E-ISO 31000

The framework for managing risk under ISO 31000 is really simple. Once management commitment is established there is a loop of actions that include: 1) design the framework, 2) implement risk management, 3) monitor and review the framework, and 4) continual improvement of the framework.

WHAT IS RISK? EFFECT OF UNCERTAINTY ON OBJECTIVES

• NOTE 1 an effect is a deviation from the expected — positive and/or negative.
• NOTE 2 Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).
• NOTE 3 Risk is often characterized by reference to potential events and consequences, or a combination of these.
• NOTE 4 Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
• NOTE 5 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.

RISK MANAGEMENT IS: The range of activities that an organization intentionally undertakes to understand and reduce these effects.

ISO 31000:2009 GIVES A LIST ON HOW TO DEAL WITH RISK:

• Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk.
• Accepting or increasing the risk in order to pursue an opportunity.
• Removing the risk source.
• Changing the likelihood and consequences.
• Sharing the risk with another party or parties including contracts and risk financing.
• Retaining the risk by informed decision.
• ISO 31000:2009: Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector.
• Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
• However, ISO 31000 cannot be used for certification purposes but does provide guidance for internal or external audit programs. Organization using it can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management and corporate governance.

ISO 31000:2009 is intended to be used by a wide range of stakeholders including:

• those responsible for implementing risk management within their organization;
• those who need to ensure that an organization manages risk;
• those who need to manage risk for the organization as a whole or within a specific area or activity;
• those needing to evaluate an organization’s practices in managing risk; and
• developers of standards, guides, procedures, and codes of practice that in whole or in part set out how risk is to be managed within the specific context of this document

WHAT ARE THE BENEFITS?

• Proactively improve operational efficiency and governance
• Build stakeholder confidence in your use of risk techniques
• Apply management system controls to risk analysis to minimize losses
• Improve management system performance and resilience
• Respond to change effectively and protect your business as you grow

CONCLUSION:

Avoid misunderstandings by using concepts and terms that are well known in the risk management community.

Provide higher quality output: Take advantage of the significant expertise in risk management that the ISO has used in coming up with the standard.

You do not have to manage risks!! SURVIVAL IS NOT COMPULSORY.

The greatest risk of all is not to take the risk at all.