Knowledge Axis
ISO 31000 - Risk management
Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty.
ISO 31000:2018
ISO 31000:2018, Risk management - Guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector.
ISO 31000:2018
ISO 31000:2018, Risk management - Guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector.
ISO 31000:2018
Risk management -- Guidelines
ISO 31000:2018 provides guidelines on managing risk faced by organizations. The application of these guidelines can be customized to any organization and its context.
ISO 31000:2018 provides a common approach to managing any type of risk and is not industry or sector specific.
ISO 31000:2018 can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels.
ISO 31000:2018 provides guidelines on managing risk faced by organizations. The application of these guidelines can be customized to any organization and its context.
ISO 31000:2018 provides a common approach to managing any type of risk and is not industry or sector specific.
ISO 31000:2018 can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels.
ISO 31000 is a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognized paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions.
Currently, the ISO 31000 family is expected to include:
Currently, the ISO 31000 family is expected to include:
■
ISO 31000:2009 - Principles and Guidelines on Implementation
■
ISO/IEC 31010:2009 - Risk Management - Risk Assessment Techniques
■
ISO Guide 73:2009 - Risk Management - Vocabulary
Introduction
ISO 31000 was published as a standard on 13 November 2009, and provides a standard on the implementation of risk management. A revised and harmonized ISO/IEC Guide 73 was published at the same time. The purpose of ISO 31000:2009 is to be applicable and adaptable for "any public, private or community enterprise, association, group or individual. Accordingly, the general scope of ISO 31000 - as a family of risk management standards is not developed for a particular industry group, management system or subject matter field in mind, rather to provide best practice structure and guidance to all operations concerned with risk management.
ISO 31000 was published as a standard on 13 November 2009, and provides a standard on the implementation of risk management. A revised and harmonized ISO/IEC Guide 73 was published at the same time. The purpose of ISO 31000:2009 is to be applicable and adaptable for "any public, private or community enterprise, association, group or individual. Accordingly, the general scope of ISO 31000 - as a family of risk management standards is not developed for a particular industry group, management system or subject matter field in mind, rather to provide best practice structure and guidance to all operations concerned with risk management.
Scope
The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.
Accordingly, ISO 31000:2009 is intended for a broad stakeholder group including:
The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.
Accordingly, ISO 31000:2009 is intended for a broad stakeholder group including:
■
executive level stakeholders
■
appointment holders in the enterprise risk management group
■
risk analysts and management officers
■
line managers and project managers
■
compliance and internal auditors
■
Independent practitioners.
Managing risk
ISO 31000:2009 gives a list on how to deal with risk:
ISO 31000:2009 gives a list on how to deal with risk:
■
Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk
■
Accepting or increasing the risk in order to pursue an opportunity
■
Removing the risk source
■
Changing the likelihood
■
Changing the consequences
■
Sharing the risk with another party or parties (including contracts and risk financing)
■
Retaining the risk by informed decision
Implementation
The intent of ISO 31000 is to be applied within existing management systems to formalize and improve risk management processes as opposed to wholesale substitution of legacy management practices. Subsequently, when implementing ISO 31000, attention is to be given to integrating existing risk management processes in the new paradigm addressed in the standard.
The focus of many ISO 31000 'harmonization' programmers have centered on:
The intent of ISO 31000 is to be applied within existing management systems to formalize and improve risk management processes as opposed to wholesale substitution of legacy management practices. Subsequently, when implementing ISO 31000, attention is to be given to integrating existing risk management processes in the new paradigm addressed in the standard.
The focus of many ISO 31000 'harmonization' programmers have centered on:
■
Transferring accountability gaps in enterprise risk management
■
Aligning objectives of the governance frameworks with ISO 31000
■
Embedding management system reporting mechanisms
■
Creating uniform risk criteria and evaluation metrics
Quality & ISO Consultancy Services, Quality Bureau