What is ISO 31000 Risk Management?
All organisations are affected by risks that can have consequences on their financial performance, their environmental and societal outcomes as well as their reputation.
Some organisations are exposed to more risks than others due to the nature of their business or their business environment. Some organisations are willing to accept more risk than others because with more risk we expect more return. However, one thing that is common in all organisations, is that to protect their value, all organisations must have an effective process to manage risk.
What do you mean by Risk and what is Risk Management?
In a nutshell, risk is uncertainty. Due to internal and external factors organisations face uncertainty as to whether they will achieve their objectives. ISO 31000 quite neatly defines risk in this way as the “effect of uncertainty on objectives”. Risk management refers to the systematic process to try and address this uncertainty or as described by ISO 31000 Risk Management is the “coordinated activities to direct and control an organisation with regard to risk”.
What does ISO 31000 Risk Management Principles and Guidelines give me?
ISO 31000 establishes a set of risk management principles that organisations seeking an effective risk management process should comply with. It also establishes a risk management framework, which ensures that there are sufficient mandate and commitment from senior management and that organisations understand their own organisational context. This makes sure the risk management process is tailored to the organisation’s needs. The third part of the ISO 31000 Risk Management Principles and Guidelines is the risk management process. This process looks at how an organisation can assess their risks and select the appropriate treatments.