The new Standard goes further and lists the key attributes
of an enhanced risk management framework to assist organizations in measuring
their own performance against.
The five attributes of enhanced risk management listed in
ISO 31000 are:
Continual improvement: Organizations should establish
performance goals, performance measurements and regular reviews. As part of
this performance review, a review of the risk management framework should be
undertaken and refinements documented.
Full accountability for risks: Designated risk owners
should have appropriate authority and delegations to manage risk and be
adequately trained and competent in the risk management process. Their
responsibilities should be clearly defined and communicated via job
descriptions.
Application of risk management in all decision making: Business processes and activities (e.g. meetings) should clearly document, routine and non-routine risk management thinking.
Continual communications: Organizations should have formal risk management reporting processes in place. This includes reporting of “significant risks†and risk treatments.
Full integration in the organization’s governance structure: Organizations need to consider risks at both policy and practice levels. This is achieved by explicitly considering risks and the affect of uncertainty on achieving organizational objectives. Whilst ISO 31000 cannot be used for certification purposes, it does encourage Organizations to benchmark and compare their current risk management practices to the principles, attributes and processes in ISO 31000, identify areas for improvement and develop strategies for improvement.
The implementation of ISO 31000 improves operational
efficiency, governance, and stakeholder confidence in your organization, while
minimizing losses and enhancing risk analysis and risk assessment capacities.
It helps integrate a risk-based decision-making in the culture of your
organization.
It is important to mention that the ISO 31000 guidelines
are applicable to any activity of an organization, and can be customized by any
organization and its context.
PECB Certified ISO 31000 individuals involved in risk
management process of an organization will enable the organization to:
Gain competitive advantage – enhanced risk management
will support achieving goals and objectives
Reduce costs through proper risk management
Respond to change effectively and find viable solutions
Create and protect value
Increase the likelihood of achieving objectives
Productively identify the opportunities and threats
Identify and mitigate the risk throughout the
organization
Gain stakeholder confidence and trust
Create a consistent basis for decision making and planning
Proactively improve operational efficiency and governance
Build stakeholder confidence in your use of risk
techniques
Apply management system controls to risk analysis to
minimize losses
Improve management system performance and resilience
Respond to change effectively and protect your business as you grow
User questions & answers