We live in an ever-changing world
where we are forced to deal with
uncertainty every day. But how an
organization tackles that uncertainty
can be a key predictor of its success.
Who is ISO 31000 for ?
ISO 31000 is applicable to all organizations, regardless of type,
size, activities and location, and covers all types of risk. It was
developed by a range of stakeholders and is intended for use by
Risk is a necessary part of doing business, and in a world where enormous
amounts of data are being processed
at increasingly rapid rates, identifying
and mitigating risks is a challenge for
anyone who manages risks, not just professional risk managers.
What are the benefits for
my business ?
any company. It is no wonder then that
many contracts and insurance agree-
ISO 31000 helps organizations develop a risk management strat-
ments require solid evidence of good
egy to effectively identify and mitigate risks, thereby enhancing
risk management practice.
the likelihood of achieving their objectives and increasing the
ISO 31000 provides direction on how
protection of their assets. Its overarching goal is to develop a risk
companies can integrate risk-based
management culture where employees and stakeholders are
decision making into an organization’s
aware of the importance of monitoring and managing risk.
governance, planning, management,
Implementing ISO 31000 also helps organizations see both the
reporting, policies, values and culture.
positive opportunities and negative consequences associated with
It is an open, principles-based system,
risk, and allows for more informed, and thus more effective, deci-
meaning it enables organizations to
sion making, namely in the allocation of resources. What’s more,
apply the principles in the standard to
it can be an active component in improving an organization’s
the organizational context.
governance and, ultimately, its performance.
ISO 31000, Risk management – 1
What are the main differences ?
ISO 31000:2018 provides more stra-
of stakeholders, being customized to
tegic guidance than ISO 31000:2009
the organization and consideration of
and places more emphasis on both
human and cultural factors.
the involvement of senior manage-
The content has been streamlined to
ment and the integration of risk
reflect an open systems model that
management into the organization.
regularly exchanges feedback with
This includes the recommendation
its external environment in order to
to develop a statement or policy
fit a wider range of needs and con-
that confirms a commitment to risk
texts. The key objective is to make
management, assigning authority,
things clearer and easier, using plain
responsibility and accountability
language to define the fundamentals
at the appropriate levels within the
of risk management in a way that the
organization and ensuring that the
reader will find easier to comprehend.
All ISO standards are reviewed every five years and then
necessary resources are allocated to
The terminology is now more con-
revised if needed. This helps ensure they remain relevant,
cise, with certain terms being moved
useful tools for the marketplace. A revised version of
The revised standard now also
to ISO Guide 73, Risk management –
ISO 31000 was published in 2018 to take into account
recommends that risk management
Vocabulary, which deals specifically
the evolution of the market and new challenges faced by
be part of the organization’s struc-
with risk management terminology
business and organizations since the standard was first
ture, processes, objectives, strategy
and is intended to be used alongside
released in 2009. One example of this is the increased
and activities. It places a greater focus
ISO 31000. Work has commenced on a
complexity of economic systems and emerging risk fac-
on creating value as the key driver
terminology standard and implemen-
tors such as digital currency, both of which can present
of risk management and features
tation handbook to further enhance