Kevin you are known as the ambassador of risk management aligned with ISO 31000 but not too much is known about you – can you please tell us about your background?
I was born on March 10th 1946 in Lilydale, what was then a small town some 38 km east of Melbourne the capital of the Australian State of Victoria. These days Lilydale has been swallowed up in the urban sprawl as Melbourne has grown. I grew up in Ringwood a few kilometers closer to Melbourne. Apart from my formal basic education the rest was very much acquired on the job or in the course of developing formal security and risk management programmes in collaboration with a number of Australian Universities.
Where did you start your career and what was the flashpoint triggering your venturing into resilience and risk management?
I worked in a number of administrative positions until in 1969 I took up an appointment with the Australian Government in security activities which some years later also included law enforcement activities. It was in this work that I first became aware of risk management or more importantly the management of risk as an important way of more effectively managing the security function. A consequence of my interest in the application of risk management as a management approach saw me move more and more into being involved in the application of risk management across the whole enterprise. This also saw me become involved in the development of AS/NZS 4360 the Australian/New Zealand Standard on risk management and then onto ISO and Guide 73 culminating with ISO 31000.
What were the highlights and what were the disappointments in risk management for you?
The highlight has to be the success of AS/NZS 4360 and now ISO 31000. Other highlights have been working with enterprises that have taken a serious commitment to the management of risk while the disappointments have been the way a change of one or two members of the top management team has resulted in the decay of some organizations from best practice in the management of risk to just risky managers.
And in security and resilience?
The work of ISO/TC 223 on Societal security and subsequently TC 292 has been most rewarding because the leadership of the Technical Committee (TC) is supportive of the need to harmonize terms and definitions in the various Standards and other documents that it develops. Hopefully it will be able to clearly demonstrate the usefulness of such harmonization to other ISO and IEC TC’s.
You have been for the past six years the founding Chairman of ISO/TC 262 Risk management: what was your biggest challenge as Chairman?
Getting the TC to work in a collegial spirit with a common purpose as we had with the Working Group of the Technical Management Board that developed ISO 31000. The formal structure of a TC and its Working Groups (WG) sadly seems to elicit some tensions and agendas that were absent from the TMB WG structure or perhaps it was just that we were developing something new that all were excited about and focused on doing our very best. Certainly there were strongly held views and differences of opinion but in the end all worked harmoniously as a team.
ISO 31000 quickly became one of the bestselling and most well recognized standards in ISO. What do you think about the future of the standard and how will it change to adapt to new challenges?
ISO 31000 is an easily understood generic advisory Standard that helps the person new to the concept of managing risk to quickly come up to speed and be able to start out on the journey of tailoring the Standard to their own organizational practices and processes. The challenge is for it to remain as user friendly while at the same time ensuring it represents the best source of information for the new comer. As users become more confident there may well develop a need for a more sophisticated document to assist risk practitioners to meet new and more complicated challenges. As we found in Australia and New Zealand there are also many seeking more subject specific handbooks such as we already see with the WGs developing documents on disruption related risk; supply chain risk and legal risk.
ISO Directives require Technical Committees to avoid redundant and contradicting standardization. Do you personally believe ISO is perfectly lined up to achieve this objective, in particular within its system of Management System Standards or would you like to suggest some improvements?
The current work in trying to gain harmonization between Management System Standards needs to be done first before we try sorting out the redundant and contradicting Standards. The fact that there is still much work to be done in bringing Management System Standards into alignment with ISO Annex SL and the ongoing scandal of multiple definitions for the same term would suggest there is still a lot of work to be done under strong leadership of the TMB.
Upon your retirement as Chairman of ISO/TC 262 what message do you want to give to the experts and delegates nominated by their national standardization bodies to the Technical Committee?
I am particularly concerned at the ageing of subject matter experts and the preponderance of Consultants on many WG’s as this could well lead to Standards losing their relevance as "independent" documents. My other source of concern is the growing trend for National Standards Bodies to nominate their employees as subject matter experts to WG’s when they clearly have no relevant subject matter experience or expertise.
What challenges have Norma McComick and you encountered in ISO/TC 292 Security and resilience and in your work at WG 1 Terminology?
The fact that some WG’s spend so much time on Terms and Definitions rather than developing their Standard(s). Certainly there is a need for subject matter expertise to be involved but the Terminology WG is able to polish and format the definition in accordance with ISO requirements and refer it back to the subject WG for approval. This process will enable WG’s to devote their limited face to face time together and also quickly identify possible duplications of definitions for the same term. The fact that one WG has used very different definitions for the same term in different Standards they have published should an embarrassment to the TC. The limited enthusiasm of some WG’s to engage with WG 1 on the plain language program is also of concern.
What was Norma’s and your biggest achievement?
Getting ISO 22300 published on the ISO web with free access to all users of TC 292 published Standards and having the Security and Resilience Lexicon adopted as a Standing Document.
You told us you would be heading for well-deserved obscurity in October – we don’t really believe this will be possible for an ambassador of risk management – once Ambassador always Ambassador! Will you adopt a role suited for an elderly statesman of risk management and security and resilience in the future and what might this role be?
Certainly if I am invited I will happily promote the work of TC 262 and TC 292 but given that is more the role of the Chairmen I think obscurity will become the norm.
What are your plans for your »state of obscurity« in the near and far future?
I have just been appointed an Adjunct Professor with the School of Business at the University of Queensland for three years so that will get me out of the house occasionally and of course with 7 grandchildren under 10 I am sure they will help fill in my spare time. I also have a collection of books to read that have accumulated over the past years.
Thank you very much!
It has been an honor to have been able to contribute to the work of Standardization over the past 35 years at the national committee level and latterly internationally in a leadership role. Standardization is an important activity, albeit an undervalued one in the modern world, which requires people of good will from around the globe to work together for the benefit of their fellows by facilitating trade and commerce through common practices, processes and technical requirements.
Interview by Dr Frank Herdmann and Dr Stefan Tangen