ISO 31000 – Risk Management

  • What is ISO 31000?

    Risk management is not a process for avoiding risk and its aims are not to eliminate risk, but rather to identify and manage those risks that are attached to all of an organisation’s activities, in order to maximise opportunities and minimise adverse effects. Nor is risk management the management of insurable risks. Insurance is an important way of transferring risk, but most risks will be managed by other means.

    Good risk management provides upward assurance, from business activities and administrative functions, across all departments and divisions, to the senior management team and ultimately to all stakeholders. By using a structured approach, such as that set out in ISO 31000, you are more likely to ensure that all your organisation’s strategic, management and operational tasks are aligned to a common set of risk management objectives.

    ISO 31000 provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organisation.These guidelines are not intended for certification, as are many other standards, but using the standard will help formalise and embed sound risk management practices. It defines risk as “the effect of uncertainty on objectives”, thus causing the word “risk” to refer to positive possibilities as well as negative ones. But those too still have to be managed!

  • What are its benefits?

    • supports strategic and business planning (objectives are more likely to be achieved)
    • supports effective use of resources
    • promotes continuous improvement
    • means fewer shocks and unwelcome surprises (damaging things are less likely to happen)
    • enables the quick grasp of new opportunities (beneficial things are more likely to be achieved)
    • enhances communication between departments and divisions
    • reassures customers and other stakeholders
    • helps focus the internal audit programme
  • How we can help you implement and maintain it

    The full benefits of risk management can only be achieved if it is well implemented and widely embraced throughout the organisation. By gaining understanding of your business structure and operation, we can assist in developing your risk management programme in order to fully comply with ISO 31000 guidelines in a way that supports your own strategy and goals. We have very experienced risk management experts who can

    • assist you to undertake risk analysis and business impact analysis and create plans to address risk
    • help you integrate risk management approaches into operational and strategic planning processes and embed them throughout the organisation
    • help you document and improve processes, especially management processes and procedures
    • train your people at all levels from senior management to operational teams, not only in the requirements of ISO 31000, but also in business continuity management, security planning,  security awareness, internal auditing against the standard and in the use of improvement tools and techniques
    • help you to use risk management frameworks based on the EFQM Excellence Model
    • run networking groups to share risk management best practice




    Ask The Expert

    Click here to Ask Graham

  • Related pages

    Integrated management systems standards

    ISO 9001 – the Quality Management Systems Standard

    ISO 14001 – the Environmental Management Systems Standard

    ISO 45001 – the Health & Safety Standard

    ISO 27001 – the Information Systems Security Standard