ISO 31000 is intended to be a family of standards relating to Risk Management. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management and has not been developed with the intention for certification.
ISO 31000:2009 provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organization. This approach to formalizing risk management practices will facilitate broader adoption by companies who require an enterprise risk management standard that accommodates multiple ‘silo-centric’ management systems.
The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.
The intent of ISO 31000 is to be applied within existing management systems to formalise and improve risk management processes as opposed to wholesale substitution of legacy management practices. Subsequently, when implementing ISO 31000, attention is to be given to integrating existing risk management processes in the new paradigm addressed in the standard.
ISO 31000:2009 gives a list in order of preference on how to deal with risk:
a) Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk
b) Taking or increasing the risk in order to pursue an opportunity
c) Removing the risk source
d) Changing the likelihood
e) Changing the consequences
f) Sharing the risk with another party or parties(including contracts and risk ﬁnancing)
g) Retaining the risk by informed decision
ABIUD Solutions provides consulting services to design and implement Risk Management for the processes throughout to any kind/type of company and organization.