World Library  
Flag as Inappropriate
Email this Article

Iso 31000

Article Id: WHEBN0023440695
Reproduction Date:

Title: Iso 31000  
Author: World Heritage Encyclopedia
Language: English
Subject: Risk management, ISO/IEC 31010, Risk management tools, ISO/PAS 28000, Risk
Collection: 2009 Introductions, Iso Standards, Project Management, Risk Management
Publisher: World Heritage Encyclopedia

Iso 31000

ISO 31000 is a family of standards relating to International Organization for Standardization. The purpose of ISO 31000:2009 is to provide principles and generic guidelines on risk management. ISO 31000 seeks to provide a universally recognised paradigm for practitioners and companies employing risk management processes to replace the myriad of existing standards, methodologies and paradigms that differed between industries, subject matters and regions.

Currently, the ISO 31000 family is expected to include:

  • ISO 31000:2009 - Principles and Guidelines on Implementation[1]
  • ISO/IEC 31010:2009 - Risk Management - Risk Assessment Techniques
  • ISO Guide 73:2009 - Risk Management - Vocabulary

ISO also designed its ISO 21500 Guidance on Project Management standard to align with ISO 31000:2009.[2]


  • Introduction 1
  • Scope 2
  • Risk conceptualisation 3
  • ISO 31000 framework approach 4
  • Implementation 5
  • Implications 6
  • Managing risk 7
  • Accreditation 8
  • See also 9
  • References 10
  • External links 11


ISO 31000 was published as a standard on the 13th of November 2009, and provides a standard on the implementation of risk management. A revised and harmonised ISO/IEC Guide 73 was published at the same time. The purpose of ISO 31000:2009 is to be applicable and adaptable for "any public, private or community enterprise, association, group or individual."[3] Accordingly, the general scope of ISO 31000 - as a family of risk management standards - is not developed for a particular industry group, management system or subject matter field in mind, rather to provide best practice structure and guidance to all operations concerned with risk management.


ISO 31000:2009 provides generic guidelines for the design, implementation and maintenance of risk management processes throughout an organization. This approach to formalizing risk management practices will facilitate broader adoption by companies who require an enterprise risk management standard that accommodates multiple ‘silo-centric’ management systems.[4]

The scope of this approach to risk management is to enable all strategic, management and operational tasks of an organization throughout projects, functions, and processes to be aligned to a common set of risk management objectives.

Accordingly, ISO 31000:2009 is intended for a broad stakeholder group including:

  • executive level stakeholders
  • appointment holders in the enterprise risk management group
  • risk analysts and management officers
  • line managers and project managers
  • compliance and internal auditors
  • independent practitioners.

Risk conceptualisation

One of the key paradigm shifts proposed in ISO 31000 is a controversial change in how risk is conceptualised. Under the ISO 31000:2009 and a consequential major revision of the terminology in ISO Guide 73, the definition of "risk" is no longer "chance or probability of loss", but "the effect of uncertainty on objectives" ... thus causing the word "risk" to refer to positive possibilities as well as negative ones.

ISO 31000 framework approach

ISO 31000:2009 has been received as a replacement to the existing standard on risk management, AS/NZS 4360:2004 (In the form of AS/NZS ISO 31000:2009). Whereas the Standards Australia approach provided a process by which risk management could be undertaken, ISO 31000:2009 addresses the entire management system that supports the design, implementation, maintenance and improvement of risk management processes.


The intent of ISO 31000 is to be applied within existing management systems to formalise and improve risk management processes as opposed to wholesale substitution of legacy management practices. Subsequently, when implementing ISO 31000, attention is to be given to integrating existing risk management processes in the new paradigm addressed in the standard.

The focus of many ISO 31000 'harmonisation' programmes[5] have centred on:

  • Transferring accountability gaps in enterprise risk management
  • Aligning objectives of the governance frameworks with ISO 31000
  • Embedding management system reporting mechanisms
  • Creating uniform risk criteria and evaluation metrics


Most implications for adopting the new standard concern the re-engineering of existing management practices to conform with the documentation, communication and socialisation of the new risk management operating paradigm; as opposed to wholesale re-orientation of management practice throughout an organisation. Accordingly, most senior position holders in an

  • Standard International Organization for Standardization
  • Standard AS/NZS ISO 31000:2009 Risk management - Principles and guidelines
  • Discussion : LinkedIn discussion forum on ISO 31000:2009 Risk management - Principles and guidelines
  • Article ISO 31000 : The Gold Standard, Alex Dali and Christopher Lajtha, Strategic Risk, September 2009
  • Presentation Présentation Powerpoint par Kevin W Knight, Chairman du comité international ISO 31000,2004-2011 LINK NOT WOKING

External links

  • Airmic / Alarm / IRM (2010) "A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000"
  1. ^ National Standards Authority of Ireland
  2. ^ "New ISO standard on project management".  
  3. ^ ISO 31000 catalogue
  4. ^ ISO 31000 Update
  5. ^ ISO 31000 update: What it means to C-Suite Risk Owners
  6. ^ Implications for ISO adoption


See also

Starting from March 2013, accreditation and certification of Professional Certificate Lead Trainer & Consultant for ISO 31000 would be organized and conferred by Academy of Professional Certification (APC, in Hong Kong. APC is an authorized representative of ISO/TC262 for HKSAR Hong Kong. (2013)

ISO 31000 has not been developed with the intention for certification. (2009)


  1. Avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk
  2. Accepting or increasing the risk in order to pursue an opportunity
  3. Removing the risk source
  4. Changing the likelihood
  5. Changing the consequences
  6. Sharing the risk with another party or parties (including contracts and risk financing)
  7. Retaining the risk by informed decision

ISO 31000:2009 gives a list on how to deal with risk:

Managing risk

In some domains that concern risk management, in particular security and corporate social responsibility, which may operate using relatively unsophisticated risk management processes, more material change will be required, particularly regarding a clearly articulated risk management policy, formalising risk ownership processes, structuring framework processes and adopting continuous improvement programmes.

Certain aspects of top management accountability, strategic policy implementation and effective governance frameworks, will require more consideration by organisations that have previously used now redundant risk management methodologies.


This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Hawaii eBook Library are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.