NEW: ISO 31000 2018 in Plain English

ISO 31000 2018 is an international risk management standard. It can be applied to the
achievement of any and all types of objectives at all organizational levels and in all areas.
It can be used to help make decisions and can be applied to any and all types of activities.

This page presents an overview of ISO 31000 2018 and provides a PDF Sample of our approach.

4. Risk Management Principles

  • Develop an approach that is structured and comprehensive.
  • Develop an approach that encourages the creation and protection of value.
  • Develop an approach that encourages the achievement of goals and objectives.
  • Develop an approach that encourages the improvement of activities and outputs.
  • Develop an approach that encourages the involvement of areas and functions.
  • Develop an approach that encourages the participation of all stakeholders.
  • Develop an approach that encourages the use of reliable information.
  • Make sure that your risk management approach is dynamic.
  • Develop an approach that is capable of managing organizational change.
        • Develop an approach that is capable of managing changes in risk.
        • Develop an approach that is capable of adapting to changes in context.
        • Develop an approach that is capable of managing changes in expectations.
  • Develop an approach that encourages continual organizational improvement.
  • Make sure that your risk management approach is customized.
        • Make sure that your framework accommodates human and cultural factors.
        • Make sure that your framework addresses and responds to your context.
        • Make sure that your process accommodates human and cultural factors.
        • Make sure that your process addresses and responds to your context.

5. Risk Management Framework - PDF Sample

5.1 Plan the establishment of your risk management framework.

  • Ask stakeholders to support the establishment of a framework.
  • Evaluate your existing risk management practices and processes.

5.2 Show leadership by making a commitment to risk management.

  • Ask your leaders to support a risk management framework.
      • Ask oversight bodies to make a commitment to risk management.
      • Ask top management to make a commitment to risk management.
  • Ask your leaders to establish a risk management framework.

5.3 Make your organizationís personnel responsible for managing risk.

    • Make risk management an integral part of your organization's culture.
      • Ask everyone in your organization to be responsible for managing risk.
      • Use iterative methods to build risk management into your organization.

5.4 Design your organization's unique risk management framework.

5.4.1 Consider your context when you develop your framework.

5.4.2 Define your organization's commitment to risk management.

5.4.3 Assign risk management roles at all levels of the organization.

5.4.4 Allocate resources to support your risk management activities.

5.4.5 Support your framework by sharing and receiving information.

5.5 Implement your organization's risk management framework.

    • Develop a plan to implement your risk management framework.
    • Allocate the resources needed to implement your framework.
    • Implement your organization's risk management framework.

5.6 Evaluate the performance of your risk management framework.

    • Periodically measure the performance of your risk management framework.
    • Periodically review the performance of your risk management framework.

5.7 Improve the performance of your risk management framework.

5.7.1 Monitor and modify your organization's risk management framework.

5.7.2 Enhance the overall performance of your risk management framework.

6. Risk Management Process

6.1 Plan the establishment of a risk management process.

    • Plan the development of an iterative risk management process.
    • Plan the implementation of an iterative risk management process.

6.2 Discuss risks and get feedback from your stakeholders.

    • Discuss risk at every step of the risk management process.
  • Involve internal and external stakeholders at every step.

6.3 Define scope, context, and the criteria you intend to use.

6.3.1 Consider how you plan to create a process that meets your unique needs.

      • Think about how the scope of your risk management process should be defined.
      • Think about how your organization's context could influence risk management.
      • Think about how your organization will evaluate the significance of its risks.

6.3.2 Define the overall scope of your organization's risk management process.

      • Specify the scope of your organization's risk management activities.
        • Think about what risk management should achieve.

        • Think about what risk management should include.

6.3.3 Clarify the external and internal context of your risk management process.

      • Consider your context as you develop your risk management process.

          • Consider external influences during process design.
          • Consider external factors during process design.
          • Consider external trends during process design.
          • Consider external drivers during process design.
          • Consider internal influences during process design.
            • Consider your culture as you design your process.
            • Consider your governance as you design your process.
            • Consider your structure as you design your process.
            • Consider your stakeholders as you design your process.
            • Consider your capabilities as you design your process.
            • Consider your standards as you design your process.
            • Consider your resources as you design your process.

6.3.4 Specify the criteria that you plan to use to evaluate your organization's risks.

      • Identify the risks that your organization takes as it tries to achieve objectives.
        • Define the types of risks that your organization is willing to tolerate.

          • Define the amount of risk that you're willing to tolerate.
      • Define criteria to evaluate the significance or importance of your risks.
        • Consider your framework when you define your risk criteria.
        • Consider your organization when you define your risk criteria.
        • Consider your methodology when you define your risk criteria.
      • Clarify and update risk criteria at the beginning of every risk assessment.
      • Review and periodically amend risk criteria whenever this is necessary.

6.4 Conduct systematic risk assessments on a regular basis.

6.4.1 Assess the risks that could influence the achievement of your objectives.

      • Plan the performance of regular risk assessment activities and projects.
        • Make sure that your organization's risk assessments are iterative.

        • Make sure that your organization's risk assessments are systematic.
        • Make sure that your organization's risk assessments are collaborative.
      • Use the best available information and advice to carry out risk assessments.

6.4.2 Identify the risks that could influence the achievement of your objectives.

      • Find the risks that could influence the achievement of your objectives.
        • Discuss the assumptions, biases, and beliefs of participants.

        • Consider the nature and value of your assets and resources.
        • Discover, discuss, and explore both actual and potential risks.
      • Recognize the risks that could influence the achievement of your objectives.
        • Acknowledge the limits of knowledge and the reliability of your information.
      • Describe the risks that could influence the achievement of your objectives.

6.4.3 Analyze the risks that could influence the achievement of your objectives.

      • Consider the risks that could affect objectives.
        • Study actual and potential events and scenarios.

      • Study the causes that could produce these events.
        • Study the consequences that events could create.
        • Study the controls that are used to manage risk.
      • Determine and define your confidence level.
        • Specify how much confidence you have in your results.
      • Document analytical results and conclusions.
        • Document your assumptions and preconceptions.

6.4.4 Evaluate the risks that could influence the achievement of objectives.

      • Evaluate your organization's risks.

          • Use the results of your evaluation to consider treatment options.
      • Record your risk evaluation results.
      • Communicate risk evaluation results.

6.5 Treat the risks that affect the achievement of objectives.

6.5.1 Establish your organization's risk treatment process.

      • Design and develop an effective risk treatment process.
        • Make sure that your risk treatment process is iterative.

          • Make sure that process helps you to select risk treatment options.
        • Make sure that your process helps you to formulate risk treatment plans.
        • Make sure that your process helps you to assess risk treatment results.

6.5.2 Choose the most appropriate risk treatment options.

      • Consider risk treatment options.
        • Consider retaining the risk.

        • Consider avoiding the risk.
      • Consider trying to eliminate or remove the risk.
          • Consider avoiding activities that generate risk.
        • Consider reducing the risk.
          • Consider trying to share the risk.
          • Consider trying to mitigate the risk.
      • Select risk treatment options.
        • Consider your organization's objectives when you make treatment decisions.
        • Consider legal and regulatory requirements when making treatment decisions.
        • Consider values and perceptions of stakeholders when you select treatments.
        • Consider costs and benefits when making risk treatment decisions.
        • Consider new risks that risk treatment options could introduce.
      • Postpone risk treatment options.
        • Postpone treatment whenever options are unavailable or inadequate.

6.5.3 Prepare and implement your risk treatment plans.

      • Develop risk treatment plans.

        • Describe chosen treatment options.
        • Describe the benefits to be achieved.
        • Describe the steps that will be taken.
        • Describe how plans will be managed.
        • Describe how accountability was allocated.
        • Describe the resources that will be required.
      • Approve risk treatment plans.
      • Implement risk treatment plans.
      • Monitor implementation activities.
      • Review implementation activities.

6.6 Evaluate and improve your risk management process.

    • Evaluate your organization's risk management process.
      • Monitor your organization's risk management process.
      • Review your organization's risk management process.
    • Improve your organization's risk management process.
      • Use monitoring results to improve your risk management process.
      • Use review results to improve your risk management process.

6.7 Record and report on risk management activities.

    • Establish your risk management records and reports.
      • Consider your organization's internal and external context.
      • Consider your organization's information requirements.
    • Document risk management activities and outcomes.
      • Record your risk management activities and outcomes.
      • Report on your risk management activities and outcomes.

RISK MANAGEMENT PAGES

Introduction to Risk Management

Outline of Risk Management Standard

Overview of Risk Management Standard

Plain English Risk Management Definitions

Plain English Risk Management Audit Tool

Plain English Risk Management Checklist

Plain English Standard - PDF Sample

Plain English Audit - PDF Sample

ISO 31000 2009 in Plain English

Our Plain English Approach

OTHER STANDARDS

Internal Auditing Standard

Business Continuity Standard

Quality Management Standard

Service Management Standard

Process Management Standard

Environmental Management Standard

Software Quality Management Standard

Occupational Health and Safety Standard

Information Security Management Standard

Supply Chain Security Management Standard

Medical Device Quality Management Standard

Medical Device Risk Management Standard

Aerospace Quality Management Standard

Food Safety Management Standard

Attention

This page summarizes our Plain English Risk Management Standard.
It highlights the main points. It does not present detail. To get the complete
product
, please buy our Title 31: ISO 31000 2018 Translated into Plain English
.

Place an Order 

Title 31 Contents

See our License


Updated on August 9, 2018. First published on August 9, 2018.

Home Page

Our Library

A to Z Index

Customers

How to Order

Our Products

Our Prices

Guarantee

Praxiom Research Group Limited              help@praxiom.com             780-461-4514


Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are, of course, welcome to view our material as often
as you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2018 by Praxiom Research Group Ltd. All Rights Reserved.

Praxiom Research Group Limited