25. Apr 2017

Risk Management and ISO 31000 in Austria

Eckehard Bauer is the vice president of Quality Austria, a worldwide active certification body and organization for training. In his function as manager in Quality Austria, he is responsible for safety, transport, Business Continuity Management and Risk Management. He is a member of the mirror committee of the Austrian Standards Institute (ASI).

This interview was conducted for ISO TC 262.

The interviewee

Mr. Eckehard Bauer
MSc Executive Vice President Key Account and Business Development Risk and Safety, Security, Business Continuity, Transport

Ecki, you are a member of the Austrian mirror committee to ISO/TC 262. Can you briefly introduce the Austrian Standards Institute (ASI), your national standardization organization, please?

Ecki: The ASI is located in Vienna and is the only organization in Austria which releases standards from ISO, EN, and other national standards. Since last year, we created a new law on standards in Austria which is very challenging for ASI.


You have been a »regular« at TC 262 meetings in the past but were prevented from coming to Amman – will you be back at the next meeting and what is Austria’s principle message regarding the last drafts of ISO 31000?

Ecki: Unfortunately, after making all the arrangements for coming to Amman I had to cancel them due to significant personal issues. I am back in business since the end of December 2016, following again all the developments in the ISO/TC 262 committee. I look forward to being again an active participant at the upcoming meetings.


What is risk management based on in Austria (e.g.: are there any laws, regulations, national standards or other rules)?

Ecki: We have a lot of laws and regulations which are directly linked to risk management or to risk evaluation. Sometimes we name it a little bit differently, for example “work place evaluation” or “hazard evaluation” etc. In Austria, we have a local Standard, the ONR 49000ff which took the ISO 31000 (guideline) and transformed it into risk management system requirements. This standard is also popular in Germany, Switzerland and in the German speaking parts of Italy.


What is the impact of risk management and in particular ISO 31000 in Austria?

Ecki: The impact of ISO 31000 in Austria is not as big as it could be. The ONR 49000ff, which I mentioned before is of greater importance in the country, thought this standard is based on the ISO 31000. Now, there is a great interest on risk management in Austria since it is based on the “risk based approach – risk based thinking” concept of ISO 9001:2015 and ISO 14001:2015.


Who are the key stakeholders of risk management in Austria?

Ecki: We do not have special key stakeholders of risk management because this topic is already quite well established in many different groups in Austria. Risk management is being implemented to different degrees in a broad range of branches and sectors, from finances to industry and small enterprises, as well as from work safety to public healthcare etc.


What are the biggest obstacles for integrating risk management in all organizational activities for managers in Austria?

Ecki: I think the philosophy for risk management is very well established in companies in Austria. Though a separate risk management standard and certification is not perceived as needed, especially since the ISO 9001:2015 and the other Annex SL based standards are in use, which already include the risk based approach. The ISO 31000 (current version) is now not being used to establish risk management in companies. A statement from companies that I often hear is, that there are too many gaps between the (current) ISO 31000 and the requirements of ISO 9001:2015 / ISO 14001:2015. This is also a reason why companies prefer to use the national ONR 49000ff or other existing standards to establish risk management in the company.


ISO 31000 quickly became one of the bestselling and most well recognized standards in ISO. What do you think about the future of the standard and how will it change to adapt to new challenges?

Ecki: I think this is the past. When the ISO 31000:2009 was published, it was (more or less) the only risk management standard recognized worldwide. Now there are more standards existing, which have included (at least partly) risk management (ISO 9001:2015, ISO 22301, etc.). I think the ISO organization may have diminished the possible success from a revised ISO 31000 by over-diversifying ISO standards, which is still ongoing with an increasing number of ISO standards being produced.


Is there a message that you want to give to the risk management community?

Ecki: From my point of view, it is quite simple. It is about what the customer wants, expects and needs, especially the companies which are already using the new ISO 9001:2015 / ISO 14001:2015 standards or will use them in the future. If we follow their wishes, expectations and needs, we will have success with the new ISO 31000 standard. If we only write a standard from experts for experts, there will be no need to use the ISO 31000 to establish risk management systems in these companies.


What advice can you give to interested parties in Austria who want to offer their input to the work of ISO/TC 262 and who should they address?

Ecki: I think the mirror committee in Austria does a very good job, especially the chairperson Mr. Josef Winkler. The committee is very active in communication and internal work; there is also a broad range of experts in the team. If any expert wants to participate in the ISO /TC 262 mirror committee, they should contact Mr. Winkler or another member of the committee.


Thank you very much!


Contact Person Risk and Security


Mr. Eckehard Bauer, MSc

Executive Vice President Business Development Risk and Safety, Security, Business Continuity, Transport

News & Events

The basis for long-term success!

13. Mar 2019

Event with the Austrian Business community in Albania

The event “Working Breakfast in Tirana” was on 6th of February 2019.

Learn more
05. Mar 2019

One year ISO 45001:2018

Challenges and insights into one year of ISO 45001.

Learn more
23. Oct 2019

Event: 63rd EOQ Congress

Rediscovering Quality

Learn more
21. Jun 2018

Event: 62nd EOQ Congress

Feel the new quality way!

Learn more
18. Oct 2018

Event: EFQM Forum 2018

You can´t play a symphony alone, it takes an orchestra...

Learn more
27. Nov 2018

Quality Austria – the first certification body accredited for ISO 50001:2018

Pioneering role – Energy Management Standard

Learn more
06. Aug 2018

Revision ISO 19011 – New Impulses for the Audit

ISO 19011 is the central guide for auditors operating in all sectors.

Learn more
24. Apr 2018

New standards for educational organizations

ISO 29993:2017 and ISO 21001:2018

Learn more
23. Apr 2018

qualityaustria Forum in Budapest

The conference for quality managers and CEOs was held for the 13th time on April 17th, 2018.

Learn more
05. Mar 2018

ISO 45001:2018 replaces OHSAS 18001

First worldwide ISO standard for Occupational Health&Safety.

Learn more
13. Dec 2017

Changes in the use of the FSC® Trademark

FSC International has published the new version FSC-STD-50-001 (V2-0).

Learn more
+43 732 34 23 22