ISO 31000 Risk management— Principles and guidelines

ISO 31000

What is Risk management?

AS/NZS 4360:2004 – Australia, defines Risk Management as:

“Risk management implies the management to reach the optimal balance between the seizure of the opportunities and the limitation of the negative impacts.”

What is ISO 31000?

ISO 31000 provides principles and generic guidelines on risk management.

• can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000 is not specific to any industry or sector.
• can be applied throughout the life of an organization, and to a wide range of activities, including strategies and decisions, operations, processes, functions, projects, products, services and assets.
• can be applied to any type of risk, whatever its nature, whether having positive or negative consequences.

Although ISO 31000 provides generic guidelines, it is not intended to promote uniformity of risk management across organizations. The design and implementation of risk management plans and frameworks will need to take into account the varying needs of a specific organization, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.

It is intended that ISO 31000 be utilized to harmonize risk management processes in existing and future standards. It provides a common approach in support of standards dealing with specific risks and/or sectors, and does not replace those standards.

How does Risk Management benefit an organization?

1. creates and protects value
2. is an integral part of all organizational processes
3. is part of decision making
4. explicitly addresses uncertainty
5. is systematic, structured and timely
6. is based on the best available information
7. is tailored
8. takes human and cultural factors into account
9. is transparent and inclusive
10. is dynamic, iterative and responsive to change
11. facilitates continual improvement of theorganization