Scribd
Upload
181 views14 pages

Risk Management and ISO 31000: Doug Newdick

ISO 31000 is an international standard that provides principles and guidelines for effective risk management. It defines risk management, outlines a framework for establishing a risk management process, and describes a process for managing risk. The standard is intended to help organizations of any kind better understand and reduce the impact of uncertainty to help meet their objectives. While it does not provide detailed instructions, using ISO 31000 allows organizations to develop a consistent, credible approach to risk management.

Uploaded by

Suharman Djaja
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
181 views14 pages

Risk Management and ISO 31000: Doug Newdick

ISO 31000 is an international standard that provides principles and guidelines for effective risk management. It defines risk management, outlines a framework for establishing a risk management process, and describes a process for managing risk. The standard is intended to help organizations of any kind better understand and reduce the impact of uncertainty to help meet their objectives. While it does not provide detailed instructions, using ISO 31000 allows organizations to develop a consistent, credible approach to risk management.

Uploaded by

Suharman Djaja
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

Risk Management and ISO 31000

Doug Newdick
What Is Risk Management?

Risk is:
The effect of uncertainty on the ability of an organisation to
meet its objectives.
Risk management is:
The range of activities that an organisation intentionally
undertakes to understand and reduce these effects.
Effective risk management is:
Executing these activities efficiently and in a way that
actually and demonstrably improves the ability of the
organisation to meet its objectives in a repeatable fashion.
What Is ISO 31000?

ISO 31000:2009 is:


● An international standard that provides principles and
guidelines for effective risk management
● Not specific to any industry or sector
● Able to be applied to any kind of risk
● Able to be applied to any kind of organisation
● Intended to be tailored to meet the needs of the
organisation

“The generic approach described in this Standard provides the


principles and guidelines for managing any form of risk in a
systematic, transparent and credible manner and within any
scope and context.”
What Does ISO 31000 Cover?

ISO 31000:2009 contains:


● A set of risk management terms and their definitions
● A set of principles for guiding and informing effective
risk management for an enterprise
● An outline and process for creating a risk
management framework
● An outline and process for creating a risk
management process
ISO 31000 is:
● Clear
● Sensible
● Brief (24 pages)
What Does ISO 31000 Not Cover?

● Detailed instructions on how to manage


risk
● A complete risk management framework
● A complete risk management process
● Formats or attributes for describing risks
● Templates
● Guidance on how to identify risks
● Advice on how to manage risks for a
specific domain
Background to ISO 31000

● Australia and NZ developed AS/NZS 4360:1999 in


1999. This was revised and reissued as AS/NZS
4360:2004 in 2004. Australia and New Zealand led
the world in enterprise risk management at this
point!
● There was no agreed de jure or de facto international
standard in place at this stage. There were a small
number of competing frameworks which were regarded
as unsatisfactory.
● In 2005 the International Standards Organisation
started work on ISO 31000 using AS/NZS 4360:2004
as its first draft.
● ISO 31000 was issued to widespread acclaim in 2009.
ISO 31000 – An Overview
Principles guide the creation of The framework defines the
the framework process

Principles Framework Process

The performance of the


process feeds back into the
framework
ISO 31000 – An Overview: Principles

Risk Management Principles

Creates and protects value Based on the best information

Integral part of organisational


Tailored
processes

Takes human and cultural factors


Part of decision making
into account

Explicitly addresses uncertainty Transparent and inclusive

Dynamic, iterative and responsive to


Systematic, structured , and timely
change

Facilitates continual improvement of


the organisation
ISO 31000 – An Overview: Framework
Mandate and commitment

Design of framework for managing risk

Understanding the organisation and


Establishing risk management policy
its context

Integration into organisational


Accountability
processes

Establishing internal communication


Resources
and reporting mechanisms

Establishing external communication and


reporting mechanisms

Implementing risk management


Continual improvement of the Implementing the framework for
framework managing risk

Implementing the risk management


process

Monitoring and review of the


framework
ISO 31000 – An Overview: Process

Establishing the context

Risk assessment

Risk identification
Communication
Monitoring and
and
review
consultation Risk analysis

Risk evaluation

Risk treatment
Why Use ISO 31000?

Save yourself time and effort:


● Using the terms, principles and guidelines in ISO 31000
means you don’t have to spend time and effort creating
your own.
● You can spend time on the things that really add value –
managing the actual risks.
Facilitate communication:
● Avoid misunderstandings by using concepts and terms
that are well known in the risk management community.
Provide higher quality output:
● Take advantage of the significant expertise in risk
management that the ISO has used in coming up with the
standard.
● Ensure you don’t miss out any aspects of risk
management by using the standard as a checklist.
How Do I Apply ISO 31000?

When should I use ISO 31000?


● When you are asked to identify or assess risks
● When you are asked to manage risks
● When you are asked to assess a risk
management framework or process
How should I use ISO 31000
● Use it to frame the scope of the work
● Use it to guide the engagement
● Use it to create a risk management process
ISO 31000 In Summary

• ISO 31000 gives you a structured, credible


foundation for discussions with about risk and
risk management.
• ISO 31000 gives you a starting point for a risk
management process if you don’t have one.
• ISO 31000 gives you a standard vocabulary for
talking about risks and risk management.
• ISO 31000 gives you a baseline for
comparisons and assessments of risk
management processes.
For Further Resources

Visit my blog:
http://dougnewdick.wordpress.com
Follow me on Twitter:
@dougnewdick

You might also like