ISO 31000:2009 — Risk management — Principles and guidelines, provides a set of principles, a framework and a process for managing risk. Using ISO 31000:2009 can help organizations of all sizes increase the likelihood of achieving their objectives, improve the identification of opportunities and threats, and effectively allocate and use resources for risk treatment.
What is Risk
An effect is a deviation from the expected — positive and/or negative. Risk Objectives can have different aspects (such as financial, health and safety, and environmental goals) and can apply at different levels (such as strategic, organization-wide, project, product and process).
Risk is often expressed in terms of a combination of the consequences of an event (including changes in circumstances) and the associated likelihood of occurrence.
ISO 31000 Implementation Steps:
Plan the scope of the ERM initiative and develop common language of risk organization.
Establishing the context of the organization for Risk Analysis, the risk management strategy, framework, and the roles and responsibilities.
Identification of Risks in strategy, processes, functions, locations etc.
Risk Analysis to classify the risks, evaluate the impact and likelihood of occurrence.
Evaluate risks for making further decision as per risk appetite and tolerance levels.
Treatment of Risks, ensure cost-effectiveness of existing controls and introduce risk improvement plan.
Monitor and review risk performance indicators
Report risk performance
- Risk Management Workshop: CUNIX conducts risk management workshop for the awareness of intended audience. Extensive trainings and case studies help audiences to understand the risk management process practically and enables them to establish and spread the culture of risk management in their own organizations.
- Risk Management Consulting: CUNIX consultant will handhold the team at the organization in the journey of establishing risk management process as described in ISO 31000 implementation steps.