Risk Management ISO 31000: 2018...
Information & Training. | Risk Management.The ISO 31000, Risk Management Standard was first released in 2009. The standard is not specific to any particular industry or risk setting, but is designed to provide “best practice” guidance in all scenarios where risks can arise. The standard has been subsequently revised to the ISO 31000:2018 standard. This new revision provides a greater emphasis on the involvement of senior management and the integration of risk across the organization.
ISO 31000 identifies key principles in risk management.– Risk needs to be integral within organizational decision making and all processes.
– Risk must be considered in a systematic, structured and timely manner.
– Risk decision must be based on the best information available.
– There is a requirement to take human and cultural factors into account. How could risk be impacted by organizational culture, and staff capabilities, perceptions & values.
– Risk is a dynamic activity, the risk management processes must be equally dynamic to remain relevant.
– There is a need to continually improve the risk management processes and use risk management to improve the organization.
– Be transparent and inclusive of all stakeholders. Ensure senior management buy in to the risk management processes, include relevant parties in decisions and communicate to the whole organization to mitigate resistance to change.
– Be tailored to your business. Align risk management decisions to business goals, risk profile and individual internal and external factors.
Based on the principles of risk management, the ISO 31000 standard then details the need for a “Risk Framework”.
In addition to the Risk Framework, the standard details that the next step is to define the Risk Process. The Risk Process, as defined by ISO 31000: 2018, is “multi-step and iterative; designed to identify and analyze risks in the organizational context.”
The key stages in the Risk Process are:– Communication and Consultation
– Definition of the scope, the context both internal and external and the risk criteria.
– Risk Assessment processes (Identification, Analysis, Evaluation), and
– Risk Treatment processes.
– Continual monitoring.
– Recording and reporting of findings.
Information & Training.
- Risk Identification. Risk Evaluation. Risk Mitigation. Risk Control. Etc..
- Risk Processes. Risk Planning. Risk Reporting.
- Requirements. Standards. Current best practices.
- Information & Training presentation >>>
ISO 31000 2018 International Organization for Standardization