ISO 31000 2009

INTRODUCTION

EXECUTIVE SUMMARY

ISO 31000 is a generic risk management standard. It was developed
by the ISO Technical Management Board Working Group on risk
management. The official name of the standard is ISO 31000:2009
Risk management - Principles and guidelines. ISO published this
new standard on November 13, 2009.

ISO 31000 defines a set of guidelines. We refer to them as guidelines
because they’re voluntary. They’re not requirements or contractual
obligations. They’re suggestions only. These risk management
suggestions or guidelines are discussed in the following sections:

3. Risk Management Principles
4. Risk Management Framework
5. Risk Management Process

Since this standard is all about managing risk, we need to define the term
risk. According to ISO 31000, Part 2.1, risk is the “effect of uncertainty on
objectives”, and an effect is a positive or negative deviation from what is
expected. So, risk is the chance that there will be a positive or negative
deviation from the objective you expect to achieve.

ISO 31000 recognizes that organizations operate in an uncertain world.
Whenever you try to achieve an objective, there’s always the chance
that things will not go according to plan. There’s always the chance that
you will not achieve what you expect to achieve. Every step you take to
achieve an objective involves uncertainty. Every step has an element of
risk that needs to be managed. According to ISO 31000, you can reduce
your uncertainty and manage your risk, by using a systematic approach
to risk management.

Uncertainty is a state of being that involves a deficiency of information
and leads to inadequate or incomplete knowledge or understanding.
In the context of risk management, uncertainty exists whenever your
knowledge or understanding of an event, consequence, or likelihood
is inadequate or incomplete. So, you can reduce your uncertainty
by getting better information and improving your knowledge and
understanding.

SCOPE OF ISO 31000

ISO 31000 is an international risk management standard. It can be
used by any organization no matter what size it is or what it does. It
can be used by both public and private organizations and by groups,
associations, and enterprises of all kinds. It is not specific to any
sector or industry and can be applied to any type of risk.

ISO 31000 can be applied to the achievement of any and all types of
objectives at all levels and areas within an organization. It can be used
at a strategic or organizational level to help make decisions and can be
applied to all types of activities. It can be used to help manage processes,
operations, functions, projects, programs, products, services, and assets.

However, exactly how you apply ISO 31000 is up to you and will depend
on your organization’s needs, objectives, and challenges, and should
reflect what it does and how it operates.

WHO SHOULD USE ISO 31000?

ISO 31000 can be used by a wide range of
stakeholders, including people who need to:

Establish a risk management policy.
Ensure that risk is managed properly.
Manage and control risk within an organization.
Evaluate risk management practices and processes.
Explain how risk should be managed and controlled.
Develop risk management procedures and guides.
Prepare related standards and codes of practice.

WHY USE ISO 31000?

When properly implemented and applied,
ISO 31000 will help you to:

Increase the likelihood that objectives will be achieved.
Improve your ability to identify threats and opportunities.
Establish a sound basis for planning and decision making.
Help you allocate and use risk treatment resources.
Improve the overall resilience of your organization.
Improve operational efficiency and effectiveness.
Encourage personnel to identify and treat risk.
Help minimize your organization’s losses.
Improve your risk management controls.
Comply with legal and regulatory requirements.
Enhance your approach to environmental protection.
Improve the effectiveness of your governance activities.
Enhance your organization’s health and safety performance.
Improve loss prevention and incident management activities.
Encourage and support continuous organizational learning.
Improve the trust and confidence of your stakeholders.
Enhance both mandatory and voluntary reporting.
Comply with international norms and standards.

ISO 31000 CONFERENCE ON MAY 28, 2013

You are invited to attend the Second International Conference + Masterclass
on the ISO 31000 standard in Toronto, Canada from May 28 until May 31, 2013.

This important ISO 31000 conference brings together an outstanding panel of
international experts and practitioners to share their current perspectives on the
ISO 31000 risk management standard. It will explore the impact of the standard
on other ISO management standards and the latest developments in your sector.

This conference is hosted by the Global Institute for Risk Management Standards.
For more information about the conference, see http://conference2013.g31000.org/

OTHER ISO 31000 PAGES

Overview of ISO 31000 Standard

Plain English Risk Management Definitions

ISO 31000 Standard Translated into Plain English

ISO 31000 Risk Management Audit Tool

Home Page	Our Libraries	A to Z Index	Customers
How to Order	Our Products	Our Prices	Guarantee
Praxiom Research Group Limited help@praxiom.com 780-461-4514
Updated on May 5, 2013. First published on August 31, 2010.
Legal Restrictions on the Use of this Page Thank you for visiting this page. You are, of course, welcome to view our material as often as you wish, free of charge. And as long as you keep intact all copyright notices, you are also welcome to print or make one copy of this page for your own personal, noncommercial, home use. But, you are not legally authorized to print or produce additional copies or to copy and paste any of our material onto another web site or to republish it in any way. Copyright © 2010 - 2013 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited