CONCLUSION

We have seen how RBT is a key component to understanding Annex SL based standards, and to understand what RBT actually means to individual organisations is influenced very much by the risk appetite of individual leadership teams and to, a certain extent, by market and regulatory expectations that impact on their strategic visions.

In one sense, ISO 31000 provides a strategic overview of the risk management universe but can impact on RBT at a more tactical level, e.g. the way we can better prioritise competing risk controls based on the way we now understand our risk appetite, rather than just the perceived risk rankings themselves. The importance of this realisation is that, in many cases, the risk profile will be too wide ranging to be given an equal priority for treatment; understanding appetite and any limitations of individual risk controls is key to minimising any unplanned events arising.

ISO 31000, read in conjunction with Annex SL, makes the notion of risk wider than just negative, unplanned events. The simplistic model of risk versus benefits can apply to opportunities and improvement – investment decisions on new products are influenced by risk appetite just as much as managing fire risks or credit risks, for example. Managing risk is just as much about opportunity than anything negative – if an organisation can promote this realisation, then cooperation with the risk management process will be galvanised.