Is There Certification for ISO 31000?

ISO 31000 states, "This standard is not intended for the purpose of certification." This means that it is not intended for organizations to seek and receive a certificate of adherence to the standard by a certification or notified body in contrast to ISO standards like ISO 9001, 14001, 28001 and others. Although this statement will be omitted in the upcoming 2017-8 revision for the sake of brevity, the editors still intend that it be true.

Nevertheless, due to corporate and governmental demand, AENOR, the ISO representative in Spain has begun to certify companies to a Spanish document named IE31000, which is based on the ISO 31000 standard. Likewise, the British Standards Institution (BSI), the official representative of ISO in the UK, is delivering certification on ISO31000 in Saudi Arabia. Although there is no internationally recognized accreditation body for ISO 31000, this divide continues to to evolve, on whether ISO31000 should become an internationally recognized, certifiable standard for organizations.

The Pros and Cons

Many ISO member countries have a vested interest in promoting risk management and seek an additional standard which may be used to audit against. This is aligned with their national industrial culture which believes that auditing facilitates best practices.

Other member countries with similarly laudable interests, continue to feel that promotion of risk management à la ISO 31000 would be better served without being certifiable. This is based mostly on the unique principle contained in ISO 31000 that "risk management is tailored" and aligned with the organization's external and internal context and risk profile. Additionally, they felt that a "checklist or tick-box approach" would preclude the very value and benefits which the authors of the standard intended to provide by its publication.

My Organization Seeks Certification. What Can We Do?

All organizations desire to demonstrate their risk management maturity, especially those who have made a commitment to ISO 31000. Although no international accreditation exists today, ERM 31000 Training and Consulting does provide a proprietary ISO 31000 Risk Management Maturity Assessment that demonstrates the commitment, effort and achievements which an organization has made in building a mature, enterprise risk management framework and implementing its processes based on ISO 31000.

Your stakeholders will recognize the tremendous value of your organization's maturity assessment rating and the value it brings to your organization.

Don't You Have to Be Accredited to Certify Others?

In reference to bodies which certify organizations, ISO states: Accreditation – the formal recognition by an independent body, generally known as an accreditation body that a certification body is capable of carrying out certification. Accreditation is not obligatory but it adds another level of confidence, as ‘accredited’ means the certification body has been independently checked to make sure it operates according to international standards. Furthermore ISO’s website clarifies: “Accreditation is not an obligation and if an organization is not accredited it does not necessarily mean it is not reputable. Nonetheless, accreditation remains an independent confirmation of competence.

The same holds true for organizations which certify individuals. An example of a U.S. accreditation program for organizations which certify individuals is the ANSI 17024 Accreditation program. It is important to understand that a certification to ISO 17024 speaks only to the organization's business and management structure. It gives no indication or assurance whatsoever, as to the organization's knowledge, expertise and/or influence regarding the discipline for which they certify.

Does ERM 31000 Certify Trainees?

We have chosen not to certify individuals until there is an organization which has the knowledge, expertise and international influence concerning ISO 31000 to provide an accreditation to organizations to certify individuals. We choose not to self-accredit as others have done, and we will not seek accreditation from organizations that know little or nothing about ISO 31000.

Instead, we have affiliated with a well-known and prestigious school of business, where we regularly deliver our New York State Department of Education recognized courses as an integral component of a number of Masters Degree programs. External attendees who pass the exam will receive a Certificate from the School of Business. Likewise our CE credits have been recognized as satisfying the requirements of all the organizations to whom they have been presented.

Still Want to be Certified as an ISO 31000 Risk Manager?

There are currently a small number of organizations which provide both ISO 31000 training and certification. Because they claim accreditation under ISO 17024, they are required to allow anyone to sit for their exam, whether or not they took the training with their company. ERM 31000 Training guarantees that all individuals who take our course and exam will pass any other ISO 31000 exam currently on the market.

Where Can I Learn More?

Please call me at your convenience or via the Contact Us page.