchins, H.M., Annulis, H. and Gaudet, C. (2008) Crisis planning. Survey results from Hurricane Katrina and implications for performance improvement professionals. Performance Improvement Quarterly 20 (3/4): 27–51.
Hutchins, H.M. and Wang, J. (2008) Organizational crisis management and human resource development: A review of the literature and implications to HRD research and practice. Advances in Developing Human Resources 10 (3): 310–330.
Jarzabkowski, P. and Spee, A.P. (2009) Strategy-as-practice: A review and future directions for the field. International Journal of Management Reviews 11 (1): 69–95.
Kelman, I. (2006) Warning for the 26 December 2004 tsunamis. Disaster Prevention and Management 15 (1): 178–189.
Krimsky, S. and Golding, D. (1992) Social Theories of Risk. Westport, CT: Praeger.
Lagadec, P. (2004) Understanding the French 2003 heat wave experience: Beyond the heat, a multi-layered challenge. Journal of Contingencies and Crisis Management 12 (4): 160–169.
Lalonde, C. (2007) Primary healthcare organizations facing a disaster: The Quebec experience. Disaster Prevention and Management. An International Journal 16 (1): 42–55.
Lalonde, C. (2010) Organisational socialisation in a crisis context. Disasters 34 (2): 360–379.
Lalonde, C. (2011) Managing crises through organisational development. A conceptual framework. Disasters 35 (2): 443–464.
Lalonde, C. (2012) A diagnostic method in the study of management disaster: A review of fundamentals and practices. In: J.P. Tiefenbacher (ed.) Approaches to Managing Disaster Assessing Hazards, Emergencies and Disaster Impacts. Texas, USA: InTech Publisher.
Lanska, D.J. (1998) The mad cow problem in the UK. Risk perceptions, risk management, and health policy development. Journal of Public Health Policy 19 (2): 160–183.
Laporte, T. (1994) A Strawman speaks up: Comments on The Limits of Safety. Journal of Contingencies and Crisis Management 2 (4): 207–211.
Leitch, M. (2010) ISO 31000: 2009 – The new international standard on risk management. Risk Analysis 30 (6): 887–892.
Lerbinger, O. (1997) The Crisis Manager. Facing Risk and Responsibility. Mahwah, NJ: Lawrence Erlbaum Associates.
Leveson, N., Dulac, N., Marais, K. and Carroll, J. (2009) Moving beyond normal accidents and high reliability organizations: A systems approach to safety in complex systems. Organization Studies 30 (2–3): 227–249.
Linnerooth-Bayer, J., Löfstedt, R. and Sjötedt, G. (2001) Transboundary Risk Management. London, UK: Earthscan Publications.
Lupton, D. (1999) Risk. London: Routledge.
Malenfant, R. (2009) Risk, control and gender: Reconciling production and reproduction in the risk society. Organization Studies 30 (2–3): 205–227.
Marshall, B.K. and Picou, J.S. (2008) Postnormal science, precautionary principle, and worst cases: The challenge of twenty-first century. Sociological Inquiry 78 (2): 230–247.
McConnell, A. and Drennan, L. (2006) Mission impossible? Planning and preparing for crisis. Journal of Contingencies and Crisis Management 14 (2): 59–70.
McEntire, D. and Myers, A. (2004) Preparing communities for disasters: Issues and processes for government readiness. Disaster Prevention and Management 13 (2): 140–152.
Meyer, J.W. and Rowan, B. (1977) Institutionalized organizations: Formal structure as myth and ceremony. American Journal of Sociology 83 (2): 340–363.
Mintzberg, H. (1994a) Rethinking strategic planning. Part I: Pitfalls and fallacies. Long Range Planning 27 (3): 12–21.
Mintzberg, H. (1994b) Rethinking strategic planning. Part II: New roles for planners. Long Range Planning 27 (3): 22–23.
Mitroff, I.I. and Alpasian, M.C. (2003) Preparing for evil. Harvard Business Review 81 (4): 109–115.
Monterrubio, J.C. (2010) Short-term economic impacts of influenza A (H1N1) and government reaction on the Mexican tourism industry: An analysis of the media. International Journal of Tourism Policy 3 (1): 1–15.
Noji, E.K. (2001) The global resurgence of infectious diseases. Journal of Contingencies and Crisis Management 9 (4): 223–232.
Ojala, M. and Hallikas, J. (2006) Investment decision-making in supplier networks: Management of risk. International Journal of Production Economics 104 (1): 201–213.
Oloruntoba, R. (2005) A wave of destruction and the waves of relief: Issues, challenges and strategies. Disaster Prevention and Management 14 (4): 506–521.
Parker, C.F., Stern, E., Paglia, E. and Brown, C. (2009) Preventable catastrophe? The Hurricane Katrina disaster revisited. Journal of Contingencies and Crisis Management 17 (4): 206–220.
Pauchant, T.C. (1990) We’re So Big and Powerful Nothing Bad Can Happen to Us. New York: Carol Publishing Group.
Pearson, C.M. and Clair, J.A. (1998) Reframing crisis management. Academy of Management Review 23 (1): 59–76.
Pearson, C.M. and Mitroff, I.I. (1993) From crisis prone to crisis prepared: A framework for crisis management. Academy of Management Executive 7 (1): 48–59.
Peretti-Watel, P. (2001) La société du risque [The Risk Society]. Paris, France: Éditions La Découverte.
Perret, H., Audétat, M., Bordogna-Petriccione, B., Joseph, C. and Kaufmann, A. (2005) Approches du risque : une introduction [Addressing Risk: An Introduction]. Geneva, Switzerland: Les Cahiers du RIBios, Institut Universitaire d’Études du Développement (IUED).
Perrow, C. (1999) Normal Accidents: Living with High-Risk Technologies. New York, USA: Basic Books.
Perry, R. (2004) Disaster exercise outcomes for professional emergency personnel and citizen volunteers. Journal of Contingencies and Crisis Management 12 (2): 64–75.
Perry, R. and Lindell, M.K. (2003) Preparedness for emergency response: Guidelines for the emergency planning process. Disasters 27 (4): 336–350.
Pollard, D. and Hotho, S. (2006) Crises, scenarios and the strategic management process. Management Decision 44 (6): 721–736.
Poumadère, M., Mays, C., Le Mer, S. and Blong, R. (2005) The 2003 heat wave in France: Dangerous climate change here and now. Risk Analysis 25 (6): 1483–1494.
Power, M. (2004) The risk management of everything. The Journal of Risk Finance 5 (3): 58–65.
Power, M. (2009) The risk management of nothing. Accounting, Organizations and Society 34 (6/7): 849–855.
Purdy, G. (2010) SO 31000: 2009 – Setting a new standard for risk management. Risk Analysis 30 (6): 881–886.
Quarantelli, E.L. (1988) Disaster crisis management: A summary of research findings. Journal of Management Studies 25 (4): 373–385.
Quarantelli, E.L. (1996) The future is not the past repeated: Projecting disasters in the 21st century from current trends. Journal of Contingencies and Crisis Management 4 (4): 228–240.
Quarantelli, E. (2001) Another selective look at future social crises: Some aspects of which we can already see in the present. Journal of Contingencies and Crisis Management 9 (4): 233–237.
Quarantelli, E.L., Lagadec, P. and Boin, A. (2007) A heuristic approach to the future disasters and crises. In: H. Rodriguez, E. Quarantelli and R.R. Dynes (eds.) Handbook of Disaster Research. New York, USA: Springer, pp. 16–41.
Raz, T. and Hillson, D. (2005) A comparative review of risk management standards. Risk Management 7 (4): 53–66.
Renn, O. (1998) The role of risk perception for risk management. Reliability, Engineering and System Safety 59 (1): 49–62.
Rerup, C. (2001) Houston, we have a problem: Anticipation and improvisation as sources of organizational resilience. Comportamento Organizacional E Gestào 7 (1): 27–44.
Ritchie, B.W. (2004) Chaos, crises and disasters: A strategic approach to crisis management in the tourism industry. Tourism Management 25 (6): 669–683.
Robert, B. and Lajtha, C. (2002) A new approach to crisis management. Journal of Contingencies and Crisis Management 10 (4): 181–191.
Rochlin, G. (1996) Reliable organizations: Present research and future directions. Journal of Contingencies and Crisis Management 4 (2): 55–59.
Rochlin, G. (1999) Safe operation as a social construct. Ergonomics 42 (11): 1549–1560.
Rochlin, G., La Porte, T.R. and Roberts, K.H. (1987) The self-designing high-reliability organization: Aircraft carrier flight operations at sea. Naval War College Review 40(4): 76–90.
Roux-Dufort, C. (2009) The devil lies in details! How crises build up within organizations. Journal of Contingencies and Crisis Management 17 (1): 4–11.
Ruefli, T.W., Collins, J.M. and Lacugna, J.R. (1999) Risk measures in strategic management research: Auld lang syne? Strategic Management Journal 20 (2): 167–194.
Runyan, R.C. (2006) Small business in the face of crisis: Identifying barriers to recovery from a natural disaster. Journal of Contingencies and Crisis Management 14 (1): 12–26.
Salehi, R. and Ali, S.H. (2006) The social and political context of disease outbreaks: The case of SARS in Toronto. Canadian Public Policy 32 (4): 373–385.
Samra-Fredericks, D. (2003) Strategizing as lived experience and strategists' everyday efforts to shape strategic direction. Journal of Management Studies 40 (1): 141–174.
Schaar, J. (2005) Learning lessons from the tsunami. International Federation of Red Cross and Red Crescent Societies, http://www.ifrc.org/docs/news/opinion05/05121402/index.asp, accessed 18 August 2011.
Schatzki, T.R., Knorr-Celina, K. and Savigny, E.V. (2001) The Practice Turn in Contemporary Theory. London: Routledge.
Scheytt, T., Soin, K ., Sahlin-Andersson, K. and Power, M. (2006) Special research symposium: Organizations and the management of risk. Journal of Management Studies 43 (6): 1331–1337.
Secretariat of the ISO. (2009a) ISO 31000: Risk Management – Principles and Guidelines. Geneva, Switzerland: International Organization for Standardization.
Secretariat of the ISO. (2009b) ISO 73: Risk Management – Vocabulary. Geneva, Switzerland: International Organization for Standardization.
Secretariat of the ISO. (2009c) IEC/ISO 31010 – Risk Management – Risk Assessment Techniques. Geneva, Switzerland: International Organization for Standardization.
Sen, F. and Egelhoff, W.G. (1991) Six years and counting: Learning from crisis management at Bhopal. Public Relations Review 17 (1): 69–83.
Séguin, E. (2005) The UK BSE crisis: Strengths and weaknesses of existing conceptual approaches. Science and Public Policy 27 (4): 293–301.
Short, J.F. (1984) The social fabric at risk: Toward the social transformation of risk analysis. American Sociological Review 49 (6): 711–725.
Shrivastava, P. (1987) Bhopal: Anatomy of a Crisis. Cambridge, MA: Ballinger.
Shrivastava, P. (1994) Long term recovery from the Bhopal crisis. In: J.K. Mitchel (ed.) Long Term Recovery from Disasters. Tokyo, Japan: UN University Press.
Slovic, P. (1999) Emotion, sex, politics, and science: Surveying the risk-assessment battlefield. Risk Analysis 19 (4): 689–701.
Smith, D. (2005) Business (not) as usual: Crisis management, service recovery and the vulnerability of organisations. Journal of Services Marketing. 19 (5): 309–320.
Smith, D. and Fischbacher, M. (2009) The changing nature of risk and risk management: The challenge of borders, uncertainty and resilience. Risk Management 11 (1): 1–12.
Spillan, J. and Hough, M. (2003) Crisis planning in small businesses: Importance, impetus and indifference. European Management Journal 21 (3): 398–407.
Thirion, X., Debensason, D., Delarozière, J.C. and San Marco, J.L. (2005) August 2003: Reflections on a French summer disaster. Journal of Contingencies and Crisis Management 13 (4): 153–158.
Thompson, P.B. and Dean, W. (1996) Competing conceptions of risk. Risk: Health, Safety and Environment 7 (4): 361–384.
Tierney, K. (1997) Business impacts of the Northridge earthquake. Journal of Contingencies and Crisis Management. 5 (2): 87–97.
Webb, G.R. and Chevreau, F.R. (2006) Planning to improvise: The importance of creativity and flexibility in crisis responses. International Journal Emergency Management 3 (1): 66–72.
Weick, K. (1988) Enacted sensemaking in crisis situations. Journal of Management Studies 25 (4): 305–317.
Weick, K. (1993) The collapse of sensemaking in organizations: The Mann Gulch disaster. Administrative Science Quarterly 38 (4): 628–652.
Weick, K. (2010) Reflections on enacted sensemaking in the Bhopal disaster. Journal of Management Studies 47 (3): 537–550.
Weick, K. and Suncliffe, K. (2007) Managing the Unexpected. Resilient Performance in an Age of Uncertainty. San Francisco, CA: Jossey-Bass Publishers.
White House (2006) The Federal Response to Hurricane Katrina: Lessons Learned, Office of the Assistant to the President for Homeland Security and Counterterrorism. Washington, DC, USA, http://www.whitehouse.gov/reports/.
Whittington, R. (2006) Completing the turn in strategy research. Organization Studies 27 (5): 613–634.
Widalvsky, A. (1988) Searching for Safety. Berkeley, CA: University of California Press.
Wilson, K. and Keelan, J. (2008) Learning from Listeria: The autonomy of the public health agency of Canada. Canadian Medical Association Journal 179 (9): 877–879.
Wooten, L.P. and James, E.H. (2008) Linking crisis management and leadership competencies: The role of human resource development. Advances in Developing Human Resources 10 (3): 352–379.