AS/NZS ISO 31000:2018
Risk Management — Guidelines
AS/NZS ISO 31000:2018 sets out generic guidelines for risk management applicable to any organisation, sector or activity. It defines risk-management principles (integrated, structured, customised, inclusive, dynamic, best available information, human and cultural factors, continual improvement), provides a framework for risk-management governance and oversight, and specifies a risk-management process comprising scope-context-criteria, risk identification, risk analysis, risk evaluation, risk treatment, monitoring and review, and recording and reporting. The standard is the controlling reference for organisational risk-management practice in Australia and New Zealand and is referenced from a wide range of sector-specific standards including AS 4360 (legacy risk-management standard), AS 5577 (electronic-records risk), and ISO/TS 31050 (climate-change risk). For structural engineering practice, AS/NZS ISO 31000 is the framework underlying risk-classification methodology in condition assessment, investigation reporting and remediation prioritisation. The 2018 edition (which adopts ISO 31000:2018) replaces AS/NZS ISO 31000:2009 and represents a substantial restructure of the standard, with greater emphasis on integration with organisational governance and reduced prescription of specific tools and techniques.
AS/NZS ISO 31000 is the framework underlying TRSC's risk-classification methodology in every investigation report, condition assessment and remediation specification we issue. The standard is not a structural engineering standard — it is a risk-management framework — but its application to structural engineering practice is decisive in giving condition-assessment recommendations a defensible basis rather than relying on professional opinion alone. Three application points matter for TRSC practice. First, the risk-classification matrix used in TRSC condition assessments — consequence severity (1 to 5) multiplied by likelihood of adverse outcome (1 to 5) — is a direct application of AS/NZS ISO 31000:2018 risk-analysis principles. The matrix structure is the engineering tool that translates the standard's qualitative principles into a quantitative, comparable basis for prioritising intervention. Each structural element or defect is assigned a consequence rating (reflecting the impact of failure on safety, asset value, operational continuity, and regulatory compliance) and a likelihood rating (reflecting the probability of failure within a defined time horizon, typically 1 year, 5 years, 25 years). The product determines the risk level, which maps directly to an intervention urgency in the TRSC Make Safe and Monitor hierarchy. The matrix format ensures that limited capital is directed to the highest-risk elements first, and that deferral decisions are documented rather than assumed. Second, AS/NZS ISO 31000 monitoring and review provisions inform the ongoing-monitoring specification in TRSC remediation designs. The standard requires that risk treatment include monitoring of effectiveness over time; for structural remediation, this translates to scheduled re-inspection cycles, automated monitoring system deployment, and condition-trend analysis. The Prince Consort Hotel digital tiltmeter installation is a worked example: AS/NZS ISO 31000 monitoring principles required that the structural-stability risk be re-evaluated periodically against measured movement data, with intervention triggers defined a priori rather than retrospectively. Third, AS/NZS ISO 31000 recording and reporting provisions inform the documentation standard for TRSC investigation files. The standard requires that risk-management decisions be traceable to the evidence on which they were based, the alternatives considered, the engineering judgement applied, and the residual risk accepted. For Form 15 certifications and condition-assessment reports, this is the framework that makes the documentation defensible against subsequent regulatory or legal scrutiny — every risk-classification decision in a TRSC report is supported by documented evidence (measurement data, test results, inspection observations) and an explicit engineering basis. Heritage projects, post-disaster assessments, and high-stakes capital-decision investigations all rely on this AS/NZS ISO 31000 documentation discipline as the foundation for the engineering certification.
AS/NZS ISO 31000 is not directly cited in Form 15 RPEQ certification text, but the risk-classification methodology underlying TRSC investigation and condition-assessment reports is grounded in the standard, and the documentation discipline it requires is what makes the supporting investigation file defensible against regulatory or legal scrutiny. The Form 15 file retains the AS/NZS ISO 31000 risk-classification matrix for the structural elements covered by the certification, the engineering basis for each consequence and likelihood rating, the decision pathway from risk classification to remediation hierarchy, and where ongoing monitoring is part of the certification scope, the monitoring specification reflecting the standard's review provisions.