Process is no substitute for paying attention
As Weick has pointed out, to manage the unexpected we need to be reliably mindful, not reliably mindless. Obvious as that truism may be, those who invest heavily in plans, procedures, process and policy also end up perpetuating and reinforcing a whole raft of expectations, and thus investing in an organisational culture of mindlessness rather than mindfulness.
So if we understand that process inherently equates to mindlessness, we can see that a process oriented risk management standard such as ISO 31000 perversely cultivates a climate of inattentiveness, right where we should be most attentive and mindful.
Don’t get me wrong there’s nothing inherently wrong with process in its place, just that’s not centre stage in an international standard about risk, not if you’re looking for an effective outcome. In real life it’s the unexpected, those black swans of Nassim Taleb’s flying in the dark skies of our ignorance, that have the most effect, and about which ISO 31000 has nothing to say.
Nor am I alone in my disquiet over ISO 31000, see for example John Adams question as to whether the standard is fit for purpose. Then there’s the Kaplan–Mikes assessment that ISO 31000 is ‘just not relevant‘.
Also the use of ISO 31000’s classic risk management may be illegal in some jurisdictions (like Australia) where legislation is based on the precautionary principle for workplace health and safety.