Keeping risk management simple – Revised ISO 31000

risk labyrinth blue

The international standard for risk management has been revised. ISO 31000:2018 Risk management – Guidelines helps organisations use risk management principles to improve planning and make better decisions. The standard delivers a clearer and more concise guide to help organisations to:

  • tailor risk management to their needs and objectives
  • use risk management principles to improve planning and make better decisions.

Damage to reputation or brand, cyber crime, political risk and terrorism are some of the risks that organisations must face with increasing frequency. Yesterday’s risk management practices are no longer adequate to deal with today’s threats and they need to evolve. These considerations were at the heart of the revision of ISO 31000, which has just been unveiled to help manage the uncertainty.

The main changes since the previous edition in 2009 include streamlining the content and:

  • a review of the principles of risk management, which are the key criteria for its success
  • a focus on leadership by top management – the standard recommends that top management integrates risk management into all organisational activities, starting with the governance of the organisation
  • greater emphasis on the iterative nature of risk management.

Risk management is an integral part of business

The revised version of ISO 31000 focuses on the integration of risk management with the organisation and the role of leaders and their responsibility. Risk practitioners are often at the margins of organisational management and this emphasis will help them demonstrate that risk management is an integral part of business.

ISO 31000 provides a risk management framework that supports all activities, including decision making across all levels of the organisation. The standard recommends that the framework be integrated with management systems. This will help to ensure consistency and effective management control across all areas including:

  • strategy and planning
  • organisational resilience
  • IT
  • corporate governance
  • HR
  • compliance
  • quality
  • health and safety
  • business continuity
  • crisis management
  • security.

ISO 31000:2018 provides guidelines, not requirements, and isn’t intended for certification purposes. This gives managers the flexibility to implement the standard in a way that suits the needs and objectives of their organisation.

Published in business and ICT.