Skip to main content
Poole College of Management
Enterprise Risk Management Initiative
ERM Fundamentals

ISO’s Risk Management Framework

June 17, 2020 2-min. read

ISO’s 31000:2018 Risk Management-Guidelines is a widely embraced framework for implementing ERM in any type of organization.  Issued by the International Organization for Standardization (ISO), ISO 31000:2018 provides guidelines on managing risks to help business leaders create and protect entity value through the management of risks in the context of decision making. Originally issued by ISO in 2009, the framework was revised in 2018. The Framework bases the management of risks on principles, a framework, and process.

ISO 31000:2018’s framework consists of eight principles that provide guidance on the characteristics of effective and efficient risk management and they provide the foundation for management risks. The principles highlight that risk management is to be

  1. Integrated across the entity;
  2. Structured and comprehensive to ensure consistency of processes;
  3. Customized to the organization;
  4. Inclusive of knowledge, views and perceptions of key stakeholders;
  5. Dynamic in managing risks that change continually over time;
  6. Based on the best available information to provide timely, clear information to stakeholders;
  7. Developed in light of human and cultural factors that influence the management of risks; and
  8. A continual improvement of the risk management process.

ISO 31000:2018 framework consists of the following risk management processes:

  1. Communication and Consultation:  Emphasizes the importance of promoting awareness and understanding of risk across key stakeholders.
  2. Scope, Context, and Criteria:  Highlights the importance of customizing the risk management process to the organization.
  3. Risk Assessment:  Describes that the risk assessment consists of risk identification, risk analysis, and risk evaluation.
  4. Risk Treatment: Reminds business leaders of the importance of selecting and implementing responses to manage risks.
  5. Monitoring and Review: Emphasizes the importance of improving the effectiveness of the risk management process.
  6. Recording and Reporting:  Highlights the importance of effective communication of risk information for decision-making.

ISO 3100:2018 can be purchased from ISO’s Store website.

Original Article Source:31000:2018 Risk Management-Guidelines“, ISO, 2018

 

More From Enterprise Risk Management Initiative

Side of Hunt

What is Enterprise Risk Management (ERM)?
Executive Perspectives on Top Risks 2024

REPORT: Executive Perspectives on Top Risks for 2024 and a Decade Later
Elona Ruka-Wright

Integrating ERM with Other Risk and Assurance Functions