25. Apr 2017

Risk Management and ISO 31000 in Austria

Eckehard Bauer is the vice president of Quality Austria, a worldwide active certification body and organization for training. In his function as manager in Quality Austria, he is responsible for safety, transport, Business Continuity Management and Risk Management. He is a member of the mirror committee of the Austrian Standards Institute (ASI).

This interview was conducted for ISO TC 262.

The interviewee

Mr. Eckehard Bauer
MSc Executive Vice President Key Account and Business Development Risk and Safety, Security, Business Continuity, Transport

Ecki, you are a member of the Austrian mirror committee to ISO/TC 262. Can you briefly introduce the Austrian Standards Institute (ASI), your national standardization organization, please?

Ecki: The ASI is located in Vienna and is the only organization in Austria which releases standards from ISO, EN, and other national standards. Since last year, we created a new law on standards in Austria which is very challenging for ASI.


You have been a »regular« at TC 262 meetings in the past but were prevented from coming to Amman – will you be back at the next meeting and what is Austria’s principle message regarding the last drafts of ISO 31000?

Ecki: Unfortunately, after making all the arrangements for coming to Amman I had to cancel them due to significant personal issues. I am back in business since the end of December 2016, following again all the developments in the ISO/TC 262 committee. I look forward to being again an active participant at the upcoming meetings.


What is risk management based on in Austria (e.g.: are there any laws, regulations, national standards or other rules)?

Ecki: We have a lot of laws and regulations which are directly linked to risk management or to risk evaluation. Sometimes we name it a little bit differently, for example “work place evaluation” or “hazard evaluation” etc. In Austria, we have a local Standard, the ONR 49000ff which took the ISO 31000 (guideline) and transformed it into risk management system requirements. This standard is also popular in Germany, Switzerland and in the German speaking parts of Italy.


What is the impact of risk management and in particular ISO 31000 in Austria?

Ecki: The impact of ISO 31000 in Austria is not as big as it could be. The ONR 49000ff, which I mentioned before is of greater importance in the country, thought this standard is based on the ISO 31000. Now, there is a great interest on risk management in Austria since it is based on the “risk based approach – risk based thinking” concept of ISO 9001:2015 and ISO 14001:2015.


Who are the key stakeholders of risk management in Austria?

Ecki: We do not have special key stakeholders of risk management because this topic is already quite well established in many different groups in Austria. Risk management is being implemented to different degrees in a broad range of branches and sectors, from finances to industry and small enterprises, as well as from work safety to public healthcare etc.


What are the biggest obstacles for integrating risk management in all organizational activities for managers in Austria?

Ecki: I think the philosophy for risk management is very well established in companies in Austria. Though a separate risk management standard and certification is not perceived as needed, especially since the ISO 9001:2015 and the other Annex SL based standards are in use, which already include the risk based approach. The ISO 31000 (current version) is now not being used to establish risk management in companies. A statement from companies that I often hear is, that there are too many gaps between the (current) ISO 31000 and the requirements of ISO 9001:2015 / ISO 14001:2015. This is also a reason why companies prefer to use the national ONR 49000ff or other existing standards to establish risk management in the company.


ISO 31000 quickly became one of the bestselling and most well recognized standards in ISO. What do you think about the future of the standard and how will it change to adapt to new challenges?

Ecki: I think this is the past. When the ISO 31000:2009 was published, it was (more or less) the only risk management standard recognized worldwide. Now there are more standards existing, which have included (at least partly) risk management (ISO 9001:2015, ISO 22301, etc.). I think the ISO organization may have diminished the possible success from a revised ISO 31000 by over-diversifying ISO standards, which is still ongoing with an increasing number of ISO standards being produced.


Is there a message that you want to give to the risk management community?

Ecki: From my point of view, it is quite simple. It is about what the customer wants, expects and needs, especially the companies which are already using the new ISO 9001:2015 / ISO 14001:2015 standards or will use them in the future. If we follow their wishes, expectations and needs, we will have success with the new ISO 31000 standard. If we only write a standard from experts for experts, there will be no need to use the ISO 31000 to establish risk management systems in these companies.


What advice can you give to interested parties in Austria who want to offer their input to the work of ISO/TC 262 and who should they address?

Ecki: I think the mirror committee in Austria does a very good job, especially the chairperson Mr. Josef Winkler. The committee is very active in communication and internal work; there is also a broad range of experts in the team. If any expert wants to participate in the ISO /TC 262 mirror committee, they should contact Mr. Winkler or another member of the committee.


Thank you very much!


Contact Person Risk and Security


Mr. Eckehard Bauer, MSc

Executive Vice President Business Development Safety Management, Business Continuity, Risk, Security, Compliance and Transport

News & Events

The basis for long-term success!

08. Feb 2023

New International training program 2023

Start your next career adventure!

Learn more
10. Jan 2023

QMD Services obtains designation as a Notified Body for in vitro diagnostic devices

Milestone for the Medical Device Industry

Learn more
03. Jan 2023

Christian Matzku (50) takes over the Management of “Sales Steering” at Quality Austria

Sales professional starts at certification organization

Learn more
14. Oct 2022

The new EU Guideline on the implemen­tation of Food Safety Management Systems published

New developments for Food Businesses

Learn more
05. Oct 2022

What’s in for an Assessor?

Experience report from Mario Mauracher

Learn more
16. Sep 2022

New cooperation with ENFIT for highest standards

HQF Certification in supply chains acc. to the ENFIT Standard

Learn more
08. Aug 2022

The Many Uses of Lean Six Sigma

Guest article by Mischa Lucyshyn

Learn more
26. Jul 2022

Ransomware & other potential threat scenarios

07. Jul 2022

Building up Competency as Change Management

Continual Improvement Process

Learn more
07. Jun 2022

The five stumbling blocks you should dodge on your way to a management system

Mind the step!

Learn more
16. May 2022

25th anniversary of successful cooperation in certification

Alkaloid celebrates 25 years of successful cooperation

Learn more
03. May 2022

IFS Food Version 8 – first DRAFT version published

What changes and new features are coming

Learn more
+43 732 34 23 22