In his presentation at the ERMA Asia Pacific Risk Management Conference 2011, Dr. Maassen is referring to a number of (open-source) materials. The presentation and links to supporting documentation are available on this website.
AS/NZS 4360:2004 has been superseded by AS/NZS ISO 31000:2009, Risk management - Principles and guidelines. The Joint Australian/New Zealand Standard was prepared by Joint Technical Committee OB-007, Risk Management. It was approved on behalf of the Council of Standards Australia on 6 November 2009 and on behalf of the Council of Standards New Zealand on 16 October 2009.
The Risk Management Standard was published by the Institute of Risk Management (IRM), The Association of Insurance and Risk Managers (AIRMIC) and Alarm (The Public Risk Management Association) in 2002. The standard represents best practice against which organizations can measure themselves.
The Australian/New Zealand Risk Management Standard "provides a generic guide for managing risk. This Standard may be applied to a very wide range of activities, decisions or operations of any public, private or community enterprise, group or individual. ... [it] specifies the elements of the risk management process, but it is not the purpose of this Standard to enforce uniformity of risk management systems. It is generic and independent of any specific industry or economic sector." Source: www.riskmanagement.com.au
The Risk IT framework "complements ITGI’s COBIT which provides a comprehensive framework for the delivery of high-quality information technology-based (IT-based) services. While COBIT sets good practices for the means of risk management, Risk IT sets good practices ... by providing a framework for enterprises to identify, govern and manage IT risk." Source: www.isaca.org
COBIT is an "IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework." Source: www.isaca.org
The COSO Guidance on Monitoring Internal Control Systems (2009) is based on a three volume 2008 exposure draft that elaborated on the importance of internal control as part of the five pillars of the COSO Risk Management Framework.
The Enterprise Risk Management – Integrated Framework "expands on internal control, providing a more robust and extensive focus on the broader subject of enterprise risk management. While it is not intended to and does not replace the internal control framework, but rather incorporates the internal control framework within it, companies may decide to look to this enterprise risk management framework both to satisfy their internal control needs and to move toward a fuller risk management process." Source: www.coso.org
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) issued Internal Control – Integrated Framework. Its is a framework "to help businesses and other entities assess and enhance their internal control systems." These have been further refined and developed with additional standards. Source: www.coso.org.
This guide provides a basic vocabulary of the definitions of risk management generic terms. The first edition of ISO/IEC Guide 73 was prepared by the ISO Technical Management Board Working Group 2 on risk management terminology.