Why ISO 31000 is a dangerous tool


As Weick pointed out, to manage the unexpected we need to be reliably mindful, not reliably mindless. Obvious as that truism may be, those who invest heavily in plans, procedures, process and policy also end up perpetuating and reinforcing a whole raft of expectations about how the world is, thus investing in an organisational culture of mindlessness rather than mindfulness. Understanding that process inherently elides to a state of organisational mindlessness, we can see that a process oriented risk management standard such as ISO 31000 perversely cultivates a climate of inattentiveness, right where we should be most attentive and mindful. Nor am I alone in my assessment of ISO 31000, see for example John Adams criticism of the standard as  not fit for purpose , or KaplanMike’s assessment of ISO 31000 essentially ‘not relevant‘. Process is no substitute for paying attention.

Don’t get me wrong there’s nothing inherently wrong with a small dollop of process, just that it’s place is not centre stage in an international standard that purports to be about risk, not if you’re looking for an effective outcome. In real life it’s the unexpected, those black swans of Nassim Taleb’s flying in the dark skies of ignorance, that have the most effect, and about which ISO 31000 has nothing to say.


Also the application of ISO 31000’s classical risk management to the workplace health and safety may actually be illegal in some jurisdictions (like Australia) where legislation is based on a backwards looking principle of due diligence, rather than a prospective risk based approach to workplace health and safety.

6 responses to Why ISO 31000 is a dangerous tool

    Mike Flannery 30/01/2014 at 6:42 pm

    I think if we continue trying to Scientificise the management of risk, then we will continue to go down the route of thinking “if we can work out every possible source of every possible problem, then we can eliminate risk. So all we have to do is to diligently work through the stack of problems and viola… no more risk”. The Root Cause school of thought.

    This is of course, nonsense. The management of risk, like politics, is the ART of compromise. We can’t know all the variables because no-one can. But we still have to take decisions based on what we know. We’ll only ever get to understand the majority (and of course even then, not all) of the variables in the post-accident mop up. By then it will be crystal clear what the missing variable was and so, we can then factor in the variable we missed pre-accident to all of our post-accident endeavours.

    To be human is to live with both ambiguity and uncertainty. Only machines are unambiguous and uncertain (and even these are not always so). Things like ISO 31000 are for the guidance of the wise and the obedience of those less so. They provide a map, but as the NLPers will point out “the map is not the territory”. It is simply a representation of what the reality is. But it can help you get where you want to go. If we treat ISO 31000 in that way, it can be helpful. But it won’t stop the next Challenger. Chernobyl, Bhopal, Buncefield, Gulf of Mexico…etc., etc., when humans are involved.


      Matthew Squair 02/02/2014 at 9:40 am

      The major irreducible flaw as I see it is that ISO 31000 presents a canonical rational-philosophical approach to risks, De Moivre’s old risk = loss X frequency redux. So what I was trying to point out was that the approach focuses attention on what you can identify and characterise (aleatory & epistemic) but ignores ontological risks, which are usually the ones that have the most effect (Nassim Taleb’s Black Swan’s).

      These are pretty new concepts, I mean Frank Knight only published Risk, Uncertainty and Profit in 1921 so the authors of ISO 31000 may not have read his work… (snark).



    Most of the time health and safety bares no relationship to economic reality.
    For instance, in the UK in 2011; 2,222 people died on the roads, lets pretend that we could reduce this by having a 20mph top speed, true that may well reduce deaths, but of course there are trade offs; nobody would do anything, as costs for business would become astronomical, all of which get passed on to the customer.
    This is a very basic micro economic example that demonstrates that there are no solutions to any problems, and only ‘trade offs’. We can make one thing better, but we are always making something else worse, we can make some things slightly better by making some thing else a lot worse.
    Example 2:
    I notice in a lot in hospitals there are Legionella ‘problems’, since you have a very susceptible population. The health and safety people who have tunnel vision when it comes to this issue make the NHS spend multi million pounds in order to prevent exposure. But the question is compared to what? What NHS services have been destroyed in order to facilitate that, which could have been used to provide more nurses, or provide cancer treatment, (You are not seeing what has been destroyed in order to provide the Legionella treatment). Thus, health and safety may well end up killing more people than it saves. 50 lives saved thanks to Legionella treatments, however 200 people could have been saved had it been used for cancer treatment.

    The question has to be answered in terms of context; as to what that time, effort, and money which had alternative uses, had been used for. I do not believe you can centrally plan something of that magnitude.


      Matthew Squair 09/04/2014 at 11:44 am

      Interestingly the Dutch have a better Health and Safety record than the UK, yet I don’t see the UK HSE critically examining why that is, and whether the way the Dutch do things might be better and/or more cost effective… But of course, they’re the Dutch after all. 🙂



        Its hard to compare countries I think, since some work activities are inherently more riskier than others. What we are really saying about health and safety is that we prefer health and safety to other resources that time, effort and money, that could have been privided. I.e higher levels of economic growth, job opportunities and also want higher cost goods and services, since it is all just overhead which gets passed on to the consumer.


        Matthew Squair 10/04/2014 at 2:04 pm

        Or alternatively, we’re saying that we place a near infinite value on one particular social good. Kind of like the tragedy of the commons, but in reverse… Hmmm, there may be a good article in that.