Every organization, no matter how large or small, knowingly and unknowingly considers risks and makes both formal and informal efforts to mitigate or accept risks. In a world full of uncertainties, systematically addressing and managing risk is critical to the economic performance and professional reputation of your organization. With ISO 31000, an organization can compare their risk management processes with an internationally recognized benchmark to achieve a robust framework for effective risk management and corporate governance.

What is ISO 31000?

ISO 31000:2009 is the international standard developed for managing risk. This document provides an organization with comprehensive principles, guidelines, and process for recognizing, evaluating, and mitigating risk within the organization. Because ISO 31000 applies to most business activities such as, communications, planning, and operations, this framework can be applied to any organization regardless of size, activity, or sector.

While ISO 31000 is not currently for certification, it can be used to supplement your certifiable management system standards. Implementing these best practice recommendations for managing risk within your organization with provide you with better health, safety, and security within the workplace, as well as improved management techniques such as, more efficient decision making and proactive initiatives, all while minimizing loss.

Benefits of ISO 31000 to your Organization

Implementing a defined risk management process will help the organization:

• Improve efficiency and reach the organization’s business objectives
• Better allocate resources to treat risk
• Oversee the risk management process as a whole
• Gain confidence in the organization’s ability to manage risk
• Proactively manage foreseeable risks within particular activities and areas
• Respond to unforeseen changes in an orderly and timely manner
• Improve customer and stakeholder confidence

Additional Documents

The ISO 31000 family can be found at www.iso.org and includes the following documents:

• ISO 31000:2009, Risk Management provides implementation principles and guidelines on risk management.
• ISO Guide 73:2009, Risk management - Vocabulary complements ISO 31000 by providing a collection of terms and definitions relating to the management of risk.
• ISO/IEC 31010:2009, Risk management – Risk assessment techniques focuses on risk assessment. Risk assessment helps decision makers understand the risks that could affect the achievement of objectives as well as the adequacy of the controls already in place. ISO/IEC 31010:2009 focuses on risk assessment concepts, processes and the selection of risk assessment techniques.

SRI Training on Risk Management

SRI now offers a one day public training course, taught by a practicing SRI lead auditor, on the ISO 31000 standard for risk management. This one day course will provide an overview of ISO 31000 and how it can be used to help strengthen your quality management system through application of risk management concepts. The course will include practical examples and offer workshops to give attendees an opportunity to practice the use of risk management techniques. For more information on this and other SRI Training courses visit the SRI Training website: www.SRICourses.com.