ISO 31000 – Risk Management

• ISO 31000 is for use by people who create and protect value in organizations
• Organizations of all types and sizes face external and internal factors and influences that make it uncertain whether they will achieve their objectives
• Managing risk is iterative and assists organizations in achieving their objectives
• Managing risk is part of governance and leadership
• Managing risk is part of all activities associated with an organization and includes interaction with stakeholders.
• Managing risk considers the external and internal context of the organization, including human behaviour and cultural factors.
• Managing risk is based on the principles, framework and process outlined in this standard.

When implemented and maintained  in accordance with this International Standard, the management of risk enables an organization to …

• increase the likelihood of achieving objectives;
• encourage proactive management;
• be aware of the need to identify and treat risk throughout the organization;
• improve the identification of opportunities and threats;
• comply with relevant legal and regulatory requirements and international norms;
• improve mandatory and voluntary reporting;
• improve governance;
• improve stakeholder confidence and trust;
• establish a reliable basis for decision making and planning;

ISO 31000 consists of a vocabulary, a set of principles that support the overarching purpose, a framework for integrating risk management in organisations and a process to use risk management at all levels and for all activities of an organisation.