ISO 31000 is a practical document that seeks to assist organizations in developing their own approach to the management of risk. But this is not a standard that organizations can seek certification to. By implementing ISO 31000, organizations can compare their risk management practices with an internationally recognized benchmark, providing sound principles for effective management. ISO Guide 73 will further ensure that all organizations are on the same page when talking about risk.
ISO 31000 is designed to help organizations:
1. Increase the likelihood of achieving objectives
2. Encourage proactive management
3. Be aware of the need to identify and treat risk throughout the organization
4. Improve the identification of opportunities and threats
5. Comply with relevant legal and regulatory requirements and international norms
6. Improve financial reporting
7. Improve governance
8. Improve stakeholder confidence and trust
9. Establish a reliable basis for decision making and planning
10. Improve controls
ISO 31000 is intended to be a family of standards relating to risk management codified by the International Organization for Standardization. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions.
Currently, the ISO 31000 family is expected to include:
- ISO 31000: Principles and Guidelines on Implementation