The International Organization for Standardization developed the ISO 31000 family of standards with the intention of creating a set of guidelines and principles in dealing with an organization's management of risk. ISO 31000:2009 provides these general principles and guidelines for risk management. ISO 31000 intends to create a paradigm that is recognized universally by companies and practitioners, developing and employing the process of risk management as a replacement to an array of methodologies, processes and standards that varied from industry to industry and country to country. The ISO 31000 family currently includes, ISO 31000, which examines the principles and guidelines of risk management implementation. The IEC 31010, details risk assessment and management techniques and ISO 73, which is the guide to the standard vocabulary of risk management.

ISO 31000 is intended to provide practical principles and aid organizations in creating a process and framework for managing their risk factors in a systematic, credible and transparent fashion. ISO 31000 is not a set of standards that organizations can become certified in. Rather it is a practical set of guidelines designed to assist organizations in the implementation of responsible risk management, to ensure that the individuals who need to manage risk and in fact doing so, to evaluate an organization's risk management practices, and to assist in the development of codes, standards and procedures as they relate to risk management.

In implementing ISO 31000, risk management procedures can be compared within an organization against a set of recognized international benchmarks. This provides for the development of sound principles and effective risk management. In addition to ISO 31000, the ISO Guide 73, further ensures that any organization is on the same page in discussing risk management.

Background

First published on November 13, 2009 ISO 31000 establishes a standard for risk management implementation. ISO Guide 73 harmonizes and revises the vocabulary of risk management and was also published in November 2009. ISO 31000:2009’s function is to adaptable and applicable to any individual, group, association or any private, public or community enterprise. ISO 31000 was not developed with any specific field of study, industry or management system in mind. The ISO 31000 standards family’s goals are to provide best of practices, guidelines and structure where all risk management operations are concerned.

Scope

ISO 31000 sets a guideline for the design and implementation risk management, as well as, outlining its maintenance within an organization. With the practices of risk management formalized the adoption of risk management standards that accommodate companies who need ‘silo-centric’ enterprise management system will be greater, than previously experienced. ISO 31000’s enables the strategic management of an organization’s operational tasks within its processes, projects, and functions to align all of the objectives of risk management. ISO 3100 is designed to aid organizations in the increase of reaching objectives, promote a more proactive management, identify risk and treat it appropriately, improve the identification of threats and opportunities, help in the compliance of regulations and legal requirements. ISO 31000 is also intended to improve governance and financial reporting, increase stakeholder trust, create a reliable standard for planning and decision making, improve organizational controls, effectively manage risk treatment resources, increase operational efficiency, improve health and safety, improve environmental protection, improve incident management and loss prevention, increase learning and resilience within the organization.

Implementation

ISO 31000’s intent is to be incorporated within the management systems currently in place and to improve risk management. This is done by the formalizing the processes rather than through a complete overhaul of legacy practices; by aligning organizational objectives, embedding systematic reporting mechanisms, and the creation of uniform evaluation metrics.