ISO 31000 Risk management

Courtesy: ISO 31000 Risk management

ISO 31000:2018 provides a set of principles, guidelines for the design, implementation of a risk management framework and recommendations for the application of a risk management process. The risk management process as described in ISO 31000 can be applied to any activity, including decision-making at all levels .

The difference between the terms risk management framework and risk management process is described by ISO as in the following:

Risk management framework – set of components that provide the foundations and organizational arrangements for designing, implementing, mentoring, reviewing and continually improving risk management throughout the organization. With the help of the PDCA cycle, the system can be improved on an ongoing basis.

Risk management process – systematic application of management policies, procedures and practices to the activities of communication, consulting, establishing the context, and identifying, analyzing, evaluating, treating, monitoring and reviewing risk . In other words, what ISO 31000 does is that it formalizes risk management practices, and this approach is intended to facilitate broader adoption by companies who require an enterprise risk management standard that accommodates multiple ‘silo-centric’ management systems.

The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.

Accordingly, ISO 31000 is intended for a broad stakeholder group including:

• executive level stakeholders
• appointment holders in the enterprise risk management group
• risk analysts and management officers
• line managers and project managers
• compliance and internal auditors
• independent practitioners