Australia has long been blessed with an excellent Risk Management Framework (currently AS/NZS ISO 31000:2009). In fact, the International Standard Organisation’s own Enterprise Risk Management Framework Standard borrows heavily from it. However there are still some basic conceptual errors and difficulties that the process and framework neglect.
This article first published in 2011 outlines some critical feedback for the ISO31000 team (Jeff later contributed to the further development of the framework). It has been cited by several academic risk management publications since.