Standardization in Risk Management Regulations: What Can We Learn From Scientific Literature?

Abstract

The structural set-up and key characteristics of regulatory regimes for risk management vary between countries, technical domains and application areas. Risk regulations come in different forms, ranging from a highly prescriptive (“hard”) approaches including explicit requirements on key risk management components, to “softer” approaches requiring risk to be managed without defining how. Risk regulations are subject to continual development. Increased standardization is observed in diverse risk domains such as land-use planning, terrorism and security risk management, cyber security, and disaster risk management. This development is contested and the question of what form of standardization and whether a low versus high level of standardization is the most beneficial for effective and efficient risk management risk management is debated. Using a scoping study approach, this paper presents an overview of standardization of risk in scientific literature. The aim of this paper is to provide insights related to the arguments, effects, and experiences of using standards or standardized approaches for managing risk. The results indicate that effects of standardization in risk regulations are not extensively covered in research. The paper contributes to the knowledge base for judging the appropriate level and form of standardization in risk regulations but more research is needed.