The Importance of Risk Management: What is Missing in ISO Standards?

The overall aim of this article is to contribute to the further development of the area of risk analysis and risk management in the International Organization for for Standardization (ISO) standards by strengthening its scientific basis. Industrial standards, especially ISO standards, are the tools organizations use to manage their risk, through following their guidance and complying with their requirements. Organizations confirm their compliance with these standards through certification, which means that they heavily depend upon the quality of the ISO standards to enable them to effectively manage their risk. The purpose of this study is to investigate what guidance is given on key elements of risk management and how well ISO standards are aligned with state‐of‐the‐art risk management literature. Eighteen ISO standards, all addressing risk management, were reviewed in this study with regard to risk terminology and guidance. The results of the study confirm the increasing importance of risk management for business. However, the study also shows a lack of guidance on doing risk analysis in the industrial standards examined. The ISO management system standards and guidelines are not aligned with the scientific literature on risk and are not appropriate for the management of risk arising from complex interactions and emergent behavior that is inherent in present‐day sociotechnical systems. [ABSTRACT FROM AUTHOR]