ISO’s 31000:2018 Risk Management-Guidelines is a widely embraced framework for implementing ERM in any type of organization.  Issued by the International Organization for Standardization (ISO), ISO 31000:2018 provides guidelines on managing risks to help business leaders create and protect entity value through the management of risks in the context of decision making. Originally issued by ISO in 2009, the framework was revised in 2018. The Framework bases the management of risks on principles, a framework, and process.

ISO 31000:2018’s framework consists of eight principles that provide guidance on the characteristics of effective and efficient risk management and they provide the foundation for management risks. The principles highlight that risk management is to be

  1. Integrated across the entity;
  2. Structured and comprehensive to ensure consistency of processes;
  3. Customized to the organization;
  4. Inclusive of knowledge, views and perceptions of key stakeholders;
  5. Dynamic in managing risks that change continually over time;
  6. Based on the best available information to provide timely, clear information to stakeholders;
  7. Developed in light of human and cultural factors that influence the management of risks; and
  8. A continual improvement of the risk management process.

ISO 31000:2018 framework consists of the following risk management processes:

  1. Communication and Consultation:  Emphasizes the importance of promoting awareness and understanding of risk across key stakeholders.
  2. Scope, Context, and Criteria:  Highlights the importance of customizing the risk management process to the organization.
  3. Risk Assessment:  Describes that the risk assessment consists of risk identification, risk analysis, and risk evaluation.
  4. Risk Treatment: Reminds business leaders of the importance of selecting and implementing responses to manage risks.
  5. Monitoring and Review: Emphasizes the importance of improving the effectiveness of the risk management process.
  6. Recording and Reporting:  Highlights the importance of effective communication of risk information for decision-making.

ISO 3100:2018 can be purchased from ISO’s Store website.


Getting Started in – Risk Management Frameworks

Evaluating Your ERM Program – Risk Management Best Practices

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2020-06-17