E-ISO 31000

Over 80 separate ISO and IEC Technical Committees are addressing aspects of risk management

  • 27 June 2002, ISO/IEC Guide 73, Risk Management – Vocabulary” published.
  • November 2009 ISO 31000, ISO Guide 73 & IEC 31010 published.

The reason a lot of people are excited about ISO 31000 is that it brings together a global consensus on risk management condensed into about few pages of information. All forms of risks such as financial, security, safety, health, and environment are included. “Not pursuing an opportunity” is also a risk. According to the standard, the risk is not always negative, but simply viewed as the “effect of uncertainty on the achievement of objectives.”

ISO 31000 is the international standard for risk management. Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty.

Whilst all organizations manage risk to some extent, this international standard’s best-practice recommendations were developed to improve management techniques and ensure safety and security in the workplace at all times.


The framework for managing risk under ISO 31000 is really simple. Once management commitment is established there is a loop of actions that include: 1) design the framework, 2) implement risk management, 3) monitor and review the framework, and 4) continual improvement of the framework.


  • NOTE 1 an effect is a deviation from the expected — positive and/or negative.
  • NOTE 2 Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).
  • NOTE 3 Risk is often characterized by reference to potential events and consequences, or a combination of these.
  • NOTE 4 Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
  • NOTE 5 Uncertainty is the state, even partial, of deficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood.

RISK MANAGEMENT IS: The range of activities that an organization intentionally undertakes to understand and reduce these effects.


  • Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk.
  • Accepting or increasing the risk in order to pursue an opportunity.
  • Removing the risk source.
  • Changing the likelihood and consequences.
  • Sharing the risk with another party or parties including contracts and risk financing.
  • Retaining the risk by informed decision.
  • ISO 31000:2009: Risk management – Principles and guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector.
  • Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
  • However, ISO 31000 cannot be used for certification purposes but does provide guidance for internal or external audit programs. Organization using it can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management and corporate governance.

ISO 31000:2009 is intended to be used by a wide range of stakeholders including:

  • those responsible for implementing risk management within their organization;
  • those who need to ensure that an organization manages risk;
  • those who need to manage risk for the organization as a whole or within a specific area or activity;
  • those needing to evaluate an organization’s practices in managing risk; and
  • developers of standards, guides, procedures, and codes of practice that in whole or in part set out how risk is to be managed within the specific context of this document


  • Proactively improve operational efficiency and governance
  • Build stakeholder confidence in your use of risk techniques
  • Apply management system controls to risk analysis to minimize losses
  • Improve management system performance and resilience
  • Respond to change effectively and protect your business as you grow


Avoid misunderstandings by using concepts and terms that are well known in the risk management community.

Provide higher quality output: Take advantage of the significant expertise in risk management that the ISO has used in coming up with the standard.

You do not have to manage risks!! SURVIVAL IS NOT COMPULSORY.

The greatest risk of all is not to take the risk at all.

how can we help you?

Please get in touch with our expert team and start your certification journey

[wpb-pcf-button id=”1178″ text=”Contacts”]