#
ISO 31000:2018: Risk management - Guidelines
#
Acronyms, Abbreviations, and Initialisms
#
Overview
ISO 31000 is an international standard that focuses on designing, implementing, and reviewing risk management processes and practices. It is not intended for certification purposes; implementing it does not address specific or legal requirements related to risk assessments, risk reviews, and overall risk management. The standard explains that proper implementation of a risk management process can be used to:
- Create and protect value
- Integrate organizational procedures
- Be part of the decision-making process
- Explicitly address uncertainty
- Be a systematic, structured, and timely risk management program
- Ensure the risk management program is based on the best available information
- Be tailored to the organization's business requirements and actual risks
- Take human and cultural factors into account
- Ensure the risk management program is transparent and inclusive
- Create a risk management program that is dynamic, iterative, and responsive to change
- Facilitate continual improvement and enhancement of the organization
Key components of ISO 31000 are designing, implementing, and reviewing risk management. The key requirement of ISO 31000 is management endorsement, support, and commitment. A key concept in ISO 31000 involves risk management being an embedded component as opposed to a separate activity.