25. Apr 2017

Risk Management and ISO 31000 in Austria

Eckehard Bauer is the vice president of Quality Austria, a worldwide active certification body and organization for training. In his function as manager in Quality Austria, he is responsible for safety, transport, Business Continuity Management and Risk Management. He is a member of the mirror committee of the Austrian Standards Institute (ASI).

This interview was conducted for ISO TC 262.

The interviewee

Mr. Eckehard Bauer
MSc Executive Vice President Key Account and Business Development Risk and Safety, Security, Business Continuity, Transport

Ecki, you are a member of the Austrian mirror committee to ISO/TC 262. Can you briefly introduce the Austrian Standards Institute (ASI), your national standardization organization, please?

Ecki: The ASI is located in Vienna and is the only organization in Austria which releases standards from ISO, EN, and other national standards. Since last year, we created a new law on standards in Austria which is very challenging for ASI.


You have been a »regular« at TC 262 meetings in the past but were prevented from coming to Amman – will you be back at the next meeting and what is Austria’s principle message regarding the last drafts of ISO 31000?

Ecki: Unfortunately, after making all the arrangements for coming to Amman I had to cancel them due to significant personal issues. I am back in business since the end of December 2016, following again all the developments in the ISO/TC 262 committee. I look forward to being again an active participant at the upcoming meetings.


What is risk management based on in Austria (e.g.: are there any laws, regulations, national standards or other rules)?

Ecki: We have a lot of laws and regulations which are directly linked to risk management or to risk evaluation. Sometimes we name it a little bit differently, for example “work place evaluation” or “hazard evaluation” etc. In Austria, we have a local Standard, the ONR 49000ff which took the ISO 31000 (guideline) and transformed it into risk management system requirements. This standard is also popular in Germany, Switzerland and in the German speaking parts of Italy.


What is the impact of risk management and in particular ISO 31000 in Austria?

Ecki: The impact of ISO 31000 in Austria is not as big as it could be. The ONR 49000ff, which I mentioned before is of greater importance in the country, thought this standard is based on the ISO 31000. Now, there is a great interest on risk management in Austria since it is based on the “risk based approach – risk based thinking” concept of ISO 9001:2015 and ISO 14001:2015.


Who are the key stakeholders of risk management in Austria?

Ecki: We do not have special key stakeholders of risk management because this topic is already quite well established in many different groups in Austria. Risk management is being implemented to different degrees in a broad range of branches and sectors, from finances to industry and small enterprises, as well as from work safety to public healthcare etc.


What are the biggest obstacles for integrating risk management in all organizational activities for managers in Austria?

Ecki: I think the philosophy for risk management is very well established in companies in Austria. Though a separate risk management standard and certification is not perceived as needed, especially since the ISO 9001:2015 and the other Annex SL based standards are in use, which already include the risk based approach. The ISO 31000 (current version) is now not being used to establish risk management in companies. A statement from companies that I often hear is, that there are too many gaps between the (current) ISO 31000 and the requirements of ISO 9001:2015 / ISO 14001:2015. This is also a reason why companies prefer to use the national ONR 49000ff or other existing standards to establish risk management in the company.


ISO 31000 quickly became one of the bestselling and most well recognized standards in ISO. What do you think about the future of the standard and how will it change to adapt to new challenges?

Ecki: I think this is the past. When the ISO 31000:2009 was published, it was (more or less) the only risk management standard recognized worldwide. Now there are more standards existing, which have included (at least partly) risk management (ISO 9001:2015, ISO 22301, etc.). I think the ISO organization may have diminished the possible success from a revised ISO 31000 by over-diversifying ISO standards, which is still ongoing with an increasing number of ISO standards being produced.


Is there a message that you want to give to the risk management community?

Ecki: From my point of view, it is quite simple. It is about what the customer wants, expects and needs, especially the companies which are already using the new ISO 9001:2015 / ISO 14001:2015 standards or will use them in the future. If we follow their wishes, expectations and needs, we will have success with the new ISO 31000 standard. If we only write a standard from experts for experts, there will be no need to use the ISO 31000 to establish risk management systems in these companies.


What advice can you give to interested parties in Austria who want to offer their input to the work of ISO/TC 262 and who should they address?

Ecki: I think the mirror committee in Austria does a very good job, especially the chairperson Mr. Josef Winkler. The committee is very active in communication and internal work; there is also a broad range of experts in the team. If any expert wants to participate in the ISO /TC 262 mirror committee, they should contact Mr. Winkler or another member of the committee.


Thank you very much!


Ansprechpartner Risiko und Sicherheit (Security)


Herr Eckehard Bauer, MSc

Prokurist Business Development für Sicherheitsmanagement, Business Continuity, Risiko, Security, Compliance und Transport

Weitere News & Events

Immer topaktuell informiert

01. Feb 2023

Harald Erkinger ist neuer Geschäftsführer der CIS

Erfahrener IT- und Cybersicherheits-Experte Harald Erkinger ist neuer CEO.

Mehr erfahren
24. Jan 2023

Staatspreis Unternehmens­qualität 2023 zeichnet wieder exzellente Betriebe aus

Call for Entries: Einreichfrist läuft bis 15. März 2023

Mehr erfahren
23. Nov 2023

Event: 9. qualityaustria Nachhaltigkeitsforum

Das Event findet am 23. November 2023 virtuell statt.

Mehr erfahren
16. Jan 2023

Frischen Sie Ihr Wissen auf

Verlängern Sie Ihr Personenzertifikat.

Mehr erfahren
25. Jan 2023

Event: QMD Kick-off Event

QMD-Informationsveranstaltung für IVD-Hersteller

Mehr erfahren
12. Jan 2023

Digitale Barriere­freiheit: Zeichen von Inklusion und Menschlich­keit


Mehr erfahren
10. Jan 2023

QMD Services erhält Zulassung als Benannte Stelle für In-vitro-Diagnostika

Meilenstein für die österreichische Medizinproduktebranche

Mehr erfahren
10. Jan 2023

Warum ESG für Organisationen immer wichtiger wird

Mehr Nachhaltigkeit für die Wirtschaft

Mehr erfahren
03. Jan 2023

EN ISO 15189 – Ihre Fragen, unsere Antworten

Was Sie jetzt über den Standard wissen sollten

Mehr erfahren
19. Dez 2022

Quality Austria mit Top Company Siegel 2023 ausgezeichnet

kununu kürt erneut die besten Arbeitgeber*innen

Mehr erfahren
06. Sep 2023

Event: 17. qualityaustria Gesundheitsforum

Das Event findet am 6. September 2023 in Wien statt.

Mehr erfahren
10. Okt 2023

Event: 14. qualityaustria Lebensmittelforum

Das Event findet am 10. - 11. Oktober 2023 in Wien statt.

Mehr erfahren
+43 732 34 23 22