I will prefer the ISO 31000 to be used over the PM2 because the PM2 has complicated and
complex steps, which are time consuming, compared to the PM2 model. ISO 31000 is superior
compared to the PM2 in the sense that it focuses on the mitigation at the risk level rather than the
PM2, which focuses on the strategic objectives. The mitigation at the risk level for the new ERM
project is very important in order to easily identify and also assess risk, this will be enhance the
success of the implementation of the new ERM project in the organization(Leitch).
The PM2 requires a separate worksheet for each risk compared the ISO 31000 (Lalonde and
Boiral), which does not require such; this makes the ISO 31000 more preferable since it is
economical in terms of the resources and hence the organization will save a lot. In addition, the
PM2 require a separate objective combination this makes it to look tiresome and complex to
implement compared to the ISO 31000. The ISO 31000 is also more reliable because it does not
require either a different worksheet for each risk level or rather an objective combination.
The ISO 31000 is a global standard unlike the PM2 (Leitch), this make it more advantageous
compared to the PM2 since there is a need to comply with the global standards in the
implementation of the new ERM in the organization. This will ensure that the organization is
compliant with the global standards hence it will allow it to be legally acceptable by anyone and
any other parties or partners and other stakeholders that will be involved in the day-to-day
operation. Therefore making it successful since it is compliant with the standards and regulations
globally therefore they can also do its operations anywhere in the world since it is globally
The PM2 is complicated especially the Step four, which involve the linking of programs,
initiatives and risks although this is powerful in the implementation process it will be confusing
to the branch managers, therefore it might result in poor performance of the new ERM
(Mitchell). In addition, the step might not add much value to the project and the overall
implementation process of the new ERM; this is thus an unnecessary and therefore giving the
ISO 31000 a higher advantage to be used by the organization.
The PM2 involves a lot of duplication and thus some of the activities, which might have been
done in the other initial steps. This may end up being repeated in the process for example the
step four, which deals with linking programs and initiatives, This being an important step and
being almost the last step in the PM2 may end up being a repetetional step of the steps done
initially. Also the last step in the PM2 which deals with the determination of indicators and
mitigation of actions, is a very complicated and time consuming since it involve a lot of
procedures hence may slow up the implementation of the new ERM, therefore the ISO 31000 is
more preferable since it does not involve time consuming and complicated steps like this one for
Running Head: Measuring and selecting an ERM. 3
Lalonde, Carole, and Olivier Boiral. “Managing Risks through ISO 31000: A Critical Analysis.”
Risk Management, vol. 14, no. 4, Nov. 2012, pp. 272–300, 10.1057/rm.2012.9. Accessed
20 Mar. 2019.
Leitch, Matthew. “ISO 31000:2009-The New International Standard on Risk Management.” Risk
Analysis, vol. 30, no. 6, 8 Apr. 2010, pp. 887–892, 10.1111/j.1539-6924.2010.01397.x.
Accessed 13 May 2019.
Mitchell, David. “To Monitor or Intervene? City Managers and the Implementation of Strategic
Initiatives.” Public Administration, vol. 96, no. 1, 27 Dec. 2017, pp. 200–217,