The term “risk-based thinking” (RBT) is familiar to those in the quality profession. This familiarity comes in part from its inclusion in ISO 9001:2015, the International Organization for Standardization (ISO) quality management system standard. Although numerous articles and several books have been written on how to implement ISO 9001:2015 in the private sector, little has been done with regards to the public sector.

This reflects two facts. First, the idea of systematically managing the risks governments face is relatively new. Second, where risks are being managed by government organizations, there is no consistent approach. Some are using ISO 9001:2015 and others are using ISO 31000. ISO 31000, revised in 2018, is an enterprise risk management standard.

This article looks at what public-sector organizations are thinking about, and doing, to manage risks.

 …