ISO 31000:2009 provides guidance on the implementation of risk management. It was first published as a standard in November 2009, and is owned by the International Standards Organization (ISO). The ISO 31000 family includes:
• ISO 31000:2009 – Principles and Guidelines on Implementation
• ISO/IEC 31010:2009 – Risk Management – Risk Assessment Techniques
• ISO Guide 73:2009 – Risk Management – Vocabulary
ISO 31000 provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organization. The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives. ISO 31000:2009 comprises three building blocks (see Figure).
The First Building Block, the Risk Management Infrastructure, states that risk management should contain the following principles:
• Creates value
• Integral part of organizational processes
• Part of decision-making
• Explicitly addresses uncertainty
• Systematic, structured and timely
• Based on the best available information
• Tailored to the organization
• Takes human and cultural factors into account
• Transparent and inclusive
• Dynamic, iterative and responsive to change
• Facilitates continual improvement of the organization
The Second Building Block, the Risk Management Framework, is about creating the right risk framework through management commitment. Once commitment is established, there is a cycle of actions that include the following steps:
3. Monitoring and review
4. Continual improvement
The Third Building Block, the Risk Management Process, was originally adopted from the standard AS/NZS 4360:2004, which assures that communication and monitoring is done throughout the process.
There are no products matching the selectionThis is a custom CMS block displayed if category is empty.
You can replace it with any custom content.