Escolar Documentos
Profissional Documentos
Cultura Documentos
An Overview of Widely
Used Risk management
Standards and Guidelines
CONTRIBUTORS
Grace Crickette
Chief Risk Officer, University of California
Kristen Drobnis
Senior Vice President, Risk Management, Massachusetts Development
Ryan Egerdahl
Enterprise Risk Manager, Bonneville Power Administration
Carol Fox
Director of Strategic and Enterprise Risk Practices, RIMS
Dorothy Gjerdrum
Executive Director, Arthur J. Gallagher Risk Management Services, Inc.
Robert Gofourth
Vice President of Professional Services, Insite Managed Solutions
Yvette Ho Sang
Risk Management Analyst, Institute of Electrical and Electronic Engineers
Russell McGuire
Senior Consultant, Milliman Risk Advisory Services
Michael Miller
Director, Risk Assessment & Mitigation, American Broadcasting Companies, Inc.
Mary PeteR
Director of Enterprise Risk Management, Eide Bailly LLP
Drew Zavatsky
Loss Prevention Coordinator, State of Washington
With thanks
Pete Fahrenthold
Chair, RIMS ERM Committee
Manus (Chris) ODonnell
Chair, RIMS Standards and Practices Committee
Mary Roth
Executive Director, RIMS
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
Introduction
Online searches for information on risk management,
particularly enterprise risk management, result in more
than 20 million references. Wading through the competing standards, frameworks and regulatory guidelines
can be a daunting task.
This report is intended to provide the user with a
view of six widely used risk management standards,
guidelines and self-described best practices to help
identify common elements in each. We have utilized
the attributes from the RIMS Risk Maturity Model for
Enterprise Risk Management (RIMS RMM) as the basis
for evaluating the common elements and to differentiate among the various documents.
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
In addition, ratings agencies do not produce risk management standards. Rating agency scrutiny of organizations
risk management practices creates intense focus on ERM
preparations for the respective credit rating evaluations
and, most importantly, the potential bearing that disciplined risk practices may have on credit ratings.
We do not intend to publish a separate ERM methodology. However, our Corporate Ratings Criteria, a detailed
collection of methodologies covering all aspects of our
corporate ratings process, will reflect any ERM-related enhancements in management analysis...Any positive credit
rating action would stem from sustainably improved cash
flows, operating performance, or competitive advantages
realized from successfully managing risk. Likewise, a
negative rating action would result from unexpected large
losses, chronic underperformance, or competitive disadvantages resulting from poor risk management.
Steven J. Dreyer
Standard and Poors Credit FAQ
June 24, 2010
Comparing Standards
Risk management strategies generally focus on one or
more of the following elements:
strategy focus
description
standard/guideline
organizational
objectives
Designed to improve an
organizations
ability to meet or exceed its
objectives through
enhanched decisionmaking and activities that
address key uncertainties.
iso 31000:2009
bs 3100:2008
coso:2004
FERMA: 2002
compliance &
control objectives
regulatory
Used when an
organization must apply a
designated practice and/
or standard and provide
evidence in order to meet
regulatory requirements.
solvency ii
basel ii
primary challenge
Harmonizing approaches,
blending the siloed
strategies through
common elements as
found in RIMS Risk Maturity
Model (RIMS RMM)
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
A) CREATES VALUE
MANDATE AND
COMMITMENT
B) INTEGRAL PART OF
ORGANIZATIONAL PROCESSES
DESIGN OF
FRAMEWORK FOR
MANAGING RISK
E) SYSTEMATIC, STRUCTURED
AND TIMELY
F) BASED ON THE BEST
AVAILABLE INFORMATION
G) TAILORED
H) TAKES HUMAN AND CULTURAL
FACTORS INTO ACCOUNT
CONTINUAL
IMPROVEMENT OF
THE FRAMEWORK
IMPLEMENTING
RISK MANAGEMENT
PRINCIPLES
D) EXPLICITY ADDRESSES
UNCERTAINTY
RISK ASSESSMENT
(5.4)
RISK IDENTIFICATION (5.4.2)
MONITORING AND
REVIEW OF
THE FRAMEWORK (4.5)
RISK TREATMENT (5.5)
FRAMEWORK
PROCESS
Reproduced from ISO Standard 31000:2009 with permission from ISO at www.iso.org. Copyright remains with ISO.
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
The approach is comprehensive and somewhat prescriptive in identifying accountabilities, as well as the
parts of the organization and processes needed to be
included in the GRC model. It assumes certain universal
outcomes:
In integrating and aligning governance, risk management and compliance (GRC) efforts, OCEG describes its
framework for principled performance in two parts:
the Red Book, which contains the overview and principles of the GRC capability model, and the Burgundy
Book, which contains procedures and assessment criteria to facilitate management and evaluation of a GRC
system. It focuses on the application of GRC methods
by which [the enterprise] establishes and stays within
the boundaries it will observe while driving toward its
[financial and nonfinancial] objectives.
Access to the model and its technology arenas and
modules requires membership in OCEG, which is
offered at basic, premier and enterprise levels with varying annual membership fees.
The document details GRC Capability Model Elements for each of its components, which are shown
in Figure 2. It defines the role of risk as follows Risk,
in [the GRC] context, is the measure of the likelihood of
something happening that will have an effect on achieving objectives; most importantly, but not exclusively, an
adverse effect. [emphasis added] In this context, the
role of risk management is minimized to the measure-
Figure 2: OCEG Red Book 2.0: 2009 GRC Capability Model Elements
ORGANIZE &
OVERSEE
PREVENT &
PROMOTE
DETECT &
DISCERN
INFORM &
INTEGRATE
RESPOND &
RESOLVE
MONITOR &
MEASURE
ORGANIZE &
OVERSEE
MONITOR &
MEASURE
INFORM &
INTEGRATE
RESPOND &
RESOLVE
ASSESS &
ALIGN
PREVENT &
PROMOTE
DETECT &
DISCERN
T
ASSESS &
ALIGN
RE & CONTEX
U
CULT
CULTURE &
CONTEXT
Source: Open Compliance and Ethics Group 2003-2009 OPEN COMPLIANCE AND ETHICS GROUP. Used with permission. www.oceg.org
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
STRATEGIC
CHANGE
OPERATIONAL
to proactively manage uncertainty in a systematic manner at all levels within the organization; from strategic
to operational perspectives. These risk management
perspectives are found in Figure 3.
BS 31100 is intended for use by anyone with responsibility for any of the following:
Ensuring an organization achieves its objectives
Ensuring risks are proactively managed in specific
areas or activities
Overseeing risk management in an organization
Providing assurance on the effectiveness of an organizations risk management
Reporting to stakeholders through disclosures in
annual financial statements, corporate governance
reports and corporate social responsibility reports
This British Standard pays particular attention to the
benefits of using a risk maturity model to improve an
organizations risk management capability. It describes
how this type of planning tool contains the fundamental
elements of effective risk management processes and
depicts the evolutionary path from ad hoc to mature,
repeatable processes.
COSO: 2004
Comprising a variety of professional associations including the American Accounting Association (AAA), American Institute of Certified Public Accountants (AICPA),
Financial Executives International (FEI), the Association
for Accountants and Financial Professionals in Business
(IMA) and the Institute of Internal Auditors (IIA), the
Committee of Sponsoring Organizations (COSO) is a
voluntary private-sector organization. COSO describes
itself as dedicated to guiding executive management
and governance entities toward the establishment of
more effective, efficient and ethical business operations
on a global basis.
COSO advocates that organizations should implement
enterprise risk management (ERM) to better connect
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
E
NC
IA
AT
IO
OP
PL
ER
GI
RA
TE
ST
IN
CO
M
EVENT
IDENTIFICATION
RT
PO
OBJECTIVE
SETTING
RE
INTERNAL
ENVIRONMENT
NS
INTERNAL ENVIRONMENT
How bad are these events?
Will they really happen?
RISK
RESPONSE
CONTROL
ACTIVITIES
INFORMATION &
COMMUNICATION
MONITORING
OBJECTIVE SETTING
EVENT IDENTIFICATION
RISK ASSESSMENT
RISK RESPONSE
SUBSIDIARY
BUSINESS UNIT
DIVISION
ENTITY - LEVEL
RISK
ASSESSMENT
CONTROL ACTIVITIES
INFORMATION & COMMUNICATION
MONITORING
Source: Committee of Sponsoring Organizations of the Treadway Commission www.coso.org. Used with permission.
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org 10
EXISTING RISK
PROFILE
RISK
CAPACITY
DETERMINATION OF
RISK APPETITE
RISK
TOLERANCE
DESIRED
LEVEL OF RISK
Source: Committee of Sponsoring Organizations of the Treadway Commission www.coso.org. Used with permission.
FERMA: 2002
FERMA: 2002 is a risk management standard adopted
by the Federation of European Risk Management
Associations. It was created by a team comprised of
the members of the major United Kingdom-based risk
management organizations: the Institute of Risk Management (IRM), the Association of Insurance and Risk
Managers (AIRMIC) and ALARM, the National Forum for
Risk Management in the Public Sector.
The standard sets out a strategic process, starting with an
organizations overall objectives and aspirations, through
to the identification, evaluation and mitigation of risk, and
finally the transfer of some of that risk to an insurer.
FERMA: 2002 adopts the definition of risk as the combination of the probability of an event and its consequences. The standard is careful to emphasize the view that
in any risk-related circumstance there are opportunities
for benefit (upside) or threats to success (downside).
Management of these opportunities and threats is described as a key part of any organizations strategic planning. Risk management is described as the methodical
process of identifying all risks to achieving objectives
and then applying risk treatments that add maximum
sustainable value to the organization. Because the
process of risk management addresses the entire organization through the risk identification process, it must
be integrated as part of the organizations culture. This
includes assigning responsibility for managing risks as a
part of the job description of managers and employees
to promote operational efficiency at all levels.
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
11
THE ORGANIZATIONS
STRATEGIC OBJECTIVES
RISK ASSESSMENT
RISK ANALYSIS
RISK IDENTIFICATION
RISK DESCRIPTION
RISK ESTIMATION
RISK EVALUATION
RISK REPORTING
THREATS AND OPPORTUNITIES
FORMAL AUDIT
MODIFICATION
DECISION
RISK TREATMENT
MONITORING
functional role
responsibilities
board
business units
internal audit
12
Conclusion
The wealth of available standards describing enterprise
risk management demonstrates that it is an emergingand essentialbusiness discipline. Based on this
review, we conclude that:
Standards and guidelines tend to be conceptual with
little guidance on practical implementation
There are more similarities than differences among
the reviewed standards and guidance documents
The universal applicability of RIMS RMM serves as
a harmonizing tool regarding the more practical attributes and behaviors that most of the standards are
attempting to address
Elements in each of the standards and/or guidelines
may be useful or adaptable for specific organizations
The fact that all the standards share more characteristic
similarities than differences demonstrates that ERM is
also an evolving discipline that has meaningful applications to all sectors, whether organizations are structured
for profit, not for profit, governmental or non-governmental purposes.
Copyright 2011 Risk and Insurance Management Society, Inc. All rights reserved.
www.RIMS.org
Appendix A:
Crosswalk of Risk Management Standards, Guidelines and Best Practices as compared to rims rmm attributes
RIMS RMM Attribute: Adoption of ERM-Based Approach
Denotes the degree of executive support for an ERM-based approach within the corporate culture. Activities cut across all processes, functions, business
lines, roles and geographies. Includes integrating, communicating and coordinating with front-line and support areas, including internal audit, information
technology (IT), compliance, corporate security, business continuity and risk management.
ISO 31000: 2009 Risk
Management Principles and
Guidelines
Executive support
for ERM
Business process
definition
COSO:2004 Enterprise
Risk Management
Integrated Framework
C3 Culture
02.2 Management Roles
& Accountabilities
02.3 Leadership Roles &
Accountabilities
3.1 Governance
Pillar 3 Market
Discipline:
Transparency
(Disclosure)
Figure 1 Risk
management
perspectives
Executive Summary,
page 2
Strengthening ERM for
Strategic Advantage,
page 1
Pillar 2 Supervisor
Review: Regulations on
financial services
supervision (Control)
O2 Roles and
Accountabilities
Pillar 3 Market
Discipline: Disclosure
requirements
(Disclosure)
O1 Outcomes and
Commitment
2 Risk management
principles
3.2 Risk management
strategy
Executive Summary,
page 3
Strengthening ERM for
Strategic Advantage.
pages 1, 12
Pillar 2 Supervisor
Review: Quantitative
requirements
(Control)
O3 Approach &
Accountability
3.5 Building
capability and
competence
3.6.3 The role of
individuals
3.6.4 The roles of the
risk owners and risk
response owners
Executive Summary,
page 6
Integrated Framework,
page 18
Strengthening ERM for
Strategic Advantage.
pages 12
Risk ownership
4.3.3 Accountability
Annex A.3.2
[accountability]
Far-sighted risk
management vision
3. Principles
4.4.1 Implementing the
framework for
managing risk
Annex A.1-A.3 [performance goals, accountability, integration]
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
Repeatability and
scalability
1. Scope
4.3.3 Accountability
5.3.4 Establishing the
context of the risk management process
5. Process (inclusive of
5.1-5.7)
4.3.3 Accountability
5.2 Communication and
consultation
5.3 Establishing the
[internal and external]
context
Annex A.3.2 [accountability]
Annex A.3.4 [communications]
Risk management
reporting
1. Scope
Application Techniques,
page 1
Integrated Framework,
page 17
N/A
9. Monitoring and
Review
Application Techniques,
page 1
Integrated Framework,
page 17
Pillar 2 Supervisor
Review: Quantitative
requirements (Control)
9. Monitoring and
Review
3.1 Governance
O2.1 Define and Enable
3.6.2 Senior manageGRC System Oversight
ment responsibilities
Roles and Accountability 3.6.5.a Risk management
oversight body
Process Embedded in
GRC Capability Model
A Assess & Align
P Prevent and Promote
D Detect and Discern
I Inform & Integrate
R Respond & Resolve
M Monitor & Measure
4 Risk management
process
Integrated Framework,
pages 27, 67, 75
Integrated Framework,
page 67
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
Risk-reward tradeoffs
(includes developing risk
responses)
Pillar 2 Supervisor
Review: Quantitative
requirements (Control)
A2 Risk Analysis
A3 Risk Optimization
Application Techniques,
page 18
Strengthening ERM for
Strategic Advantage,
page 9
2. Risk Management
5. Risk Evaluation
Pillar 1 Quantitative
Requirements:
Investment
(Implementation)
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
Dependencies and
consequences
Indicator classifications
(includes internal and
external risk factors)
Root cause
consideration
N/A
Pillar 2 Supervisor
Review: Regulations on
financial services
supervision (Control)
N/A
Pillar 2 Supervisor
Review: Quantitative
requirements (Control)
Integrated Framework,
page 75
Strengthening ERM for
Strategic Advantage,
page 10
A1 Risk identification
A1.7 Identify Risks That
May Afford
Opportunities
Integrated Framework,
pages 41, 67
Strengthening ERM for
Strategic Advantage,
page 10
N/A
Pillar 1 Quantitative
Requirements: Regulations on minimum
capital requirements
(Implementation)
N/A
(although R3 Corrective
Controls mentions that
controls must address
root causes, the GRC
model itself does not
link root cause analysis
(RCA) as a risk management technique or
necessary step).
Application Techniques,
page 47
Integrated Framework,
page 45
Strengthening ERM for
Strategic Advantage,
page 17
N/A
(although the Appendix
(Risk ID Techniques and
Risk Analysis
Methods) mentions various types of root cause
analysis, the standard
as a whole does not link
RCA explicitly as a risk
management technique
or necessary step.)
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
Application Techniques,
page 27
Strengthening ERM for
Strategic Advantage,
page 17
Adverse events as
opportunities
1 Scope
5.3 Establishing the
context
5.3.5 Establishing risk
criteria
Application Techniques,
page 30
Integrated Framework,
page 15
1. Risk [definition]
2.2 The Risk Management Process
Follow-up reporting
4.3.6 Establishing
internal communication
and reporting
mechanisms
5.6 Monitoring and
review
5.7 Recording the risk
management process
Application Techniques,
page 55
Integrated Framework,
page 67
9. Monitoring and
Review
Pillar 2 Supervisor
Review: Quantitative
requirements (Control)
3 Principles
4.1 Framework - General
4.3.3 Accountability
Annex A.3.2
[accountability]
N/A
(although O2. Roles &
Responsibilities mentions oversight, key management, leadership, operational and assurance
roles and accountability,
the GRC model itself
does not link ownership
within the organization
business areas explicitly
as a key component for
risk management).
Executive Summary,
page 6
Integrated Framework,
pages 18, 83
Strengthening ERM for
Strategic Advantage,
page 12
Risk ownership by
business areas
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
Communicating goals
Issues Addressed
Introduction
3.1 Governance
Pillar 1 Quantitative
Requirements:
Regulations on
minimum capital
(Implementation)
C4.6 Communicate
Mission, Vision and
Values
P4 Awareness &
Education
Application Techniques,
page 67
Integrated Framework,
pages 35, 67, 75
P5 Human Capital
Incentives
M2 Performance
Monitoring & Evaluation
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
Analysis-based planning
Resiliency and
operational planning
(includes external
communication)
Understanding
consequences
1 Scope
5.4.3 Risk analysis
5.4.4 Risk evaluation
Executive Summary,
page 3
Integrated Framework,
page 35
9. Monitoring and
Review
P3 Preventive Controls
P6 Risk Financing/
Insurance
P7 Stakeholder Relations
& Requirements
R4 Crisis Response,
Continuity and Recovery
R5.3 Disclose Issue
Resolution
9. Monitoring and
Review
A1 Risk Identification
A2.1 Analyze Inherent
Risk
Application Techniques,
page 55
Integrated Framework,
pages 59, 61
6. Risk Treatment
Pillar 1 Quantitative
Requirements: Investment (Implementation)
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
Demographics
Sponsoring Organization
International
Organization for
Standardization (ISO)
British Standards
Institution (BSI)
Committee of
Sponsoring
Organizations (COSO)
Federation of European
Risk Management
Associations (FERMA)
European Commission
on Insurance
Number of Pages
30 pages
239 pages
40 pages
125 pages
16 pages
N/A
Insurance companies in
the European Union (EU)
or underwriting risks in
the EU
www.ferma.eu
www.ec.europa.eu
www.fsa.gov.uk
BS 31100 is intended
While it is not intended
for use by anyone with
to and does not replace
responsibility for any of
the internal control
the following:
framework, but rather
Ensuring an organization
incorporates the internal
achieves its objectives;
control framework
Ensuring risks are
within it, companies
proactively managed in
may decide to look
specific areas or activities;
to this enterprise risk
GRC is relevant in all
Overseeing risk managemanagement framework
industries and sectors,
ment in an organization;
to satisfy their internal
all over the world, and
Providing assurance
control needs and to
affects all functions in
on the effectiveness of
move toward a fuller risk
a modern enterprise.
an organizations risk
management process.
management; and/or
Use of this report is
Reporting to stakeholdintended for board(s) of
ers, e.g. through disclodirectors, senior mansures in annual financial
agement, other entity
statements, corporate
personnel, regulators,
governance reports and
professional organizacorporate social respontions and educators.
sibility reports.
This international
Standard provides
principles and generic
guidelines on risk management. This standard
can be used by any public, private or community
enterprise, association,
group or individual.
Therefore, this International Standard is not
specific to any industry
or sector.
Ancillary document
references
Website
www.iso.org
www.oceg.org
Application
Techniques
Strengthening Enterprise Risk Management
for Strategic Advantage
www.bsigroup.com
www.coso.org
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
All
organizations
Insurance companies
located in or doing
business in the
European Union
Applicable to
BS 31100: 2008
Code of Practice for
Risk Management
Companies interested
in satisfying internal
control needs and in
moving to a fuller risk
management process
Primary
Objective1
COSO: 2004
Enterprise Risk
Management
Integrated
Framework
Organizational
Compliance and
Control
Organizational
Organizational,
Compliance and
Control
Organizational
Regulatory
Type of
Document2
ISO 31000:
2009 Risk
Management
Practices and
Guidelines
Primary standard
Guidance document
Primary standard
Guidance document
Guidance document
Primary standard
1. Organizational
Designed to improve an organizations ability to meet or exceed its objectives through enhanced decision-making and activities that
address key uncertainties.
Compliance and Control
Seeks to assure the transfer or mitigation of risks primarily through compliance and control objectives and activities; often based on
historic losses, near-misses, etc.
Regulatory
Used when an organization must apply a designated practice and/or standard in order to meet regulatory requirements.
2. Primary standard (or recognized standard) as an established norm or requirement, usually a formal document that establishes criteria,
methods, processes and practices under the jurisdiction of an international, regional or national standards body. It may be used for
regulatory compliance; public validation, verification and/or possibly certification; generally accepted knowledge about risk topic;
may provide formal implementation guidance.
Guidance document or framework, custom, convention, company product, corporate standard, etc. that may be developed outside of a
recognized standard setting body. When the document becomes generally accepted and dominant, it is often called a de facto standard.
It is generally used for internal operational or process implementation guidance.
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
Appendix C: Overview of Common Elements of Widely Used Risk Management Standards and Guidelines
RIMS RMM
ATTRIBUTE
ISO 31000
OCEG
BS 31100
COSO
FERMA
SOLVENCY II
ERM-Based Approach
Process Management
Risk Appetite
Management
Uncovering Risks
Performance
Management
X
X
X
X
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
Benefits of Using
Recognized Standards
Recognized standards provide a number of benefits.
They generally have been vetted and benchmarked
as best practices for decision-making. They rely on a
management system rather than a program to allow
adoption within all levels of an organization. They are
inclusive in development, which provides a broad perspective on successful controls and procedures. Most
importantly, they help establish reasonable and measurable goals that can be tied to articulated organizational
objectives. Organizations can choose to be certified
against certain standards such as ISO 9001:2008 Quality Management Requirements or ISO 14001:2004 Environmental Management Requirements, for example.
That said, there is value to understanding and using
whatever portions of the standards that can help an
organization meet its objectives. One of the benefits is
that standards can provide ideas about how to launch and
organize a program. And since the process of standards
making is inclusive, it gives some assurance for consensus and provides impetus for specialized training. They
can also be used for outside organizations to benchmark
against a particular standard. In fact, in some cases,
certification to certain standards can reduce the number
of outside audits as company is asked to undertake. For
example, being ISO 14000 certified can put a company
on a list of potential vendors for chemical manufacturers.
Without it, the company might not be invited to bid. (It is
important to note that ISO 31000, unlike ISO 9000 and
14000, is not intended for certification.)
Using standards may be a proactive way to protect your
brand and reputation, in addition to providing a defensible position. The bottom line benefit for using standards
is that, whatever else you take from them, their use
can make your organization more resilient in the face of
emerging risks and adverse events.
FRAMEWORK
ISO GUIDE 73
TERMINOLOGY
NFPA 101
2011 Risk and Insurance Management Society, Inc. (RIMS) All rights reserved. www.RIMS.org
AB/NZS 4360
SAQ ONR 49001
AFNOR CN FD_X50-252
ANSI/ASHRAE 62
REQUIREMENTS
NFPA 75
ISO/IEC 27001
OHSAS 18001
HB 436
GUIDELINES
ISO 14001
ISO 10005
ISO/IEC 27002
CSA Q850
TOOLS
ISO 31010
RISK
ISO/IE 15408
SAFETY
QUALITY
TECHNOLOGY ENVIRONMENTAL