Milestones for Integrated Risk Management (IRM)
Risk management has developed very dynamically in Switzerland over the last 50 years. For several decades, "Integrated Risk Management (IRM)" was a wish and also a vision. What were the most important milestones in the realisation of this integrative approach to risk management?
- Professionalization of RM The years 1965 to 1970 were strongly influenced by developments in space technology. Technical risk management was professionalized. In the Apollo programs, MILSTD- 882:1969 specified the requirements that technical components and systems had to meet. In the early 1970s, Zurich Insurance developed the "Zurich Risk Management System (ZRMS)", which became known worldwide as an important corporate and insurance risk management system. Many Swiss companies took their cue from this approach.
- Specification of the RM In the three decades 1970-2000, a large number of standards and specifications were created in various fields: for example, in chemistry, pharmaceuticals, medicine, IT, aviation, transport systems and the machine industry. One consequence of this large number was that it became increasingly difficult even for experts to maintain an overview. Comparability and also the exchange of experience were only possible to a rudimentary extent in risk management.
- Focusing in the field of standards It was heralded with ISO 31000. The basic idea was to create a generic risk management standard that would be valid as a guiding standard for all other standards in safety and risk management and also in BCM. The Australian/New Zealand standard AS/ NZS 4360:1999/2004 was used as a template and was well disseminated throughout the Commonwealth. This was also one of the reasons why ISO 31000:2009 established itself very quickly in the first few years. Today, ISO 31000:2009 is the international benchmark in risk management.
- Integration I: Embedding in the ISO world With ISO 31000:2009, it became possible for the first time for risk management to be fully integrated with other management systems in an Integrated Management System. This advantage is also recognized and used by many Swiss companies.
- Integration II: Networking in the ISO context This first level of integration has been deepened by a second level, namely the integration of the "risk-based approach" according to ISO 31000:2009 in the associated ISO standards. This also applies to the regular updates of ISO standards, which take place every five years. Examples are ISO 9001 and ISO 14001, as well as the adoption of standards into the ISO world, such as ISO 22301 (formerly BS 25999-1/2) or ISO 45000 (formerly OHSAS 18001/2). And of course this also applies to the creation of new standards, for example ISO 19600 for Compliance Management. This second stage of integration makes ISO 31000:2009 a central standard, because the "risk-based approach" is an important requirement for other ISO standards.
Many Swiss groups, large companies and a large number of SMEs orient their risk management to ISO 31000:2009, for example Hoffman-La Roche, Swisscom, SBB and many others. Such an Integrated Risk Management (IRM) actively supports the other ISO management systems as an efficient and impact-oriented management tool.
